Privacy Policy

Effective Date: January 20, 2026

Notta Boss Limited ("we", "us", or "our") operates Notta Socket (nottasocket.com and nottasocket.io). We believe in ruthless simplicity, and that extends to how we handle your data. This policy explains what we collect, how we use it, and, most importantly, what we don't keep.

1. The Short Version
   • We are a pipe, not a bucket. When you send data through Notta Socket, we deliver it to your connected clients and then it vanishes. We do not store, mine, or view your message payloads.
   • We collect account info. To run your account and bill you, we need your email and payment details.
   • You control the region. You decide which server location processes your data streams.
2. Information We Collect
   1. Account Information

      When you register, we collect your name, email address, and billing information. Payment processing is handled by our third-party provider (Stripe); we do not store full credit card numbers on our servers.

   2. Usage Data

      We monitor technical metrics to maintain the stability of our infrastructure. This includes:

      • Connection counts (peak and concurrent).
      • Message volume (throughput).
      • API error rates.
      • IP addresses of connecting clients (temporarily, for security and abuse prevention).
   3. Your Message Data (The "Payload")

      Your application sends data ("messages" or "events") through our infrastructure. We do not store this data. It is processed in Random Access Memory (RAM) solely for the purpose of routing it to your subscribed clients and is discarded immediately after delivery or if the delivery fails.

3. How We Use Your Information

   We use your information to:

   • Provide, operate, and maintain the Notta Socket service.
   • Process payments and generate invoices.
   • Send you technical alerts (e.g., if you approach your connection limits).
   • Prevent fraudulent use or abuse of our system.
4. Data Sovereignty & GDPR

   Notta Socket allows you to select specific Data Regions (e.g., New York, London, Singapore) when creating a stream.

   • For GDPR Compliance: If you select a region within the EU/EEA, your message payloads will not leave that region during processing.
   • Roles: In the context of the GDPR, you are the Data Controller of your user data, and Notta Boss Limited is the Data Processor.
5. Third-Party Sub-Processors

   We use trusted third-party services to run our infrastructure. We currently use:

   • Amazon Web Services (AWS): For cloud hosting, server infrastructure, data processing, and transactional emails.
   • Stripe: For secure payment processing.
6. Data Retention
   • Account Data: Retained as long as your account is active, plus legal retention periods for tax/invoicing.
   • Message Data: Retained for 0 seconds (ephemeral transit).
7. Changes to This Policy

   We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We will notify you of any significant changes via email or through the Service dashboard. The date at the top of this policy indicates when it was last updated.

8. Contact Us

   For privacy concerns or to exercise your data rights (access, deletion, portability), contact us at:

   Email: support@nottasocket.com
   Entity: Notta Boss Limited, New Zealand.