Skip to main content
Noviq

Last updated: June 12, 2026

Noviq Privacy Policy

This policy explains what personal data Rallyve (Noviq, “we”) processes when you visit noviq.rallyve.com, use a Noviq workspace, or have data about you entered into one — why we process it, where it lives, how long we keep it, and the rights you have over it.

This policy is published in Hebrew and in English. The Hebrew version is the binding version; this English text is provided for convenience. Questions and requests: support@rallyve.com.

1. Who this policy covers

It covers three situations, with different data in each:

  • Visitors — you browse our public pages without signing in.
  • Account holders — you created a Noviq account (for example, you set up a workspace for your organization, or accepted an invitation and signed up).
  • Workspace members — your employer (or another organization you work with) uses Noviq to schedule your shifts, and data about you exists in its workspace. Some of that data may have been entered by your employer rather than by you — section 3 explains who is responsible for it.

2. What we process, and why

Visitors

  • Essential cookies — a session cookie (only after you sign in), your language choice, and your cookie-consent choice. Details in the Cookie Policy.
  • Analytics — only if you opt in. See section 5.
  • Technical logs — our hosting provider and error monitoring may record technical request data (such as IP address and browser type) needed to operate and secure the site.

Account holders

  • Account data — name, email address, password (held by our authentication provider in protected form — we never see or store the password itself), profile photo if you add one, and preferences such as language and theme. Used to operate your account and sign you in.
  • Consent records — which version of the Terms and this policy you accepted, when, and from which flow. Kept as evidence of agreement.
  • Security and audit records— actions that change workspace data (for example, approving a leave request) are recorded in the workspace’s audit log together with the acting user’s identity. Used for security, accountability, and troubleshooting.

Workspace members

A workspace contains the data your organization needs to schedule and manage shift work:

  • employment profile — name, email, phone, role, teams, employment dates, weekly hours, employee number;
  • scheduling data — shift assignments and published schedules;
  • availability you declare;
  • leave requests and their status — note that a leave type (such as sick leave) can indicate sensitive information, and we treat it with heightened care;
  • timesheets — attendance, hours, and the pay-relevant summaries computed from them;
  • in-app notifications addressed to you.

Data not collected from you directly:some of this data is entered by your employer’s administrators or managers (for example, your employment profile or shift assignments). It is used solely to operate the workspace for your employer. You are not legally required to provide data yourself; data you do provide (such as availability) is provided voluntarily to take part in your team’s scheduling. Within the workspace, your data is visible according to role — for example, your manager sees your team’s schedules, and finance-role users see pay-relevant summaries.

3. Who is responsible for your data

For workspace data, your employer (the workspace’s organization) is the controller— the “owner of the database” under the Israeli Protection of Privacy Law. It decides what data is entered and who in the workspace can see it. We act as its processing service provider (“holder”), hosting and processing the data only to provide the Service, under the data-processing terms at /legal/dpa. Your employer is responsible for informing you about the data it manages about you; this policy is part of how that information is made available.

For account data, consent records, and analytics, we are the controller.

4. Cookies

We use a small set of essential cookies (sign-in session, language, consent choice) and, only with your opt-in consent, analytics cookies. The full list, lifetimes, and how to change your choice are in the Cookie Policy.

5. Analytics and error monitoring

  • Product analytics (PostHog) — runs only if you opt invia the cookie banner. We use it to understand which parts of the product are used (page views, feature usage). You can withdraw consent at any time via “Cookie settings” in the footer.
  • Error monitoring (Sentry) — when something breaks, an error report (error details, browser type, technical context) is sent so we can fix it. This is necessary to run a dependable service. Session-replay capture, which records more context about what was on screen when an error happened, runs only if you opt in.

6. Where your data is stored

The Service is hosted on Google Cloud / Firebase, with data stored in the United States. We rely on contractual data-protection commitments with Google (including its data-processing terms) and industry-standard safeguards — encryption in transit and at rest, access controls, and audit logging — in accordance with the Israeli Privacy Protection (Transfer of Data Abroad) Regulations. By using the Service you acknowledge that data is processed in the United States as described here.

7. Who we share data with

  • Subprocessors — service providers that host or process data on our behalf (hosting, analytics, error monitoring). The current list, including locations, is at /legal/subprocessors.
  • Integrations your employer connects — for example, if your employer connects Slack notifications, workspace notification content is sent to its Slack workspace.
  • Legal requirements — we may disclose data where required by law or a binding order, and to protect the Service and its users.

We do not sell personal data, and we do not use workspace data for advertising.

8. How long we keep data

DataKept for
Account data (profile, preferences)Life of the account; deleted when you delete your account
Employment records in a workspace (timesheets, decided leave, schedules)Retained for the employer per statutory record-keeping duties (in Israel, wage and attendance records — about 7 years), even if you delete your account — see section 9
Audit logsUp to 7 years (security and accountability)
Consent recordsLife of the account + 7 years (proof of agreement)
Analytics (if opted in)Up to 12 months
Error reportsAbout 90 days

9. Your rights

Under the Israeli Protection of Privacy Law you may inspect data held about you and request the correction or deletion of inaccurate data. We honor these rights, and where feasible we go further:

  • Export — you can download a copy of your personal data (profile, memberships, schedules, leave, timesheets) from your profile page in the app.
  • Correction — your own details can be edited in your profile; employment records managed by your employer should be corrected through its workspace administrator.
  • Deletion — you can delete your account from the app. Deleting your account removes your sign-in, your personal profile data, your availability, and pending requests. One important limit:records your employer must keep by law (such as wage and attendance records) remain in the employer’s workspace, identified, for the statutory period — deletion strips your contact details and preferences from them but does not destroy them.

For anything you cannot do in the app, write to support@rallyve.com. We respond within 30 days. If you believe your privacy rights were violated, you may also contact the Israeli Privacy Protection Authority.

10. Security

We apply technical and organizational measures appropriate to the data we process: role-based access control in every workspace, encryption in transit and at rest, server-side enforcement of all data writes, audit logging of every change, and the protections of our hosting and authentication providers. No system is perfectly secure, but security failures are treated as top-priority incidents, and where the law requires notification of a data breach we will notify the authority and those affected.

11. Children

The Service is a workforce tool and is not directed at children. It is intended for users aged 16 and over (Israel’s lawful working age). We do not knowingly collect data about children under 16.

12. Changes to this policy

We may update this policy from time to time. Each version is dated, and the current version is always at noviq.rallyve.com/legal/privacy. For material changes we will give notice in the Service, and where the change concerns data users actively agreed to provide, we will ask for renewed acceptance.

13. Contact

Privacy requests and questions: support@rallyve.com. General support: support@rallyve.com.

Noviq uses essential cookies to sign you in and remember your preferences. With your consent, we also use analytics to understand how the product is used. Cookie Policy