Last updated: 21 December 2022
Nooli is a productivity platform for modern households. Our mission is to help you get control over your household’s information, safely and without losing your right to the privacy of that data.
This policy was written in plain English to ensure everyone can easily read and how we will comply with both our moral and legal obligations to you. Please send any questions or feedback on this policy to firstname.lastname@example.org. We would love to hear from you.
Nooli is a software product created by Miame Labs Pty Ltd, based in Brisbane, Queensland, Australia. Miame Labs was founded in 2021 by Dean Robertson & Adam Craven. The first version of the Nooli app will be released to the public in January 2023.
This policy explains how Miame Labs Pty Ltd, the Australian company behind Nooli, will access, manage, and protect your personal information so you can rest assured your information is safe.
When this policy mentions ‘Nooli' we are referring to the Nooli product in all its forms: mobile app, web application and associated add-on tools that may access your personal information. When we refer to ‘Miame Lab Pty Ltd' (ACN 642 250 511) or ‘us' or ‘we' or ‘our' or ‘staff’, we're referring to the company, Dean and Adam, and the team behind the Nooli product.
We also refer to the Australian Privacy Principles (APPs) and the Privacy Act 1988 (The Act) in this policy. These govern our obligations around our personal information handling practices.
Personal information, as per The Act, includes a broad range of information that could identify an individual. For example, an individual's name, address, sensitive information, photographs, internet protocol (IP) addresses and location information from a mobile device.
Nooli requires secure access to your email and calendar accounts to function. This section explains how we comply with those platform's data protection policies.
Google API Services User Data Policy including the Limited Use Requirements. Nooli also adheres to the Google API Terms of Service which gives us permission to allow other Nooli users to view your Google Calendar content in their Nooli app, provided you have explicitly allowed it in your Nooli app.
Nooli's use and transfer to any other app of information received from Google API's will adhere to the Google API Services User Data Policy including the Limited Use Requirements. Nooli also adheres to the Google API Terms of Service which gives us permission to allow other Nooli users to view your Google Calendar content in their Nooli app, provided you have explicitly allowed it in your Nooli app.
Sign-in With Google
When you connect your Google account to Nooli, we ask for permission to:
- View your primary Gmail inbox in the Nooli accounts screen; mark an email as read/unread; and archive an email;
- View your Google calendar items (read only) in the Nooli calendar
By approving Nooli to access to your Google account, you can:
- Generate Nooli calendar events from a Gmail email, and invite other Nooli users to participate in that event.
- Share the details (read only) of a single Google calendar item to another Nooli user via the Nooli chat interface
Even though you give Nooli permission to access your Google account, Nooli does not:
- create and send Gmail emails on your behalf;
- delete your Gmail emails;
- download and store any Gmail emails that aren't explicitly attached to a Nooli calendar event;
- create new or edit existing calendar events in your Google calendar.
Importing Data from your Google Account
If you generate a Nooli calendar event from a Gmail item, Nooli will import & store only the body of that email so it can be attached to the Nooli calendar event. If you invite other Nooli users to that calendar event, they will be able to read the body of the email.
Nooli does not import or store any of your Google calendar information. Nooli retrieves your Google calendar items in real-time via the Google Calendar API.
All data stored in the Nooli database, including any Gmail email data imported as part of your calendar events, is encrypted at rest. When your data is retrieved by the Nooli app, all data is encrypted in transit using Transport Layer Security (TLS).
Disconnecting your Google Account
You can disconnect your Google account from Nooli at any time by visiting the Security section of your Google account.
Deleting your Google Data from Nooli
If you ask us to delete your Nooli account, all Google account information, login security tokens and imported Gmail data will be permanently deleted within 30 days.
Your Trust is Earned
We take information privacy very seriously, because if we didn’t you and your community would not trust us to access, collect and manage personal household data on your behalf. We intend to both earn & keep your trust by always acting in the best interests of your personal data privacy.
The people behind Miame Labs Pty Ltd are users of the Nooli product too. We are acutely aware that personal information, such as emails and calendar events, can contain sensitive and private information which is very personal and very important to all of us.
Securely Connecting Your Accounts to Nooli
Nooli helps you tame the volume of information that comes into your household daily. To do this, we necessarily ask your permission to securely access your personal email, calendar, and chat messaging accounts so Nooli can present your own information to you from those services.
To do this we use the industry-standard OpenID Connect identity protocol, which in turn leverages the industry-standard OAuth 2.0 protocol which is implemented by most cloud services such as Microsoft, Google, Facebook, WhatsApp and others.
