top of page

Privacy Policy

Privacy Policy

Effective Date: [Insert date]

Company Legal Name: [Insert full legal name of Novus Attractions]

Trade Name: Novus Attractions

Registered Address: [Insert address]

Contact: privacy@novusattractions.com

Website: https://www.novusattractions.com and related subdomains, including Argo Hub

This Privacy Policy explains how Novus Attractions collects, uses, discloses, and protects personal information when you visit our websites, use our software and services, interact with our hardware at venues, or communicate with us. We operate in Canada and comply with Canadian privacy laws such as PIPEDA. Where applicable, we also address requirements under the EU and UK GDPR and the California Consumer Privacy Act as amended by the CPRA.

 

1. Scope and who we are

This policy applies to:

Our public websites and landing pages
 

Argo Hub accounts and portals
 

NovusOS and related apps, APIs, and device firmware
 

Argo hardware used at venues such as kiosks, T-Line, Smart Hole, Ball Register, Smart Ball, and sensors
 

Subscriptions and support services
 

Sales, marketing, career applications, and customer support communications
 

Role as Controller or Service Provider

We act as a Controller for data we collect directly through our websites, Argo Hub accounts that we operate, subscriptions that we bill, sales and support interactions, recruiting, and product analytics.
 

We act as a Processor/Service Provider for venue operators that run Argo Courses or upgrades. In that case the venue is the Controller for player and guest data; we process that data under their instructions and applicable agreements.
 

If you are a venue operator, you are responsible for posting any required notices to players and guests at your venue and for obtaining any consents that your jurisdiction may require.

 

2. Information we collect

2.1 Information you provide to us

Account and profile data: name, business or venue name, role, email, phone, password, preferred language, time zone.
 

Quote and order data: venue details, layout or floor plans, project requirements, delivery address, billing details, payment method tokens handled by our payment processors.
 

Support and communications: messages, call notes, emails, recorded issue details, survey responses.
 

Careers: résumé, cover letter, portfolio links, interview notes, references, eligibility and background information where lawful.
 

2.2 Information collected automatically

Website analytics: IP address, device and browser type, pages viewed, timestamps, referral URLs, approximate location at city level, cookie and pixel data.
 

Argo Hub and NovusOS usage: login timestamps, roles and permissions, feature usage metrics, device identifiers, crash logs, performance telemetry.
 

Hardware telemetry at venues: device health, sensor status, firmware versions, battery levels, installation identifiers, non-precise location of devices, event logs such as “ball paired”, “hole triggered”, “lane active”.
 

Smart Ball interactions: pairing events, play events with timing, stroke counts, accuracy signals, ball battery level. These events are associated with a session and, if the venue uses accounts, may be linked to a player profile.
 

2.3 Information from third parties

Payment processors: confirmation of payment or refunds, limited billing details, no full card numbers.
 

Integration partners: ticketing or CRM systems, digital signage, identity providers.
 

Marketing partners: lead sources and campaign performance in aggregated form.
 

We do not collect sensitive personal information such as government identifiers, precise geolocation, or biometric templates for identification purposes. If a venue configures peripherals that collect additional data, the venue is responsible for lawful use and appropriate notices.

 

3. How we use information

We use personal information for:

Providing services: creating and managing accounts, pairing balls, scoring, leaderboards, device management, remote support, updates, and subscriptions.
 

Operations and safety: device monitoring, diagnostics, security, fraud prevention, abuse detection, incident response.
 

Product improvement: analytics, quality assurance, feature development, testing and rollout of updates.
 

Customer support and communications: responding to inquiries, scheduling, training, and service notifications.
 

Business administration: quoting, contracting, billing, accounting, auditing, and legal compliance.
 

Marketing with consent where required: sending news, product updates, event invites, and promotions; you can opt out at any time.
 

Legal bases where GDPR applies: performance of a contract, legitimate interests such as security and improvement, consent where required, and legal obligations.

 

4. Cookies and similar technologies

We use cookies, local storage, and pixels to operate the site, remember preferences, measure performance, and support marketing. You can control cookies via your browser settings. If you are in a region that requires consent, we present a consent banner that lets you accept or reject non-essential cookies. We honor Global Privacy Control signals where applicable.

Categories:

Essential: authentication, security, load balancing
 

Analytics: traffic and feature usage
 

Functional: preferences, improved experience
 

Marketing: campaign measurement, retargeting where permitted
 

 

5. How we share information

We share personal information only as needed:

Service providers and subprocessors: hosting, payment processing, email delivery, analytics, customer support tools, and logistics. These vendors are bound by contract to protect your data and use it only to provide services to us.
 

Venue operators: if you play at a venue, your play data belongs to that venue; we process and surface it back to the venue through dashboards and exports.
 

Integration partners at your request: ticketing, CRM, signage, or identity providers that you connect.
 

Corporate transactions: merger, acquisition, financing, or asset sale, subject to confidentiality.
 

Legal compliance and safety: to comply with law, enforce terms, or protect rights and safety.
 

We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising without consent where required. If you are a California resident, you can exercise the right to opt out of sale or sharing through the mechanisms described below.

