Privacy Policy

NoorCAD is a professional property assessment tool used to:

• Create and edit floor plans
• Perform AR room scanning on supported iOS devices (ARKit)
• Capture photos for property inventory items and reports
• Generate PDF exports
• Use AI-assisted chat features for EPC, inventory, and retrofit workflows
• Manage user accounts and, where applicable, team/organization features

2.1 Account & Profile Information

When you create an account or sign in, we collect and store:

• Email address
• User ID and authentication/session identifiers
• Account metadata (such as account type and subscription plan)
• Organization/team membership details (if applicable)

2.1.1 Subscription Information

If you purchase a subscription through the App Store, Apple processes all payments. We may store:

• Subscription plan and status (active/cancelled/expired)
• Subscription tier and features
• Subscription start and expiration dates

Payment information: All payment processing is handled entirely by Apple through the App Store. We do not collect, store, or process any payment card details. Subscription purchases, renewals, cancellations, and refunds are managed through your Apple ID and App Store account.

Passwords: Passwords are handled by our authentication provider and are not stored by us in plain text.

2.2 Property / Project Data You Enter

You may create and store content such as:

• Property details you enter (which may include addresses or identifiers)
• Floor plan geometry, room labels, dimensions and measurements
• Inventory items, survey answers, notes, and retrofit workflow content
• Export customization details (e.g., branding details you choose to input)

This content is processed and stored to provide the Service.

2.3 Photos & Media (Camera / Photo Library)

If you choose to capture or attach images, we process and store:

• Photos you take in-app (e.g., inventory photos, survey evidence)
• Photos you import from your photo library (if you select them)

Photos may contain personal data depending on what you capture. You should avoid photographing unnecessary personal or sensitive information.

2.4 AR Scanning & Sensor Data (ARKit / Motion)

If you use AR room scanning features, we may process:

• AR scan outputs required to build room geometry (e.g., surfaces, room dimensions)
• Device motion sensor readings where needed for measurement-related features

We use this information to provide AR and measurement functionality.

2.5 Location (When In Use)

If you grant permission, NoorCAD may access your location while the app is in use to support AR scanning accuracy and related features.

We do not require background location for NoorCAD’s core functionality.

2.6 Microphone

If you grant permission, the microphone may be used for features such as AR scanning voice guidance.

2.7 AI Chat Inputs and Outputs

When you use NoorCAD’s AI chat features, we process:

• The messages you submit (text)
• If you attach them, images you send in chat
• AI-generated responses returned to you

Important: Do not submit sensitive personal data (e.g., passwords, payment card information) into AI chat.

2.8 Usage & Technical Data

We may collect:

• Basic diagnostics and error information to keep the Service reliable
• Usage counters for plan limits (e.g., AI chat request counts, AR scan counts), associated with your account

We use information to:

• Provide the Service (authentication, saving/loading projects, AR scanning, photo attachments, exports)
• Generate PDFs you request
• Send account-related emails (verification codes, password resets, team invitations)
• Provide AI features (processing AI chat requests and returning responses)
• Enforce plan limits and subscription features
• Manage organization roles and permissions (e.g., determining which users can administer billing and membership settings)
• Maintain security, prevent abuse, and investigate incidents
• Improve reliability and performance

Where applicable, we rely on:

• Contract — to provide NoorCAD features you request
• Legitimate interests — for security, fraud prevention, and service improvement
• Consent — for device permissions (camera, photos, location, microphone, motion)
• Legal obligations — where we must comply with applicable law

You can withdraw permission-based consent at any time via iOS Settings.

We do not sell your personal data.

We share information only as needed to operate NoorCAD:

5.1 Supabase (Authentication, Database, File Storage)

We use Supabase to provide:

• User authentication
• Database storage for account and app data
• File storage (e.g., images, assets)

5.2 SendGrid (Email Delivery)

We use SendGrid to send:

• Verification codes
• Password reset emails
• Team invitation emails
• Contact/support form emails

5.3 Use of Artificial Intelligence and Third-Party AI Services

Noor AI Assistant Feature

Our app includes an AI-powered assistant feature called "Noor AI" that helps you with property assessments, energy performance evaluations, and property documentation. This feature uses artificial intelligence technology provided by OpenAI.

