Privacy Policy
BRBR GROUP LLC (“Notivo”, “we”, “our” or “us”) is a private memory layer for people management. This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights you have. It applies to notivo.com, the Notivo application at app.notivo.com, and related services (together, the “Service”).
1. Who we are
The data controller responsible for your personal data is BRBR GROUP LLC, a limited liability company formed in the State of Wyoming, USA, based in Sheridan, Wyoming. You can reach us at hello@notivo.com for any privacy question or to exercise your rights.
2. A note on what you record about other people
Notivo is a manager’s private notebook. When you write notes, you may record information about other people, such as members of your team, colleagues or contacts (“Subjects”). This is your content, and you control it.
- For the notes and observations you create, you (or your organization) act as the controller of that content, and Notivo acts as a processor handling it on your behalf.
- You are responsible for recording information lawfully, fairly and for legitimate management purposes (capturing your own observations, not covert surveillance), and for any notices or legal bases your local law requires toward the Subjects you write about.
- Notes are private to your account by default. Notivo does not show your notes to the Subjects, and does not sell or share your notes for advertising.
If you use Notivo as part of an organization that has signed a Data Processing Agreement with us, that agreement governs how we process content on the organization’s behalf. See our Data Processing page.
3. Information we collect
Information you provide
- Account information: your name, email address and authentication credentials (or your Google sign-in identifier).
- Profile and billing information: optional details such as role or company, and, for paid plans, billing details handled by our payment processor.
- Your content: the notes, tags, people, tasks and related entries you create, including information you choose to record about Subjects.
- Communications: messages you send us (for example, support requests).
Information collected automatically
- Device and connection data: IP address, browser and operating system, and similar technical data.
- Usage data: features used and actions taken, used to operate, secure and improve the Service.
- Cookies and similar technologies: see our Cookie Policy.
4. How and why we use your information
We process personal data on the following bases:
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide, maintain and secure the Service, and store your notes | Performance of a contract |
| Authenticate you and prevent fraud or abuse | Legitimate interests; legal obligation |
| Provide customer support | Performance of a contract; legitimate interests |
| Improve and develop the Service (aggregated, non-content analytics) | Legitimate interests |
| Process payments for paid plans | Performance of a contract |
| Send service and, where permitted, product emails | Legitimate interests; consent where required |
We do not use the content of your notes to serve advertising, and we do not sell your personal data.
5. AI features and automatic insights
Notivo can turn your notes into insights (themes, sentiment, suggested follow-ups) and let an assistant answer from your own notes. How this works depends on your plan, and it is designed to keep your most sensitive content out of any third party.
- Basic insights (all plans). Simple, rules-based analysis that runs on our own systems. No note content is sent to any third-party AI provider for this.
- AI insights (paid plans, when enabled). On paid plans (Plus and Pro) with AI insights turned on, the title and text of each note you save are sent automatically (in the background, not only when you press a button) to Google Cloud Vertex AI (Gemini) to derive your private insights. The on-demand assistant (recaps, preparing for a conversation) also processes the relevant notes through the same provider when you use it.
For all AI processing:
- Only for you. The results are private to your account (owner-only). They are not shared with anyone else and are not combined across users.
- Not used for training. Your content is used only to generate your own insights. It is not used to train Google’s or any other third-party foundation models, and it is not used for any other purpose. Google Cloud Vertex AI is an enterprise service governed by the Google Cloud terms, which are distinct from the consumer Gemini app.
- Black Box stays out. Notes you place in the Black Box are never sent to any AI provider. They are excluded by design and kept out of insights, search and the assistant until you unlock them.
- Your choice. This processing only happens after you explicitly accept it. You can decline, or turn it off later, and keep full use of Notivo with basic rules-based insights only.
- Security, stated plainly. Note content sent for AI is protected in transit and access-controlled, but regular notes are not end-to-end encrypted. Only the Black Box is. Use the same judgment you would with any cloud tool.
- Retention. An insight record lives alongside the note it came from, updates when you edit the note, and is deleted when you delete the note or within 30 days of closing your account.
Connecting an AI assistant to Notivo (AI Capture)
You can connect an AI assistant such as Claude or ChatGPT to Notivo so you can save a plan straight from the chat by saying @notivo. This is optional, and saving from a chat is part of a paid plan (setting your topics and pasting a plan by hand are free). When you connect, Notivo acts as the authorization server: you grant a scoped connection through a standard OAuth flow, tied to your account so no one else can use it. Here is exactly what that connection can and cannot do.
