Legal
Privacy Policy
Effective as of April 10, 2026
1. Scope of this Privacy Policy
This Privacy Policy describes how Noire (“Noire,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our websites, mobile applications, and other online services that link to this Privacy Policy (collectively, the “Services”), as well as our offline business operations.
Noire trains, manages, and supports executive assistants (“EAs”) and provides matching services that pair EAs with clients who need high-level administrative, operational, and strategic support. Our Services facilitate the onboarding, matching, communication, and workflow management between clients and their assigned EAs.
This Privacy Policy does not apply to the following:
- Personal information processed on behalf of enterprise customers. When we process personal information as a processor or service provider on behalf of our enterprise customers, our processing of such information is governed by the applicable service agreement with that customer, not this Privacy Policy. If you have questions about how your data is handled in this context, please contact the relevant enterprise customer directly.
- Information about EAs processed in our capacity as an employer or contracting party. Information about our EAs that we process in our capacity as their employer, contracting party, or staffing organization is governed by separate privacy notices provided to those individuals and is not covered by this Privacy Policy.
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, you should not use our Services.
2. Personal Information We Collect
We collect personal information in the following ways:
A. Information You Provide to Us
We collect personal information that you voluntarily provide to us when you use our Services, express interest in obtaining information about us or our products, participate in activities on the Services, or otherwise contact us. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the features you use. The personal information we collect may include the following:
- Contact data. Your first and last name, email address, mailing address, phone number, and other similar contact information.
- Professional data. Your job title, department, company name, company size, industry, and professional background information that you provide when applying for or using our Services.
- Matching data. Information about how you need support, your work style, preferences, priorities, scheduling habits, communication preferences, and other information used to match you with an appropriate EA.
- EA workflow data. Documents, files, communications, and other materials shared between you and your assigned EA via email, phone, text message, video conferencing, or other channels in the course of receiving EA services. This may include calendar entries, travel itineraries, meeting notes, correspondence, and task lists.
- Transaction data. Payment and billing information, including credit card numbers, billing addresses, and transaction history necessary to process your payments for our Services.
- Communications data. Information contained in emails, messages, feedback forms, surveys, and other communications you send to us, including any attachments.
- Marketing data. Your preferences for receiving marketing communications from us, your communication preferences, and information about your engagement with our marketing content.
- Other data. Any other personal information you choose to provide to us, including information provided in free-form text fields, uploaded documents, or during interactions with our team.
B. Information We Collect from Third-Party Sources
We may obtain personal information about you from third-party sources, including:
- Public sources. We may collect information from publicly available sources, such as public websites, social media platforms, professional networking sites, and government databases.
- Data brokers and aggregators. We may purchase or receive personal information from data brokers, data aggregators, and other third-party data providers who compile information from various sources.
- Business contacts and referrals. We may receive your personal information from business partners, referral sources, or other individuals who provide your information to us in connection with our services.
C. Information We Collect Automatically
When you access or use our Services, we automatically collect certain information about your device, browsing actions, and usage patterns. This information is collected using cookies, pixel tags, web beacons, and similar technologies, and may include:
- Device data. Information about the device you use to access our Services, including the hardware model, operating system and version, web browser type and version, IP address, device type (desktop, tablet, or mobile), approximate geographic location derived from your IP address, unique device identifiers, and language preferences.
- Usage data. Information about how you interact with our Services, including the pages and content you view, the date and time of your visit, the time spent on each page, navigation paths through the site, referring and exit URLs, links clicked, features used, and whether you open our marketing emails and which links you click within them.
- Cookies and similar technologies. We use cookies, pixel tags, web beacons, and similar technologies to collect information about your use of our Services. For more information about our use of cookies and how to manage your cookie preferences, please see our Cookie Notice.
3. How We Use Your Personal Information
We use the personal information we collect for the purposes described below and as otherwise described to you at the point of collection or with your consent:
Service Delivery
We use your personal information to provide, operate, maintain, and improve our Services, including to process your applications, match you with an appropriate EA, facilitate communications between you and your EA, manage your account, process transactions, provide customer support, and fulfill our contractual obligations to you.
Business Operations
We use your personal information to manage and improve our internal business operations, including for accounting, auditing, administration, legal compliance, record-keeping, quality assurance, training, and business analytics.
Direct Marketing
We may use your personal information to send you marketing communications about products, services, events, and other offerings that we believe may be of interest to you. You can opt out of receiving our marketing emails at any time, as described in the “Your Choices” section below.
Targeted Advertising
We may work with third-party advertising partners to display advertisements on our Services or on third-party websites and platforms. These partners may use cookies, pixel tags, and similar technologies to collect information about your interactions with our Services and other websites and applications, and use that information to serve you targeted advertisements based on your interests and online activities. For more information about how to opt out of targeted advertising, see the “Your Choices” section below.
