Noladi
Back to home

Privacy Policy

Noladi LTDA · CNPJ 67.058.414/0001-42

Last updated: June 20, 2026

1. Who we are and our roles

Noladi is a white-label SaaS platform that provides online class infrastructure (live classroom, recording, and AI-generated post-class reports) for Organizations (schools, institutions, and independent teachers) to serve their own Students. This Policy describes how we collect, use, store, and protect personal information, in compliance with Brazil's General Data Protection Law (LGPD, Law No. 13,709/2018).

We act in two distinct roles: (i) as Controller, in relation to the data of the Organization that owns the account and its use of the service (registration, billing, support); and (ii) as Operator, in relation to the data of Students registered by the Organization, which is processed on the Organization's behalf (Controller) and according to its instructions, exclusively for the provision of the service. The Organization is responsible for the lawfulness of the collection, for the applicable legal basis, for obtaining and archiving consents (including from Legal Guardians when the Student is under 18), and for responding to the data subjects' rights provided for in the LGPD.

2. Data we collect

We collect the following categories of data:

  • Teacher account data: name, email, phone, and organization details (legal name, address, tax regime) when creating an account;
  • Student account data: name, email, and other information entered by the teacher for pedagogical and financial management;
  • Class data: teacher and student audio captured separately, class video, whiteboard content, and real-time chat messages;
  • Post-class pipeline data: AI transcripts (with per-speaker timestamps), identified vocabulary, speech metrics (words per minute, talk time), corrections, and pedagogical reports;
  • Usage data: pages visited, actions performed, logs, and IP address;
  • Payment data: billing information processed by our payment partner (we do not store card numbers);
  • Cookies and tracking: as described in the cookies section below.

3. How we use your data

We use the collected data to:

  • Provide and operate the live classroom, recording, and post-class pipeline;
  • Process audio to generate transcripts, vocabulary, metrics, and pedagogical reports;
  • Authenticate your access and protect account security;
  • Process subscription payments and issue invoices;
  • Send transactional communications (class notifications, security alerts, receipts);
  • Send marketing communications only with consent;
  • Comply with legal and regulatory obligations.

4. Sharing and sub-processors

We do not sell your data. We do not rent it, transfer it, trade it, license it for targeted advertising, and we do not train public models with your content. To deliver the service, we rely on specialized operators acting under our guidance, without prolonged storage and without using your data for any purpose of their own. We share data only with:

  • Infrastructure providers: cloud, database, and media storage services, under confidentiality agreements;
  • Payment processing: an external operator that handles recurring subscription charges;
  • Real-time media and recording: operators responsible for video, audio, and whiteboard transmission during the live class and, at peak times, for composite recording of the room. The final recording is moved to our storage at the end of the session;
  • Automated transcription and language models: operators that transcribe the audio and generate the post-class report from the transcript. We transmit only the necessary content, with contractual obligation not to retain the material after processing, and we disable training usage whenever the provider allows;
  • Legal obligations: public authorities when required by law or court order;
  • Business succession: in the event of a merger, acquisition, or asset sale, with prior notice to teachers.

The named, up-to-date list of operators is available upon request through our privacy contact channel. We reserve the right to add or replace operators without individual notice; material changes will be communicated as described in the 'Changes to this Policy' section.

5. Cookies and similar technologies

We use cookies and similar technologies to:

  • Maintain your authenticated session on the platform;
  • Remember your preferences (theme, language);
  • Analyze service usage and performance.

You can configure your browser to refuse cookies, but this may prevent some platform features from working correctly.

6. Data retention

Teacher account data is retained for as long as the subscription is active. After cancellation, we keep data for up to 30 days for potential reactivation or export by the teacher; afterwards it is permanently removed, except where retention is required by a legal obligation.

Raw audio and class recordings are retained for up to 6 months and then automatically deleted. Consolidated videos, transcripts, vocabulary, and reports remain available while the account is active and may be deleted by the teacher at any time.

7. Security

We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, destruction, or alteration, including encryption in transit (TLS) and at rest, per-Organization data isolation (multi-tenancy with separate databases), role-based access control, and continuous infrastructure monitoring.

The Organization is equally responsible for security within its environment: it must protect the credentials of its Teachers and Students, restrict access to authorized persons, and notify Noladi within 24 hours of becoming aware of any incident, leak, or suspected data compromise, as detailed in the Terms of Use (Section 8). Upon receipt of the notification, Noladi will assess the case and take the appropriate measures within its sphere, without prejudice to the Organization's own obligations toward the ANPD and affected data subjects.

8. Minors Under 18

Noladi is intended for use by persons over 18 years old. We do not directly register underage Students nor request documents for age verification.

When the Organization chooses to register a Student under 18, it is solely responsible for obtaining, in advance and in writing, the specific and highlighted consent of the minor's Legal Guardian (Article 14 of the LGPD), informing them about the use of the platform (including recording, transcription, and AI reports), and complying, in the minor's best interests, with all rights provided for in the LGPD and the Brazilian Statute of the Child and Adolescent.

With respect to underage Students' data, Noladi acts exclusively as Operator. Any request from the Legal Guardian (access, correction, deletion, portability, withdrawal of consent) must be directed straight to the Organization (Controller). Should Noladi be notified of the irregular processing of a minor's data, it may preemptively suspend the account and remove the data involved.

9. Your rights (LGPD)

As a data subject, you have the following rights guaranteed by the LGPD:

  • Access: confirm whether we process your data and obtain a copy;
  • Correction: request the correction of incomplete or inaccurate data;
  • Deletion: request the deletion of data processed based on your consent;
  • Portability: request an export of your data in a structured format;
  • Withdrawal: withdraw consent previously given;
  • Objection: object to processing in specific circumstances.

When we act as Operator (Student data), the Student (or Legal Guardian, if a minor) must direct these requests to the Organization (Controller), which is responsible for responding within the legal time frame. When we act as Controller (data of the Organization that owns the account, billing, and support), contact us at the e-mail dpo@noladi.app. We will respond within 15 days.

10. International transfers

Some of our operators may be located outside Brazil (especially in the United States and Europe). In those cases, we ensure transfers are carried out in compliance with the LGPD, with adequate contractual safeguards regarding data protection, confidentiality, and prevention of any use beyond the provision of the service.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When relevant changes are made, we will notify you by email or via an in-platform notice. We recommend reviewing this document regularly.

12. Contact

For questions, requests, or complaints related to this Privacy Policy or the processing of your data, please contact our Data Protection Officer (DPO):

dpo@noladi.app

13. Third-party integrations (Canva and Google Calendar)

Noladi offers optional integrations with third-party services, activated only when you (Organization or Teacher) choose to connect the corresponding account. We share only the data needed for the feature; we never sell this data or use it for advertising.

  • Google Calendar: when you connect your Google account, we use the calendar.events scope to keep your teaching schedule in sync — we create, update and cancel events on your calendar for the classes you schedule in Noladi (inviting the Student as a guest) and read your busy times to avoid scheduling conflicts. We store only the event identifier needed to link it to the booking; we do not read or store the content of your other calendar events. Our use of this information complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • Canva: when you connect your Canva account, we access only the designs you choose to import into the class board. Access tokens are stored encrypted and used solely for that import.

You can disconnect any integration at any time from your profile settings, which revokes Noladi's access to the corresponding account.