Privacy Policy｜NOVAKVM

NOVAKVM Inc. (hereinafter referred to as "the Company", "we" or "NOVAKVM") hereby declares: As an underlying computing infrastructure provider, our commitment to privacy is based on the physical hardware isolation level, not just on the software protocol level. This Privacy Policy fully describes what data we collect, how we use it, and what data we have unbreakable physical access restrictions to. By accessing this website or subscribing to any service, you fully accept all the terms of this policy.

PRIV_01

Introduction and scope of application

This Privacy Policy applies to your access to and use of the NOVAKVM website, Console, and all Apple Silicon Bare Metal node rental services we provide. By visiting our website or subscribing to our services, you consent to the data processing operations described in this policy.

NOVAKVM reserves the right to unilaterally modify this Privacy Policy at any time. The revised terms will take effect immediately upon being published on the website.We are under no obligation to separately notify you of changes.It is your responsibility to check this page regularly.

PRIV_02

Types of information collected

In order to provide you with legal, stable and secure cloud infrastructure, we only collect the following necessary information:

Account information:Includes your email address, console username, and necessary identifiers synced through a third-party authentication provider (e.g., GitHub, Google).
Billing and payment information:Include the billing address and credentials required by the payment gateway. We do not store your full credit card number directly, the data is held encrypted by a compliant third-party payment processor (such as Stripe).
Technical configuration information:As you inject into the consoleSSH public key, API Token and other network access credentials.
System logs and telemetry data:When you access the console or schedule resources through the API, we collect the source IP address, request timestamp, operation type (such as Power On / Shutdown).

We clearly state:We do not collect, analyze, or read any business data, code, or files stored on your node's SSD.

PRIV_03

Hardware isolation and zero trust (core principles)

Since NOVAKVM providesPurely physical Bare Metal service, our guarantee of data privacy is based on the physical layer boundary that cannot be bypassed.

usUnablealsoNeverAccess, review, or monitor any code, files, processes, or business data stored on the Mac mini SSD you rent. This is an absolute physical limit, not a mere contractual commitment.

After the node is delivered, you will be given the highest administrator (Root) rights on the system. Native via Apple hardwareSecure EnclaveTechnology, your data is protected by hardware-level encryption, and even the operation and maintenance personnel in the computer room cannot bypass authentication and read your disk contents.

PRIV_04

Data processing and use

We will only use the limited personal and telemetry data collected for the following purposes and will not make any use beyond the scope:

Automatically deliver, orchestrate and configure your physical nodes and network routes.
Process your subscription payments and generate billing records.
Conduct traffic analysis and security defense when encountering DDoS attacks or network congestion.
Respond to your technical support requests through the support ticket system.

PRIV_05

Data retention and physical level erasure

The life cycle of your business data stored on physical machines is strongly bound to the subscription cycle.You are and only you are solely responsible for the backup of data on your nodes.

Once your subscription expires and is not renewed, the arrears are collected, or you actively perform the "Release Node" operation on the console, the MDM orchestration system will immediately issue theU.S. Department of Defense DoD 5220.22-M StandardSecure Erase command. Encryption keys will be destroyed and the NVMe SSD will be irreversibly overwritten. This process cannot be undone and NOVAKVM assumes no liability for any data loss resulting from erasure.

PRIV_06

Third-party services and sharing

We do not sell your personal information. We only share the minimum necessary data with trusted third-party infrastructure and service providers when necessary:

Payment gateway:Such as Stripe, Coinbase Commerce, etc., used to handle payment verification and billing transactions.
Data center operator:When performing physical network penetration and BGP route advertisement, necessary information at the IP level is involved (no data at the disk level is involved).
Compliance requirements:We may legally disclose registration information related to a console account only upon receipt of a valid and lawful court subpoena or search warrant.

PRIV_07

Your rights and choices

Under applicable data protection laws (such as GDPR or CCPA), youPersonal data held at console levelEnjoy the following rights:

Request access to a copy of the data we hold about your console account.
Request that any inaccurate account information be corrected.
Request deletion of your console account at any time.

An account deletion request will automatically trigger the DoD-level secure destruction protocol of all physical nodes under your name, and this operation is irreversible. NOVAKVM is not responsible for any data loss caused by account cancellation. The above rights only apply to metadata at the console account level and do not apply to business data on your node disks (we cannot access the latter at the physical level).

PRIV_08

Contact us

If you have any questions about this Privacy Policy or NOVAKVM’s hardware privacy boundaries, please contact our Security Compliance Team at.All formal privacy requests must be submitted through the console ticket system to verify account ownership.

Email: support@novakvm.com

GPG Key: Can be requested via Console Ticket.

Response time:Reply within 5 business days. NOVAKVM reserves the right to deny any request where account ownership cannot be verified.

PrivacyPolicy.