This Privacy Policy explains how personal data is handled on the website nousfutures.com (the "Site"). It does not cover any other website.
#1. Who we are
The controller of your personal data is Nikoloz Babunashvili, acting as interim controller for Nous Futures pending company registration in Georgia. Once the company is registered, this section will be updated with the registered entity name and address.
- General and controller contact: babunashvili@nousfutures.com
- Data-protection and legal requests (access, deletion, etc.): legal@nousfutures.com
We are based in Tbilisi, Georgia. We process personal data in accordance with the Law of Georgia on Personal Data Protection (in force since 1 March 2024). Where the EU General Data Protection Regulation (GDPR) applies to a visitor, this policy is also intended to meet its requirements; the Georgian law is closely aligned with it.
#2. Scope
The Site is informational and lets you do two things that involve personal data:
- Talk to Nous AI, our chat agent — to ask about what we do and, if you choose, to request and book a discovery call. There is no standalone booking page: the chat captures your details, then embeds a Calendly scheduler to pick a time.
- Try the Kapanadze Medical Center demo — a simulation of how our agent works for a hospital.
There are no user accounts and no login. You can browse the Site anonymously. We do not sell personal data, and there is no real patient data on the Site.
#3. What we collect, why, and for how long
The table below sets out each activity, the data involved, why we process it, the legal basis under Article 6 (and Article 9 where relevant), and how long we keep it.
| Activity | Data | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Nous AI chat agent (including discovery-call booking) | Your name, email, company name, and business type (captured in chat when you request a call); the chat transcript; when you pick a time, the Calendly event details (stored in our database and also held by Calendly) | To respond to you, answer your questions, qualify your business, arrange a call, and to review and improve the accuracy of the agent and demo | Steps at your request prior to a possible contract (Art. 6(1)(b)); our legitimate interest in handling and following up business inquiries, and in reviewing and improving the agent (Art. 6(1)(f)) | Transcripts: kept no longer than 90 days, then deleted; the copy stored in your browser is cleared after 90 days. Contact and lead details (including Calendly scheduling metadata in our database): 12 months from collection |
| Kapanadze Medical Center demo | Name, email, phone, a one-time email verification code; the choices you make and the reason for your visit that you type | To let you try the product you asked to use: route a simulated booking to the right specialist, verify your email, and create and show a simulated appointment | Steps at your request to run the demo (Art. 6(1)(b)); our legitimate interest in demonstrating the product (Art. 6(1)(f)). If you enter health information, see Section 4 | The simulated booking expires one week after the booked date. Your details, including the reason you typed, are deleted automatically once no booking is linked to them. Details with no booking ever created are deleted after about 7 days |
| Technical and security data | IP address and basic request data; when you submit discovery-call details in chat, a Cloudflare Turnstile security check | To protect the Site against automated abuse (rate limiting) and to verify the discovery-call submission step | Our legitimate interest in the security and integrity of the Site (Art. 6(1)(f)) | IP is used transiently for short-lived rate-limit counters and is not stored long-term. Our hosting provider may briefly record IP and request data in standard server logs |
You are not legally or contractually required to give us any of this data. If you choose not to, you simply cannot book a call, use the chat agent, or run the demo.
#4. Health and other sensitive information (the demo)
The Kapanadze Medical Center demo simulates a multi-specialty hospital. To show how the agent routes a patient to the right specialist, it asks why you want a visit, and you can type freely. What you type as the reason for your visit is stored as part of the simulated booking.
The demo is a simulation. It is not a real hospital, no real appointment is made, and no clinician sees what you enter. Please do not enter real information about your health, or anyone else's.
If you do enter information relating to health, it is "special category" data under Article 9. We process it only on the basis of your explicit consent (Art. 9(2)(a)), which you give by choosing to type it into the demo after this notice. We keep it to the minimum, use it only to run the demo, and delete it on the short schedule in Section 3 (your details are removed once no booking is linked to them). We do not use what you enter in the demo to train or improve our agents. You can withdraw your consent at any time, and ask us to delete what you entered, by emailing legal@nousfutures.com.
