Privacy Policy

Neural Operations & Holdings LLC ("NeuralOps", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our AI systems.

1. Information We Collect

We collect information that you provide directly to us, including but not limited to:

• Personal identification information (name, email address, company name) when you register, contact us, or use our services
• Account credentials and authentication data
• Conversation data and interactions with our AI systems
• Usage data, including IP addresses, browser type, device information, and access times
• Feedback, ratings, and improvement suggestions you provide

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services and AI systems
• Respond to your inquiries, requests, and support needs
• Personalize your experience and deliver relevant content
• Train and improve our AI models using anonymized and aggregated data
• Monitor and analyze usage patterns to enhance security and performance
• Send you important updates, security alerts, and administrative messages
• Comply with legal obligations and enforce our terms of service

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

• Consent: When you register for an account or use our services, you provide consent for us to process your data to provide and improve our services.
• Contract Performance: We process your data to fulfill our contractual obligations to provide AI services, customer support, and account management.
• Legitimate Interests: We process data to improve our AI systems, ensure security, prevent fraud, and enhance user experience. We balance these interests against your privacy rights.
• Legal Obligations: We process data to comply with applicable laws, regulations, and legal processes.

You have the right to withdraw consent at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.

4. California Consumer Privacy Act (CCPA) Disclosures

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Categories of Personal Information We Collect:

• Identifiers (name, email address, account ID)
• Commercial information (service usage, transaction history)
• Internet activity (IP address, browser type, access logs)
• Geolocation data (approximate location from IP address)

Business Purposes for Collection: We collect personal information to provide, maintain, and improve our services; process transactions; ensure security; comply with legal obligations; and improve our AI systems.

Third-Party Sharing: We do not sell your personal information. We may share data with service providers (such as Supabase for database hosting) who assist in operating our services under strict confidentiality agreements. These providers are contractually obligated to protect your data and use it only for specified purposes.

Your CCPA Rights: California residents have the right to know what personal information we collect, request deletion of personal information, opt-out of the sale of personal information (we do not sell your data), and not be discriminated against for exercising these rights. To exercise these rights, contact us at privacy@neuralops.biz.

5. Data Protection and Security

We implement industry-standard security measures to protect your personal information. We follow GDPR and CCPA guidelines to ensure your data is handled securely and in compliance with applicable data protection laws. Our security measures include:

• Encryption of data in transit (HTTPS/TLS) and at rest (AES-256-GCM encryption)
• Secure authentication with JWT tokens and HTTP-only cookies
• Row-Level Security (RLS) enabled on all database tables to restrict access
• Content Security Policy (CSP) and security headers (HSTS, X-Frame-Options, etc.)
• PII (Personally Identifiable Information) redaction before AI training data processing
• CSRF protection and rate limiting to prevent unauthorized access
• Access logging and monitoring for unauthorized activities

6. Data Sharing and Disclosure

We do NOT sell, rent, or share your personal information with third parties for marketing purposes. We may share your information only in the following circumstances:

• With your explicit consent
• To comply with legal obligations, court orders, or government requests
• To protect our rights, property, or safety, or that of our users
• With service providers who assist in operating our services under strict confidentiality agreements
• In connection with a business transfer, merger, or acquisition (with notice to users)

7. AI Training and Data Usage

Our AI systems learn from interactions to improve performance. When training our models:

• All personally identifiable information is redacted before training
• Data is aggregated and anonymized to protect individual privacy
• Training occurs on secure, isolated systems with restricted access
• No raw conversation data is shared outside our secure infrastructure

8. Your Rights and Choices

You have the right to:

• Access and review your personal information
• Request correction of inaccurate or incomplete data
• Request deletion of your personal information
• Opt-out of certain data collection and processing activities
• Export your data in a portable format (GDPR right to data portability)
• Withdraw consent at any time where processing is based on consent
• Object to processing based on legitimate interests
• Lodge a complaint with your local data protection authority (for EU residents)

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods are as follows:

• Account Data: Retained for the duration of your account and for 30 days after account deletion to allow for account recovery. After 30 days, all personal identifiers are permanently deleted.
• Conversation Data: Retained for 3 years after your last interaction, then anonymized (personal identifiers removed) for AI training purposes only.
• Document Uploads: Retained for the duration of your account. Deleted within 30 days of account deletion.
• Log Data: Retained for 90 days for security and troubleshooting purposes, then automatically deleted.
• Legal Compliance: Some data may be retained longer if required by law, court order, or to resolve disputes.

When you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes. Anonymized data (with all personal identifiers removed) may be retained indefinitely for AI training and improvement purposes.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Your Right to Lodge a Complaint (GDPR)

If you are located in the European Economic Area (EEA) and believe we have not addressed your concerns regarding data protection, you have the right to lodge a complaint with your local data protection authority (supervisory authority). You can find your local authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

General Inquiries: neuralops@neuralops.biz
Support: support@neuralops.biz
Data Protection Officer: privacy@neuralops.biz

Neural Operations & Holdings LLC
This Privacy Policy is effective as of January 21, 2025 and applies to all users of NeuralOps services.