Privacy Policy

Last updated: May 12, 2026

This Privacy Policy describes how Adesso Bulgaria EOOD (“we”, “us”) processes personal data when you use Novompo and related services. Novompo is owned and operated by Adesso Bulgaria EOOD. By using our services, you acknowledge this policy.

Legal entity

Data controller

The controller responsible for personal data under this policy is:

Adesso Bulgaria EOOD

Registered address: bul. Bulgaria 109, Sofia, Bulgaria

For privacy questions, contact us at simeon.hristov@adesso.bg. We will respond within a reasonable time.

This policy applies to all of the following (together, the “Services”):

The marketing website at https://novompo.com

The Novompo web application (business and customer dashboard) at https://app.novompo.com

The Novompo Android application (package name com.novompo.app)

The Novompo iOS application (bundle identifier com.novompo.app)

Categories of data we may collect

Depending on how you use the Services, we may process:

Account and profile data (for example name, email address, phone number, company affiliation, and authentication identifiers).
Content you or your organisation create in the platform (for example forms, fields, records, attachments, messages, and payment-related metadata needed to operate the service).
Usage and technical data (for example device type, operating system, app version, log and diagnostic data, approximate region from IP, and interactions with the Services).
Communications you send to us (for example support requests).

We do not use the categories above to build unrelated third‑party marketing profiles. Specific fields depend on your organisation’s configuration and your role (business user vs end customer).

Purposes and legal bases (summary)

We process personal data to provide, secure, and improve the Services; to authenticate users; to process transactions and payments where applicable; to communicate with you; to comply with law; and to enforce our terms. Where required by law (for example in the EEA), we rely on appropriate legal bases such as performance of a contract, legitimate interests balanced against your rights, consent where we ask for it, and legal obligation.

Recipients and processors

We may share data with infrastructure and service providers that help us host, deliver, and secure the Services (for example cloud hosting, email delivery, analytics, or payment partners strictly where needed). We require such recipients to protect data appropriately. We may disclose information if required by law or to protect the rights, safety, and integrity of users and the Services.

International transfers

Your data may be processed in the European Economic Area and in other countries where we or our processors operate. Where we transfer personal data from the EEA to countries not recognised as adequate, we use appropriate safeguards (such as standard contractual clauses) where required by law.

Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law (for example tax, accounting, or dispute resolution). Retention can depend on whether you have an active account and on choices made by the organisation that invited you to the platform.

Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, or alteration. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords and protect your credentials.

Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict processing, object to certain processing, and data portability, and the right to lodge a complaint with a supervisory authority. To exercise rights, contact us at simeon.hristov@adesso.bg. If we act as a processor on behalf of your organisation, we may need to forward your request to that organisation where appropriate.

Account and data deletion

If you want to delete your account and have all personal data associated with it removed from our systems, contact us at simeon.hristov@adesso.bg. We will verify your identity where needed, process your request, and delete or anonymise your data, except where we are legally required to retain specific information.

Children

The Services are not directed at children under the age where parental consent is required for processing under applicable law. We do not knowingly collect personal data from such children.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and adjust the “Last updated” date. Where changes are material and required by law, we will provide additional notice.