Last updated: November 2022
Nooli is a productivity platform for modern households. Our mission is to help you get control over your household’s information, safely and without losing your right to the privacy of that data.
This policy was written in plain English to ensure everyone can easily read and how we will comply with both our moral and legal obligations to you. Please send any questions or feedback on this policy to email@example.com. We would love to hear from you.
Nooli is a software product created by Miame Labs Pty Ltd, based in Brisbane, Queensland, Australia. Miame Labs was founded in 2021 by Dean Robertson & Adam Craven. The first version of the Nooli app will be released to the public in January 2023.
This policy explains how Miame Labs Pty Ltd, the Australian company behind Nooli, will access, manage, and protect your personal information so you can rest assured your information is safe.
When this policy mentions ‘Nooli' we are referring to the Nooli product in all its forms: mobile app, web application and associated add-on tools that may access your personal information. When we refer to ‘Miame Lab Pty Ltd' (ACN 642 250 511) or ‘us' or ‘we' or ‘our' or ‘staff’, we're referring to the company, Dean and Adam, and the team behind the Nooli product.
We also refer to the Australian Privacy Principles (APPs) and the Privacy Act 1988 (The Act) in this policy. These govern our obligations around our personal information handling practices.
Personal information, as per The Act, includes a broad range of information that could identify an individual. For example, an individual's name, address, sensitive information, photographs, internet protocol (IP) addresses and location information from a mobile device.
Nooli requires secure access to your email and calendar accounts to function. This section explains how we comply with those platform's data protection policies.
Google API Services User Data Policy
Any information we receive from Google API's will adhere to the Google API Services User Data Policy inclduding the Limited Use Requirements.
Your Trust is Earned
We take information privacy very seriously, because if we didn’t you and your community would not trust us to access, collect and manage personal household data on your behalf. We intend to both earn & keep your trust by always acting in the best interests of your personal data privacy.
The people behind Miame Labs Pty Ltd are users of the Nooli product too. We are acutely aware that personal information, such as emails and calendar events, can contain sensitive and private information which is very personal and very important to all of us.
Securely Connecting Your Accounts to Nooli
Nooli helps you tame the volume of information that comes into your household daily. To do this, we necessarily ask your permission to securely access your personal email, calendar, and chat messaging accounts so Nooli can present your own information to you from those services.
To do this we use the industry-standard OpenID Connect identity protocol, which in turn leverages the industry-standard OAuth 2.0 protocol which is implemented by most cloud services such as Microsoft, Google, Facebook, WhatsApp and others.
These secure protocols allow Nooli to verify your identity with the underlying service provider. It also allows you to give Nooli permission to access your account on your behalf.
Because we are relying on the industry-standard OpenID Connect identity protocol, we do not need (or want) to capture your secure passwords to any of your connected accounts.
You can disconnect Nooli’s access to these services at any time by visiting the security settings of each service. For example, you can disconnect your Google account from Nooli using this link.
Minimal Data Capture, Always
Nooli will only access, collect & manage the minimum of information that's necessary to deliver on our functional & brand promise to you. We do not capture additional personal information that is unnecessary to the functioning of Nooli.
We collect information from you when you access or use Nooli. This may be when you use the Nooli mobile app or web app, or when you visit the Nooli website. We may also collect information from you when you interact with us on social media, or send us an email.
In the event that you contact us with an issue, we may collect some information about you to help us either resolve the issue or communicate with you about the issue. An example may be us requesting a screen shot of your Nooli app while you’re having an issue, which may contain sensitive information that you otherwise would not want others to see (e.g. the contents of an email).
It is always your decision whether to send additional information to us, and we will always endeavour to resolve the issue without requiring you disclose sensitive information to us wherever possible.
Secure Technology Platform & Practices
Nooli has been developed using modern software and database development practices to ensure multiple layers of information security protection.
Nooli is built & hosted entirely in Microsoft’s Azure cloud data centres in Sydney, NSW, Australia. All customer-facing software & personal data is deployed securely behind multiple layers of network security provided by Microsoft themselves. Nooli has additional security measures in implemented specifically by our team for additional layers of data protection security.
By design and policy, none of our staff have direct access to the Nooli databases where customer data is kept. Personal data in Nooli is encrypted using SHA-2 (Secure Hash Algorithm 2) before it is stored into the database, providing an extra layer of security should anyone ever gain unauthorised access to the database directly.
Principle of Least Privilege
When dealing with our customer's personal data, our staff are only given sufficient privileges needed to complete the task.
We do not allow any of your personal information in our databases to be accessed, viewed, exported, or otherwise accessed by any representative of our business at any time, unless it’s for a temporary, specific bug-fixing or diagnostic purpose.
Where possible and practical, any data accessed during diagnostic investigation will be deidentified to ensure user anonymity.
Any diagnostic access to your personal data will be done under the supervision of company leadership to ensure proper information security protocols are followed.
Any temporary instances of your personal information created during the diagnostic process (including log files) will be immediately and permanently deleted as soon as the issue is resolved.
Contractor Service Agreements & Staff Employment Agreements
All agreements signed by company employees or temporary contractors include non-disclosure agreements, including their commitment to protect the information privacy rights of our Nooli users.
Your information is secure and protected with Nooli. We do not sell your information to third parties.
We will also never willingly or knowingly release your personal information to any party outside our company unless we have your prior consent, or if we are compelled to do so by law.
In the event that other entities acquire ownership or operation of Nooli, your information will be transferred to the control of those entities.
Data We Collect From You
The following table explains the specific types of information we collect from you while you use Nooli, and why it is required.
Data We Do NOT Collect
The following list explains the specific examples of information that we do not collect from you.
Date of Birth
Banking or credit card details
Government identities (e.g. passports, drivers licences, tax file number)
Religious or political preferences
Some of this information may inadvertently be in your own emails or calendar items which you access via Nooli. However, Nooli does not specifically collect this information.
If Nooli were to ever suffer from a data breach we will take all necessary steps to comply with the Notifiable Data Breaches scheme as per The Act. We would enact our internal Data Breach Response Plan, as well as notify all affected individuals and the Australian Information Commissioner if the data breach is likely to result in serious harm.
If you believe that your personal information has been accessed or disclosed without authorisation or has been lost, please email firstname.lastname@example.org immediately with details so we can immediately investigate.
To delete your account, please send us an email to email@example.com. Once we have verified you are the legitimate account owner and a Household Organiser of your household, we can do it for you.
As a Nooli user:
You can access, edit or delete specific pieces of information at any time by logging into your Nooli account.
As a Household Organiser you can request we permanently delete:
your own account provided there is at least one Household Organiser remaining in your Household.
the account of another Household Organiser in your household.
the account of a non-Household Organiser, which will remove that account from the Household.
your entire household, which will also permanently delete all members.
When you delete an account, we will take reasonable steps to ensure that all account data is removed from our systems and permanently destroyed within 7 days.
Nooli may retain personal information in circumstances where we have legal and regulatory obligations to do so. We may also retain anonymised information for analytic and service development purposes.
If you've got any questions or concerns about how your information is being protected, please email firstname.lastname@example.org. We will respond as quickly as possible.
In the event that you're not satisfied with our response, or you'd like to make a formal complaint, you can also contact the Office of the Australian Information Commissioner (OAIC) by phoning 1300 363 992 or email email@example.com