These secure protocols allow Nooli to verify your identity with the underlying service provider. It also allows you to give Nooli permission to access your account on your behalf.
Because we are relying on the industry-standard OpenID Connect identity protocol, we do not need (or want) to capture your secure passwords to any of your connected accounts.
You can disconnect Nooli’s access to these services at any time by visiting the security settings of each service. For example, you can disconnect your Google account from Nooli using this link.
Minimal Data Capture, Always
Nooli will only access, collect & manage the minimum of information that's necessary to deliver on our functional & brand promise to you. We do not capture additional personal information that is unnecessary to the functioning of Nooli.
We collect information from you when you access or use Nooli. This may be when you use the Nooli mobile app or web app, or when you visit the Nooli website. We may also collect information from you when you interact with us on social media, or send us an email.
In the event that you contact us with an issue, we may collect some information about you to help us either resolve the issue or communicate with you about the issue. An example may be us requesting a screen shot of your Nooli app while you’re having an issue, which may contain sensitive information that you otherwise would not want others to see (e.g. the contents of an email).
It is always your decision whether to send additional information to us, and we will always endeavour to resolve the issue without requiring you disclose sensitive information to us wherever possible.
Secure Technology Platform & Practices
Nooli has been developed using modern software and database development practices to ensure multiple layers of information security protection.
Nooli is built & hosted entirely in Microsoft’s Azure cloud data centres in Sydney, NSW, Australia. Microsoft's policy on data privacy of both our corporate data, and your customer data, can be found here.
Any user's personal data that we do capture in the course of you using Nooli is encrypted at rest in our secure databases.
Principle of Least Privilege
When dealing with our customer's personal data, our staff are only given sufficient privileges needed to complete the task.
We do not allow any of your personal information in our databases to be accessed, viewed, exported, or otherwise accessed by any representative of our business at any time, unless it’s for a temporary, specific bug-fixing or diagnostic purpose.
Where possible and practical, any data accessed during diagnostic investigation will be deidentified to ensure user anonymity.
Any diagnostic access to your personal data will be done under the supervision of company leadership to ensure proper information security protocols are followed.
Any temporary instances of your personal information created during the diagnostic process (including log files) will be immediately and permanently deleted as soon as the issue is resolved.
Contractor Service Agreements & Staff Employment Agreements
All agreements signed by company employees or temporary contractors include non-disclosure agreements, including their commitment to protect the information privacy rights of our Nooli users.
Your information is secure and protected with Nooli. We do not sell your information to third parties.
We will also never willingly or knowingly release your personal information to any party outside our company unless we have your prior consent, or if we are compelled to do so by law.
In the event that other entities acquire ownership or operation of Nooli, your information will be transferred to the control of those entities.
Data We Collect From You
The following table explains the specific types of information we collect from you while you use Nooli, and why it is required.
Data We Do NOT Collect
The following list explains the specific examples of information that we do not deliberately collect from you:
Date of Birth
Banking or credit card details
Government identities (e.g. passports, drivers licences, tax file number)
Religious or political preferences
Some of this information may inadvertently be in your own emails or calendar items which you access via Nooli. However, Nooli does not specifically collect this information.
If Nooli were to ever suffer from a data breach we will take all necessary steps to comply with the Notifiable Data Breaches scheme as per The Act. We would enact our internal Data Breach Response Plan, as well as notify all affected individuals and the Australian Information Commissioner if the data breach is likely to result in serious harm.
If you believe that your personal information has been accessed or disclosed without authorisation or has been lost, please email email@example.com immediately with details so we can immediately investigate.
To delete your account, please send us an email to firstname.lastname@example.org. Once we have verified you are the legitimate account owner and a Household Organiser of your household, we can do it for you.
As a Nooli user:
You can access, edit or delete specific pieces of information at any time by logging into your Nooli account.
As a Household Organiser you can request we permanently delete:
your own account provided there is at least one Household Organiser remaining in your Household.
the account of another Household Organiser in your household.
the account of a non-Household Organiser, which will remove that account from the Household.
your entire household, which will also permanently delete all members.
When you delete an account, we will take reasonable steps to ensure that all account data is removed from our systems and permanently destroyed within 7 days.
Nooli may retain personal information in circumstances where we have legal and regulatory obligations to do so. We may also retain anonymised information for analytic and service development purposes.
If you've got any questions or concerns about how your information is being protected, please email email@example.com. We will respond as quickly as possible.
In the event that you're not satisfied with our response, or you'd like to make a formal complaint, you can also contact the Office of the Australian Information Commissioner (OAIC) by phoning 1300 363 992 or email firstname.lastname@example.org