#5. Cookies and local storage
We do not use analytics, advertising, or tracking cookies, and we do not show third-party advertising. Because we do not set cookies that require your consent under Georgian law, the Site does not show a cookie consent banner.
We use functional, first-party browser storage that is necessary for the features you ask to use:
- rate-limit data (to protect the Site)
- session and conversation identifiers (to keep a demo or chat session working)
- chat and demo state, including messages, so a conversation continues if you reload
- your language preference
When you submit discovery-call details in the Nous AI chat, the Site uses Cloudflare Turnstile to verify that step. Turnstile is provided by Cloudflare, runs in a frame served from Cloudflare, and stores a small amount of data in your browser for that security purpose. Chat messages and the demo booking flow are protected by server-side rate limiting instead.
We do not use this storage to track you across other websites or to build a profile of you.
#6. Who we share data with
We use third-party service providers ("processors") to run the Site. They process data on our instructions and are bound by their own data-protection terms:
| Provider | Role |
|---|---|
| Calendly | Scheduling the discovery call |
| Voiceflow | Running the Nous AI chat and demo agents and processing your messages to generate replies. Voiceflow uses third-party large language model providers as sub-processors |
| Supabase | Storing discovery-call lead records (main database) and simulated demo booking data (separate demo database). Chat transcripts are held by Voiceflow, not Supabase |
| Vercel | Hosting the Site |
| Cloudflare (Turnstile) | Verifying the discovery-call submission step in chat |
| Upstash (Redis) | Short-lived rate-limiting counters |
| Resend | Sending emails, including verification codes |
| Loom | Hosting the product walkthrough video embedded on the Site |
| Google (Maps) | Showing the location map on the demo page |
We do not sell personal data and do not share it with anyone for their own marketing.
#7. International transfers
All of the providers above are located outside Georgia. Using the Site therefore involves transferring your personal data abroad.
We make these transfers because they are necessary to provide the service you requested and to operate the Site, and each provider is bound by contractual data-protection commitments. Providers that operate in or serve the EU do so under recognised transfer safeguards, including the EU Standard Contractual Clauses where applicable.
We are reviewing the exact transfer mechanism under Georgian law and will update this section as needed. If you would like more detail on the safeguards for a particular transfer, contact us at legal@nousfutures.com.
#8. Automated interaction and AI
When you use Nous AI or the demo, you are interacting with an automated AI agent, not a person.
- The agent generates its answers automatically and may be inaccurate or incomplete.
- It does not provide professional, medical, or legal advice. Nothing it says should be relied on as such.
- We do not make any decision that produces legal effects, or similarly significant effects, about you by solely automated means (Article 22).
- We use the conversations to operate the agent and to review and improve its accuracy, as described in Section 3.
#9. Your rights
Under the Law of Georgia on Personal Data Protection (and the GDPR where it applies), you have the right to:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data ("right to be forgotten");
- restrict processing in certain circumstances;
- object to processing based on our legitimate interests;
- data portability for data you provided, where processing is based on consent or contract;
- withdraw consent at any time, where processing relies on consent (this does not affect processing already carried out).
To exercise any of these, email legal@nousfutures.com. We will respond within the time limits set by Georgian law.
You also have the right to lodge a complaint with the supervisory authority, the Personal Data Protection Service of Georgia (personaldata.ge).
#10. Security
We take reasonable measures to protect personal data, including rate limiting, email verification, server-side-only writes for sensitive operations, scoped access (capability) tokens, access controls, and encryption of data in transit. No system can be guaranteed completely secure, and we continue to develop our safeguards over time.
#11. Data breaches
If a personal data breach occurs that is likely to create a risk to people, we will notify the Personal Data Protection Service of Georgia without undue delay, and the affected individuals where the law requires it, in line with the Law of Georgia on Personal Data Protection.
#12. Children
The Site is intended for people aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we learn that we have, we will delete it.
#13. Changes to this policy
We may update this policy as the Site and our company change. The "Last updated" date at the top shows the current version. If we make a material change, we will make that clear on the Site.
#14. Contact
- Controller contact: babunashvili@nousfutures.com
- Data-protection and legal requests: legal@nousfutures.com
- Nous Futures, Tbilisi, Georgia