Research and Development
We use personal information for research and development purposes, including to analyze and improve our Services, develop new products and features, and train and improve our artificial intelligence and machine learning models. Where possible, we use aggregated, de-identified, or anonymized data for these purposes. When we de-identify personal information, we maintain and use it in de-identified form and do not attempt to re-identify the information, except to confirm that our de-identification processes are effective.
EA Supervision and Quality Assurance
We may monitor, review, and analyze EA workflow data and communications between EAs and clients for the purposes of training, quality assurance, performance evaluation, compliance monitoring, and ensuring the safety and quality of our Services. This monitoring helps us maintain high service standards and identify areas for improvement.
Compliance and Protection
We use personal information as we believe necessary or appropriate to: (a) comply with applicable laws, regulations, lawful requests, and legal process, such as responding to subpoenas or requests from government authorities; (b) protect our, your, or others' rights, privacy, safety, or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements; (d) enforce the terms and conditions that govern our Services; and (e) prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
4. How We Share Your Personal Information
We may share your personal information with the following categories of recipients:
Affiliates
We may share your personal information with our corporate parent, subsidiaries, and affiliates for purposes consistent with this Privacy Policy.
Service Providers
We share personal information with third-party service providers that perform services on our behalf, such as web hosting, information technology and related infrastructure, email delivery, marketing and advertising services, customer support, AI and machine learning platform providers, data analytics providers, and other service providers that assist us in operating our business and providing our Services.
Payment Processors
We use third-party payment processors, including Stripe, to process payments made through our Services. Your payment card information is collected and processed directly by these payment processors, and their use of your personal information is governed by their respective privacy policies. We do not store your full credit card information on our servers.
Business and Marketing Partners
We may share personal information with business partners and marketing partners to offer you products, services, or promotions that we believe may be of interest to you. Please note that EA workflow data (i.e., the documents, communications, and materials shared between you and your EA in the course of receiving services) is not shared with business or marketing partners.
Advertising Partners
We may share personal information with third-party advertising companies, including ad networks and ad exchanges, that display targeted advertisements on our behalf on third-party websites and platforms. We and our advertising partners may use cookies and similar technologies to collect information about your interactions with our Services and other websites.
Professional Advisors
We may disclose your personal information to professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they render to us.
Authorities and Others
We may share your personal information with law enforcement agencies, public authorities, government bodies, regulators, and other third parties where we believe disclosure is necessary: (a) as a matter of applicable law or regulation; (b) to exercise, establish, or defend our legal rights; or (c) to protect your vital interests or those of any other person.
Business Transferees
We may share your personal information with acquirers, successor entities, or assignees as part of any merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other business transaction. If such a transaction occurs, we will require the recipient to honor this Privacy Policy or inform you of any changes.
Other Parties with Your Consent
We may share your personal information with other third parties with your consent or at your direction. For example, you may direct us to share information with your own third-party service providers, accountants, or advisors.
5. Your Choices
You have a number of choices regarding how we process your personal information. Depending on your jurisdiction, you may have additional privacy rights as described in the “Notice to European Users,” “State Law Privacy Rights,” and “Notice to Canadian Users” sections below.
Opt Out of Direct Marketing
You may opt out of receiving promotional emails from us by following the unsubscribe instructions included at the bottom of each email. If you opt out of promotional emails, we may still send you non-promotional communications, such as those related to your account, your use of our Services, or our ongoing business relations. If you receive marketing text messages from us, you may opt out by replying “STOP” to any such message.
Cookies
Most web browsers are set to accept cookies by default. You can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies may affect the availability and functionality of our Services. For more detailed information about cookies and how to manage them, please visit www.allaboutcookies.org. You may also opt out of Google Analytics by downloading and installing the browser plug-in available at tools.google.com/dlpage/gaoptout.
Pixels
You can disable pixel tracking by configuring your email client to block the automatic loading of remote images. Most email clients and web-based email services provide this option in their settings or preferences menus.
Targeted Advertising
You can limit the use of your information for targeted advertising by:
- Adjusting your browser settings to block or limit third-party cookies.
- Using privacy-focused browser plug-ins or extensions.
- Opting out through the Network Advertising Initiative (NAI) at networkadvertising.org.
- Opting out through the Digital Advertising Alliance (DAA) at aboutads.info/choices.
- Using the DAA's AppChoices app to opt out of targeted advertising in mobile apps.
- Adjusting the advertising preferences on your mobile device (e.g., “Limit Ad Tracking” on iOS or “Opt Out of Ads Personalization” on Android).
