Last updated: March 22, 2026
Last updated: March 2026
This Privacy Policy explains how NovaHaven Tech collects, uses, and protects information in connection with the Costara service.
Costara is operated by NovaHaven Tech, a proprietorship owned by Mythili Ramalingam, registered as a Micro Enterprise under India's MSME Act (Udyam Registration: UDYAM-TN-03-0308964), based in Coimbatore, Tamil Nadu, India.
For privacy enquiries: support@novahaven.tech
When you instrument your application with the Costara Python SDK, we receive metadata only:
openai, anthropic)gpt-4o, claude-3-5-sonnet)customer-support-chat)production, staging)We never collect prompt text, completion text, or any message content. This is a structural constraint of the SDK — the SDK does not have access to prompt or completion content by design, not by a policy setting or configuration toggle. There is no flag to enable content capture. Your users' data stays in your infrastructure.
This privacy-by-architecture approach is a deliberate product decision. Monitoring tools have no business touching your users' conversations. So we built Costara in a way that makes it architecturally impossible for us to do so.
When you create a Costara account:
Payments are processed by Razorpay. We receive payment confirmation and plan status from Razorpay. We do not store card numbers, UPI IDs, or bank account details. Razorpay handles all payment instrument data on their PCI-compliant infrastructure.
We collect basic usage data about how you interact with the Costara web dashboard — page views, feature interactions, and session information. This data is used solely to understand how the product is being used and to improve it. It is never used for advertising.
We do not sell your data. We do not use your SDK event data for advertising or any purpose unrelated to operating the Service.
| Data type | Retention | |---|---| | SDK events | Per your plan: 7 days (Free), 90 days (Pro), 1 year (Team) | | Account data | Until account deletion + 30-day grace period | | Server logs | 30 days | | Billing records | 7 years (legal requirement) |
You may request deletion of your account and all associated event data at any time. See Section 8 for instructions.
Costara uses the following sub-processors:
All sub-processors are contractually bound to process data only for the purposes of providing the Service.
You may request to: access your data, correct inaccurate data, export your event data (CSV), or delete your account and all associated data.
To exercise any of these rights, email support@novahaven.tech with the subject line "Costara Privacy Request". We will respond within 5 business days.
If you are in the European Economic Area, you also have rights under the GDPR, including the right to lodge a complaint with a supervisory authority.
We use industry-standard practices to protect your data: encryption in transit (TLS), row-level security in our database, and API key authentication for SDK access. We keep dependencies updated and review access controls regularly.
If you discover a security vulnerability, please contact us at support@novahaven.tech before disclosing it publicly. We take security reports seriously and will respond promptly.
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
NovaHaven Tech Coimbatore, Tamil Nadu, India Proprietor: Mythili Ramalingam support@novahaven.tech