Novo Industries
Novo Industries / Novo Agents

Novo Agents Privacy Policy

How Novo Agents processes data for the hosted agent API and console.

Last updated: May 29, 2026

Novo Agents Privacy Policy

Effective date: May 29, 2026

Novo Industries, Inc. operates Novo Agents, a hosted managed agent service for developers. Customers use the server-only novoagents SDK or the Novo Agents HTTP API to create agents, threads, runs, managed capabilities, and outbound adapters.

Information we collect

  • Account and workspace information for the Novo Agents console, including email address, WorkOS user and organization identifiers, role, and workspace name.
  • API and SDK resource data such as agents, threads, runs, capability configuration, API keys, environments, tool servers, result handlers, event sinks, billing wallet state, usage metadata, and idempotency keys.
  • Runtime data needed to operate runs, including model inputs and outputs, tool calls, managed-tool results, encrypted thread snapshots, workflow status, usage metering, and operational logs.
  • Billing data processed through Stripe. Novo does not store full card numbers.
  • Customer adapter data needed to dispatch signed calls to customer-owned environments, MCP servers, result handlers, event sinks, and tool approval hooks.

Customer-owned plane

Novo Agents is designed so customers own the clean transcript, application UI, files, tool backends, result storage, and event sink. Novo owns the hosted workflow, agent loop, managed model calls, encrypted snapshots, billing, and realtime stream delivery.

Provider API keys used by Novo for managed model calls stay in the Novo workflow worker and are not sent to customer environments. Customer adapter secrets are encrypted at rest and decrypted only when dispatching to the configured adapter.

How we use information

We use information to provide the service, authenticate API and console requests, run hosted agent workflows, execute managed tools, meter usage, bill workspaces, prevent abuse, troubleshoot reliability issues, and send service notices.

We do not sell personal information. We do not use Customer Data to train or improve AI models that Novo develops or fine-tunes.

Authentication

The public API uses bearer API keys scoped to a workspace. The console uses WorkOS AuthKit for user sessions, organization membership, Magic Auth, OAuth, passkeys, and related identity features.

AI and media processing

Novo Agents routes prompts, inputs, and managed-tool payloads to AI and media providers only as needed to perform requested work. Current subprocessors are listed at Novo Agents subprocessors.

Retention

Resource metadata is retained while the workspace is active. Thread continuation snapshots are stored as opaque encrypted runtime state. Generated media artifacts and signed URLs follow the retention windows documented in the product. Operational logs are retained for troubleshooting and security for limited periods. Billing records may be retained as required by law.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of personal information. To exercise rights, email privacy@novoindustries.co.

International transfers

Novo Agents is operated from the United States. Where required, we rely on Standard Contractual Clauses, the UK International Data Transfer Agreement, Data Privacy Framework certifications, and other lawful transfer mechanisms.

Security

More detail is available at Novo Agents Security.

Contact

Privacy requests: privacy@novoindustries.co Security reports: security@novoindustries.co Mail: Novo Industries, Inc., Wilmington, Delaware, United States