 

6. International transfers

We store and process data in Canada and may transfer it to other countries where we or our service providers operate, including the United States and the European Economic Area. We use appropriate safeguards for international transfers such as Standard Contractual Clauses, and we require vendors to provide comparable protections.

 

7. Data retention

We keep personal information for as long as needed to provide the services, comply with legal obligations, resolve disputes, and enforce agreements. Typical examples:

Account and subscription records: for the life of the account and a reasonable period after closure
 

Device and telemetry logs: typically 12 to 24 months, then aggregated or anonymized
 

Support records: typically 24 months after closure
 

Financial records: as required by tax and accounting laws
 

When retention periods end, we delete or de-identify the data.

 

8. Security

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the data. Examples include role-based access controls, encryption in transit, network isolation, secure development practices, logging, and vendor due diligence. No system is perfectly secure. If we discover a security incident that presents a risk to you, we will notify you and regulators as required by law.

 

9. Your privacy choices and rights

9.1 PIPEDA and Canadian rights

You can request access to the personal information we hold about you, request corrections if it is inaccurate or incomplete, and challenge our compliance. Contact us using the details below.

9.2 GDPR and UK GDPR rights

If you are in the EEA or UK, you have rights to:

Access, rectify, or erase your personal data
 

Restrict or object to processing
 

Data portability
 

Withdraw consent where processing is based on consent
 

Lodge a complaint with a supervisory authority
 

If we act as a Processor for a venue, we will forward your request to the venue Controller.

9.3 California privacy rights

California residents have rights to:

Know the categories of personal information collected, purposes, and recipients
 

Access specific pieces of personal information
 

Correct inaccuracies
 

Delete personal information
 

Opt out of sale or sharing of personal information
 

Limit the use and disclosure of sensitive personal information where applicable
 

Non-discrimination for exercising rights
 

You can submit a request as described below. We will verify your identity before responding. You may use an authorized agent where permitted.

9.4 Marketing preferences and cookies

You can unsubscribe from marketing emails using the link in the message. You can manage cookies through our consent banner or your browser settings. We honor Global Privacy Control where available.

 

10. Children’s privacy

Our services are designed for venues that host families and students. We do not knowingly collect personal information from children under the age required by local law without appropriate consent. If you believe a child has provided us personal information without proper consent, contact us and we will take appropriate steps.

 

11. Third-party links and services

Our websites and portals may link to third-party sites or integrate with third-party services. Their privacy practices are their own. Review their policies before providing personal information.

 

12. Automated decision making and profiling

We use analytics to understand usage and to improve performance. We do not make decisions that produce legal or similarly significant effects solely based on automated processing. If this changes, we will update this policy and provide required notices and choices.

 

13. Venue operators and enterprise customers

If you operate a venue:

You are the Controller for player and guest data collected at your venue. You must provide notices, obtain consents where required, and handle data subject requests.
 

We will process personal information according to your instructions and applicable agreements.
 

We provide administrative controls in Argo Hub and NovusOS, including role management, data exports, and retention options.
 

On request, we will provide a list of our current subprocessors and security summary; we can offer a Data Processing Addendum if required.
 

 

14. How to exercise your rights

You can submit privacy requests by email to privacy@novusattractions.com. Please provide your name, contact details, relationship with us, and a clear description of your request. We will respond within the timelines required by law. If we are a Processor, we will route your request to the appropriate venue Controller.

If you are in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada. If you are in the EEA or UK, you may contact your local data protection authority. If you are in California, you may contact the California Privacy Protection Agency.

 

15. Changes to this policy

We may update this Privacy Policy to reflect changes in law, technology, or our services. We will post the updated version with a new Effective Date. If changes are material, we will provide additional notice where required.

 

16. Contact us

Privacy Contact:

Email: privacy@novusattractions.com

Mail: [Insert mailing address for privacy matters]

If GDPR applies:

EU Representative: [Insert representative or service address]

UK Representative: [Insert representative or service address]

Data Protection Officer (if appointed): [Insert DPO contact]

 

17. Key disclosures by product area

Websites

We use essential cookies for login and security, analytics to understand traffic, and optional marketing pixels where permitted.

Argo Hub

We process account data and role assignments, player profiles where configured by the venue, and gameplay histories linked to profiles. Venue administrators control who can view and export data.

NovusOS and devices

We collect device telemetry such as status, battery level, firmware version, and event logs for scoring and system health. We store play history and leaderboards according to venue settings.

Subscriptions

We store subscription tier, billing contact, plan status, and service usage. Payments are processed by PCI-compliant providers.

Support

We keep ticket histories, logs, and device snapshots necessary to troubleshoot. We may request temporary access tokens or diagnostic exports to provide support.

 

18. Retention snapshot

Accounts and Hub profiles: retained for the life of the account, then deleted or archived according to legal requirements
 

Device logs and telemetry: typically 12 to 24 months, then aggregated
 

Gameplay histories: according to venue configuration, then deleted or anonymized on request
 

Contracts and invoices: retained as required by tax and accounting laws
 

 

19. Security snapshot

Encryption in transit for all portals and APIs
 

Access control by role, least privilege, and MFA for administrators
 

Network segmentation for production systems
 

Change management, logging, and alerting
 

Vendor risk management and confidentiality agreements

bottom of page