- Enabling the Global Privacy Control (“GPC”) signal in your browser. We process GPC signals as a valid opt-out request where required by applicable law.
Do Not Track Signals
Some browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no commonly accepted standard for how to interpret DNT signals, our Services do not currently respond to browser DNT signals. Instead, you can use the range of other tools described in this section to manage your cookie and advertising preferences.
6. Other Sites and Services
Our Services may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control websites, mobile applications, or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use.
7. Security and Retention
We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the absolute security of your personal information.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and applicable legal, regulatory, tax, accounting, or other requirements.
When we no longer need the personal information we have collected about you, we will either delete it or anonymize it. If it is not possible to delete or anonymize your personal information (for example, because it has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8. International Data Transfers
Noire is headquartered in the United States, and we have operations and service providers in the United States and other countries. Your personal information may be transferred to, stored in, and processed in the United States or other countries that may not have the same data protection laws as the country in which you reside.
When we transfer personal information across international borders, we take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. For more information about the safeguards we apply to international transfers of personal information, please see the “Notice to European Users” section below.
9. Children's Privacy
Our Services are not intended for use by individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take reasonable steps to delete such information from our records. If you believe that a child under 18 has provided personal information to us, please contact us at privacy@noire.com so that we can take appropriate action.
10. Changes to This Privacy Policy
We may modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our website or through other communications as required by applicable law. Any modifications to this Privacy Policy will be effective upon our posting of the updated version (or as otherwise stated in the modified Privacy Policy). We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
11. Contact Us
If you have any questions or concerns about this Privacy Policy, our data practices, or if you would like to exercise your privacy rights, please contact us at:
12. Notice to European Users
This section applies to individuals in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland (collectively, “Europe”) and supplements the information in this Privacy Policy with additional disclosures required under European data protection laws, including the General Data Protection Regulation (“GDPR”) and the UK GDPR.
Controller
Noire is the controller of your personal information for purposes of European data protection law. You can reach us using the contact information provided in the “Contact Us” section above.
Legal Bases for Processing
We use your personal information only as permitted by law. Our legal bases for processing your personal information as described in this Privacy Policy are as follows:
| Processing Purpose | Legal Basis |
|---|---|
| Service delivery | Processing is necessary to perform our contract with you (i.e., our Terms of Service) or to take steps at your request prior to entering into a contract. |
| Business operations | Processing is necessary for our legitimate interests in managing and improving our business, and those interests are not overridden by your rights. |
| Direct marketing | Processing is based on your consent or our legitimate interests in promoting our business, depending on the jurisdiction and the type of marketing. |
| Targeted advertising | Processing is based on your consent where required by applicable law. |
| Research and development | Processing is necessary for our legitimate interests in improving and developing our Services, including training AI/ML models. |
| EA supervision and quality assurance | Processing is necessary for our legitimate interests in maintaining service quality and training standards. |
| Compliance and protection | Processing is necessary to comply with our legal obligations, or for our legitimate interests in protecting our rights and the rights of others, or to protect the vital interests of you or another person. |
Sensitive Personal Data
We do not intentionally collect or process special categories of personal data (also known as sensitive personal data) as defined under European data protection law. If we ever need to process such data, we will do so only where we have a valid legal basis, such as your explicit consent.
Your Rights
Under European data protection law, you have the following rights with respect to your personal information:
- Access. You have the right to request a copy of the personal information we hold about you, along with information about how we process it.
- Rectification. You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
- Erasure. You have the right to request that we delete your personal information in certain circumstances, such as when the personal information is no longer necessary for the purposes for which it was collected.
- Restriction of processing. You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of your personal information or object to our processing of it.
- Objection. You have the right to object to our processing of your personal information where we are relying on legitimate interests as our legal basis, and there is something about your particular situation that makes you want to object.
- Data portability. You have the right to receive the personal information you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance, where technically feasible.
- Withdraw consent. Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@noire.com. We will respond to your request in accordance with applicable law. We may need to verify your identity before processing your request and may ask you for additional information to do so.
Right to Lodge a Complaint
If you believe that we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged violation. You can find a list of EEA supervisory authorities at edpb.europa.eu.
If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner's Office (“ICO”) at ico.org.uk.
International Data Transfer Safeguards
When we transfer personal information from Europe to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (“SCCs”) under Article 46.2 of the GDPR. For transfers from the UK, we rely on the SCCs as supplemented by the UK Addendum issued by the Information Commissioner's Office. You may request a copy of the relevant transfer mechanism by contacting us using the information in the “Contact Us” section above.
13. State Law Privacy Rights
This section supplements the information in this Privacy Policy and provides additional disclosures required under state privacy laws in the United States, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), and similar laws in Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia.