- What the connection can access. It exposes three tools to your assistant: one to save a plan you point at as a note, one to save a note about a person you name, and one to list the names of the topics you have set so the assistant knows where a plan belongs. It saves the text you explicitly direct it to save, which may include the people and topics you include in it, and it returns your topic names and a save confirmation to your assistant so it can route the plan.
- What it cannot access. The connection is save-only. It does not read your existing notes back to the assistant, it does not receive or save your whole conversation or chat history, it never accesses the Black Box vault, and it never rates or scores any person. It acts only when you point at a plan.
- Connection credentials. Notivo issues a connection credential (an OAuth access token, plus a refresh token to keep the connection alive) scoped only to the save and list-topics functions above, following least-privilege. We never receive or store your Claude or ChatGPT account password, one-time codes, or API keys. You can revoke the connection at any time in Notivo under Settings, then AI Capture, or in your assistant’s own connector settings; revoking it deletes the stored tokens.
- What is saved, and for how long. A plan you save through the connection becomes a regular Notivo note, private by default and scoped to your own account, kept and deleted on the same terms as any other note (see section 8). It is not end-to-end encrypted; only the Black Box is. Connection tokens are kept until you revoke the connection or close your account, then deleted.
6. How we share information
We share personal data only as needed to run the Service:
- Service providers (sub-processors): for cloud infrastructure, hosting, error monitoring, email delivery, payments and AI features. Our infrastructure runs primarily on Google Cloud / Firebase. A current list of sub-processors is on our Data Processing page.
- Legal and safety: where required by law, or to protect the rights, safety and security of Notivo, our users or the public.
- Business transfers: in connection with a merger, acquisition or sale of assets, subject to this Policy.
We do not sell your personal data, and we do not share your notes for advertising.
7. International data transfers
We are based in the United States and use service providers in the United States and other countries. Where we transfer personal data of individuals in the European Economic Area, the United Kingdom or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses. If we become required to appoint a representative in the EU or the UK under Article 27 of the GDPR / UK GDPR, we will designate one and update this Policy with their contact details; until then, individuals in those regions can reach us directly at hello@notivo.com.
8. How long we keep your information
| Category | Retention |
|---|---|
| Account data | For the life of your account, then deleted within 30 days of closure |
| Your content (notes, people, tags) | Until you delete it, or within 30 days of account closure |
| Operational and security logs | Up to 90 days |
| Billing and tax records | As required by law (typically up to 7 years) |
You can delete individual notes at any time, and you can ask us to delete your account and content as described below.
9. How we protect your information
We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, scoped per-user data isolation, and authenticated access. No method of transmission or storage is perfectly secure, but we work to protect your information and to limit access to it.
10. Your rights (EEA / UK)
If you are in the EEA or the UK, you have the right to access, correct, delete, port, restrict and object to the processing of your personal data, and to withdraw consent where processing is based on consent. You may also lodge a complaint with your local supervisory authority. To exercise any right, contact hello@notivo.com; we respond within the timeframes required by law (generally within one month).
Where you have recorded information about a Subject, requests from that Subject about your notes are generally directed to you (or your organization) as the controller; we will assist as a processor where required.
11. Your rights (United States)
Depending on your state of residence (for example California, Virginia, Colorado, Connecticut, Utah, Texas and a growing number of others), you may have the right to know what personal information we collect and why, to access, correct, delete and obtain a portable copy of it, to opt out of any “sale” or “sharing” of personal information or targeted advertising, and not to be discriminated against for exercising these rights. We do not sell or “share” your personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA and similar state laws. To exercise any of these rights, contact hello@notivo.com; we may first need to verify your identity.
12. International users and your local rights
Notivo is offered worldwide. We have built our privacy practices around the GDPR as a baseline and apply them to all users, wherever you are. If your country or region has its own data protection law, such as the UK, Switzerland, Canada, Brazil, Australia, Japan, South Korea, India, South Africa or others, you may have additional or different rights under that law, which you can exercise by contacting hello@notivo.com. Where the mandatory provisions of your local law differ from this Policy, your local law applies.
13. Children
Notivo is a professional tool intended for adults. It is not directed to children under 13, and you must be at least 18 years old to use it. We do not knowingly collect personal data from children.
14. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised Policy.
15. Contact us
Questions about this Policy or your personal data? Email us at hello@notivo.com or write to BRBR GROUP LLC, Sheridan, Wyoming, USA.