What Data is Sent to OpenAI

When you use the Noor AI feature, the following data is sent to OpenAI Inc. (located in San Francisco, California, USA) for processing:

1. Your Messages: Text questions you ask about property assessments, building materials, energy performance, inventory reports, or other property-related queries

2. Photos You Upload: Images of buildings, rooms, boilers, radiators, meters, windows, doors, or other property features that you choose to share with the AI assistant

3. Conversation Context: Your previous messages within the current chat session to maintain conversation continuity

4. Property Data: Structured information about the property you are assessing, which may include:

- Room dimensions and layout information

- Materials identified from your photos

- Building features and characteristics

- Property assessment data you've entered

What Data is NOT Sent to OpenAI

We do not send the following information to OpenAI:

• Your name or email address
• Your account credentials
• Your payment information
• Your location or IP address (OpenAI may collect this independently)
• Data from other features of the app (floor plans, surveys, appointments, etc.) unless you explicitly include it in your AI chat

How OpenAI Processes Your Data

OpenAI processes your data using their GPT-5.2 artificial intelligence model to:

• Analyze your questions and provide relevant answers
• Identify building materials, equipment, and features from photos
• Provide professional guidance for property assessments
• Generate documentation assistance

OpenAI's use of your data is governed by their own privacy policy and terms of service:

• OpenAI Privacy Policy: https://openai.com/policies/privacy-policy
• OpenAI Terms of Use: https://openai.com/policies/terms-of-use

According to OpenAI's privacy policy (as of February 2026):

• OpenAI may use your data to improve their AI models
• OpenAI retains chat data for 30 days for abuse monitoring, then deletes it
• You can request deletion of your data from OpenAI by contacting them directly

Your Consent and Control

Consent Requirement: Before you can use Noor AI for the first time, you must explicitly consent to your data being sent to OpenAI. This consent is obtained through an in-app consent dialog that explains what data will be shared.

Your Rights:

• You can decline to use the AI features at any time
• You can delete your chat history from within the app
• The AI feature is entirely optional - you can use all other app features without it
• You can revoke your consent by deleting the app or contacting our support team

Data Security

All data sent to OpenAI is transmitted over secure, encrypted connections (HTTPS/TLS). We implement the following security measures:

1. Image Optimization: Photos are resized to 1024px maximum before sending to reduce data transfer

2. Minimal Data Sharing: Only data necessary for the AI feature is sent; we do not send your personal account information

3. Secure Communication: All API calls to OpenAI use encrypted HTTPS connections

4. Session Isolation: Each chat session is isolated and does not have access to data from other users

Data Retention

In Our App:

• Chat messages are stored in our database (Supabase) until you delete them
• You can delete individual chat sessions or all your chat history at any time
• Deleted chats are permanently removed from our systems

By OpenAI:

• OpenAI retains data according to their privacy policy (typically 30 days for abuse monitoring)
• For OpenAI's current data retention practices, see: https://openai.com/policies/privacy-policy

Contact Us About AI Data

If you have questions about how your data is processed by our AI features:

Email: support@noorcad.com

Website: https://noorcad.com/privacy

For questions specifically about OpenAI's data processing:

• Visit: https://help.openai.com
• Email: privacy@openai.com

5.4 Hosting/Backend Providers

We use hosting providers to run NoorCAD backend endpoints used for:

• AI chat proxy
• Contact form
• PDF generation

5.5 Apple / App Store

All subscriptions are purchased and managed through the Apple App Store using Apple's In-App Purchase (IAP) system. Apple processes all payment information and subscription management according to Apple's own privacy policies and terms. We may receive limited subscription status information from Apple (such as subscription validity and expiration dates) to verify your entitlements and provide appropriate features within the app.

Some of our service providers may process data outside Bahrain. Where required, we take steps intended to ensure appropriate safeguards for international transfers consistent with applicable law.

We retain information only as long as necessary for the purposes described in this policy:

• Account data is retained while your account is active and for a reasonable period after deletion requests to complete deletion and comply with legal requirements.
• Project/property data is retained until you delete it or delete your account.
• Usage counters are retained as needed to enforce plan limits and billing-cycle logic.
• Subscription status records are retained as needed to provide service features and comply with legal requirements.

We use reasonable technical and organizational measures to protect your information, including:

• HTTPS/TLS encryption in transit
• Access controls
• Database row-level access restrictions
• Separation of frontend configuration from backend secrets

No system is 100% secure, but we work to protect your data.

Depending on your location and applicable law, you may have rights to:

• Access your data
• Correct inaccurate data
• Delete your data
• Receive a copy of your data
• Object to or restrict certain processing

9.1 Managing iOS Permissions

You can control app permissions (camera, photos, location, microphone, motion) in iOS Settings → NoorCAD.

9.2 Account Deletion / Data Deletion Requests

Account deletion is done by the user in app settings with full data deletion along with files & data stored on Supabase.

NoorCAD is not intended for children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. If changes are material, we will update the effective date and may provide additional notice within the app or by email.

NOOR CODNEST PROGRAMMING SOLUTIONS W.L.L

2238, Building: 2004, ROAD 1527, HIDD 0115, MUHARRAQ GOVERNORATE, Bahrain

Email: support@noorcad.com