Your State Privacy Rights
Depending on your state of residence, you may have one or more of the following rights:
- Right to know / information. You have the right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which it was collected, the business or commercial purposes for collecting or selling it, and the categories of third parties with whom we share it.
- Right to access. You have the right to request a copy of the specific pieces of personal information we have collected about you.
- Right to delete. You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
- Right to correct. You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to opt out of targeted advertising, sales, and profiling. You have the right to opt out of the processing of your personal information for purposes of targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects. To opt out, you may use the methods described in the “Your Choices” section above or contact us at privacy@noire.com.
- Right to nondiscrimination. We will not discriminate against you for exercising any of your privacy rights.
- Right to a list of certain third-party disclosures. California residents may request a list of the categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year.
How to Exercise Your Rights
To exercise any of the rights described above, please contact us at privacy@noire.com. We will acknowledge receipt of your request and respond within the timeframes required by applicable law. In most cases, we will respond within 45 days of receipt, although we may extend this period by an additional 45 days where reasonably necessary.
Appeal Process
If we decline to take action on your request, we will inform you of our reasons and you may appeal our decision. To appeal, please contact us at privacy@noire.com with the subject line “Privacy Rights Appeal.” We will respond to your appeal in accordance with applicable law. If your appeal is denied, you may contact your state attorney general to submit a complaint.
Identity Verification
When you submit a request to exercise your privacy rights, we may need to verify your identity before fulfilling your request. We will ask you to provide information that matches the personal information we have on file about you. Depending on the type and sensitivity of the request, we may require you to provide additional verification. If we are unable to verify your identity, we may not be able to fulfill your request.
Authorized Agents
In certain states, you may designate an authorized agent to make a request on your behalf. To do so, you must provide the authorized agent with written permission to submit the request and we may require you to verify your own identity directly with us. Alternatively, the authorized agent may provide a power of attorney pursuant to applicable state law.
Sensitive Personal Information
To the extent we collect personal information that qualifies as “sensitive” under applicable state privacy laws (such as Social Security numbers, financial account information, or precise geolocation data), we use and disclose such information only for purposes permitted by applicable law, such as performing services you request, ensuring security, verifying or maintaining the quality of our Services, and as otherwise permitted by law. You have the right to limit our use and disclosure of your sensitive personal information to these purposes.
California-Specific Disclosures
The following table describes the categories of personal information we have collected in the preceding 12 months, as defined by the CCPA, and the categories of third parties to whom each category may be disclosed:
| CCPA Category | Types of Data | Categories of Recipients |
|---|---|---|
| Identifiers | Name, email address, phone number, mailing address, account name, IP address, unique device identifiers | Affiliates, service providers, advertising partners, professional advisors, authorities, business transferees |
| California Customer Records (Cal. Civ. Code § 1798.80(e)) | Name, address, telephone number, employment, credit card number or other financial information | Affiliates, service providers, payment processors, professional advisors, authorities, business transferees |
| Commercial Information | Records of services purchased, obtained, or considered; purchasing or consuming histories or tendencies | Affiliates, service providers, professional advisors, authorities, business transferees |
| Financial Information | Payment card details, billing address, transaction history | Payment processors (e.g., Stripe), service providers |
| Online Identifiers | IP address, device identifiers, cookie identifiers, advertising IDs | Service providers, advertising partners, analytics providers |
| Internet or Other Electronic Network Activity Information | Browsing history, search history, interactions with our website, browser type, operating system, referring URL, time spent on pages | Service providers, advertising partners, analytics providers |
| Inferences | Inferences drawn from the above categories to create a profile reflecting preferences, characteristics, behavior, abilities, and aptitudes | Affiliates, service providers |
We do not “sell” personal information as that term is traditionally understood. However, some of our disclosures of personal information to third-party advertising partners for targeted advertising purposes may constitute a “sale” or “sharing” under the CCPA. You have the right to opt out of such sales and sharing as described in the “Your Choices” section above.
14. Notice to Canadian Users
This section applies to individuals in Canada and supplements the information in this Privacy Policy with additional disclosures required under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applicable provincial privacy legislation.
Under Canadian privacy law, you have the following rights with respect to your personal information:
- Access. You have the right to request access to the personal information we hold about you and to receive information about how it has been used and disclosed.
- Correction. You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
- Withdraw consent. You have the right to withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide certain Services to you.
- Deletion. You have the right to request that we delete your personal information, subject to certain exceptions as permitted by applicable law.
- File a complaint. If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy commissioner.
To exercise any of these rights, please contact us at privacy@noire.com. We will respond to your request within the timeframes required by applicable Canadian privacy law.