Privacy Policy

Last updated: September 21, 2025

Welcome to Noble Reviews and our website at https://noblereviews.io/. At Noble Reviews, we take the protection of your data seriously. This policy explains what we collect, why we collect it, and how we use it.

The Basics

What law applies

Our use of your personal data is subject to the Danish Data Protection Act, “Databeskyttelsesloven” (DPA), and the EU General Data Protection Regulation (GDPR). We also serve users in the United States. We do not meet CCPA or CPRA thresholds.

What is personal data

Personal data means any information that relates to an identified or identifiable person, for example name, email, IP address, device identifiers, and billing details.

What is processing

Processing means any operation performed on personal data, for example collecting, storing, using, or deleting it.

Who is responsible

Controller: Noble Reviews, CVR 45764273, Grete Loechtes Gade 1, Denmark
Privacy email: [email protected]
Privacy contact person: Nicolai, [email protected]

What We Collect And Why

Data you provide to us

  • Contact data: name, email, message content when you contact us.
    Purpose: respond to inquiries.
    Legal basis: consent and legitimate interest.
  • Account data if you create an account: name, username, email, password.
    Purpose: create and maintain your account, provide services.
    Legal basis: contract and legitimate interest.
  • Billing and purchase data: amounts, currency, tokens from our payment processor, billing email, and any tax identifiers you provide.
    Purpose: take payment, issue invoices, prevent fraud, comply with law.
    Legal basis: contract and legal obligation.

Data we collect automatically

Log and device data: IP address, browser type, device and OS, pages viewed, timestamps, referring URL.
Purpose: security, service operation, troubleshooting, high level analytics.
Legal basis: legitimate interest.

Cookies

We will publish a separate Cookie Policy and consent mechanism. Until then we only use essential cookies needed to provide the site. Non-essential cookies, if any, will only run with your consent.

Payments

Payments are processed by Stripe. Stripe is an independent controller for payment data you submit on its forms. We do not have access to your full card details. Legal basis: contract and legal obligation.

Using Our Services For Your Customers

When you use Noble Reviews to request and manage customer reviews, you are the data controller for your customers’ data and we act as your data processor under GDPR Chapter 4. We process that data only on your documented instructions and only for the agreed purposes. You must ensure you have a lawful basis to contact your customers and, where required, valid opt-ins. A Data Processing Agreement is available on request and is incorporated by reference into our service terms.

Service Providers

We use trusted providers to operate our site and services. They process data on our behalf and only as instructed.

  • HighLevel, platform and CRM services used to operate review management workflows
  • Stripe, payments

We maintain an up to date list of sub-processors and will notify you of material changes where required.

International Transfers

Some providers are located outside the EEA, for example in the United States. Where data is transferred internationally, we rely on appropriate safeguards, typically the European Commission’s Standard Contractual Clauses, and implement reasonable technical and organizational measures.

How Long We Keep Data

  • Contact inquiries: up to 12 months
  • Account and service data: for the life of the account, then up to 24 months for logs and backups
  • Billing and invoices: for the period required by law, typically 5 to 10 years depending on the record

Security

We use SSL or TLS to protect data in transit. Access to systems is limited to personnel who need it. We apply technical and organizational measures that are reasonable for a business of our size and risk profile. No method of transmission or storage is fully secure. If a breach occurs, we will notify affected users as required by law.

Do We Sell Data

No, we do not sell personal information.

Minors

Our services are not directed to individuals under 16. If you believe a minor has provided us data, contact us and we will delete it.

Automated Decision Making

We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.

Your Rights

Under the DPA and GDPR you have the right to access, rectification, erasure, restriction, portability, and to object to processing, and the right to withdraw consent at any time. To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with the Danish Data Protection Agency.

Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby, Denmark
https://www.datatilsynet.dk

Changes

We may update this policy when needed. The version and date appear at the top.