Privacy Policy

Neural Operations & Holdings LLC ("NeuralOps", "Neural Operations", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains in detail how we collect, use, disclose, store, and safeguard your information when you visit our website, use our Services (including Echo AI and Neural Connect CRM), or interact with our AI systems.

BY USING OUR SERVICES, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. If you do not agree with this Privacy Policy, you must immediately discontinue use of our Services.

1. Information We Collect

We collect extensive information to provide, improve, and secure our Services. The categories of information we collect include:

1.1 Information You Provide Directly

• Account Registration Data: Full name, email address, phone number, company name, job title, position, and password (encrypted)
• Profile Information: Profile picture, bio, preferences, settings, and any other information you add to your profile
• Payment Information: Billing name, address, payment method details (processed securely by third-party payment processors)
• CRM and Business Data: Contact names, email addresses, phone numbers, company information, addresses, deal information, notes, tasks, appointments, custom fields, and any data you input into Neural Connect
• Communication Content: Messages, emails, chat conversations, support tickets, feedback, survey responses, and all communications with us or through the Services
• AI Interaction Data: All prompts, queries, inputs, commands, and instructions you provide to Echo AI or other AI features
• Uploaded Content: Files, documents, images, attachments, and any other content you upload to the Services

1.2 Information We Collect Automatically

• Device Information: Device type, model, operating system, browser type and version, screen resolution, device identifiers (IMEI, advertising ID), hardware specifications
• Connection Information: IP address, ISP, geographic location (country, region, city), time zone
• Usage Data: Pages visited, features used, clicks, scrolls, navigation paths, time spent on pages, session duration, frequency of use, search queries, filters applied
• Performance Data: Error logs, crash reports, performance metrics, load times, response times
• Cookies and Similar Technologies: Cookies, web beacons, pixels, local storage, session storage, and similar tracking technologies (see Section 6)
• Referral Information: Referring website, campaign source, UTM parameters
• Interaction Patterns: Feature usage patterns, workflow sequences, button clicks, form submissions

1.3 Information from Third-Party Sources

• Authentication Providers: If you sign in using third-party authentication (e.g., Google, Microsoft), we receive profile information from those providers
• Integrations: If you connect third-party services (email, calendar, other business tools), we receive data from those integrations
• Public Sources: We may supplement your data with publicly available information from business databases or social media
• Analytics and Advertising Partners: We receive aggregated analytics and advertising data from partners

1.4 Derived and Inferred Information

• AI Analysis: We analyze your usage patterns, content, and interactions to derive insights, preferences, and predictions
• Behavioral Profiles: We create profiles based on your activity to personalize and improve your experience
• Interest Categories: We infer your business interests and needs based on your use of the Services

2. How We Use Your Information

We use collected information for multiple purposes, including but not limited to:

2.1 Service Delivery and Operation

• Providing, operating, maintaining, and delivering the Services to you
• Processing transactions and managing your account and subscription
• Authenticating your identity and authorizing access
• Responding to your inquiries, requests, and customer support needs
• Sending administrative communications, service updates, and security alerts

2.2 AI Development and Improvement

• Training AI Models: Using your inputs, queries, interactions, and content to train, fine-tune, improve, and develop our AI models and algorithms
• Model Testing: Evaluating AI performance, accuracy, and reliability
• Quality Assurance: Reviewing AI outputs to ensure quality and safety
• Research and Development: Developing new AI capabilities, features, and products

2.3 Personalization and Customization

• Personalizing your experience and customizing content, recommendations, and features
• Tailoring AI responses to your specific needs and preferences
• Creating behavioral profiles to improve relevance
• Remembering your settings, preferences, and usage patterns

2.4 Analytics and Insights

• Analyzing usage patterns, trends, and user behavior
• Understanding how users interact with features and identify areas for improvement
• Generating aggregate statistics and insights
• Conducting research and analysis for product development

2.5 Security and Fraud Prevention

• Detecting, preventing, and investigating fraud, abuse, and security incidents
• Monitoring for suspicious activity and unauthorized access
• Enforcing our Terms of Service and other policies
• Protecting our rights, property, and the safety of our users

2.6 Communication and Marketing

• Sending promotional emails, newsletters, and marketing communications (with your consent where required)
• Notifying you of new features, updates, and special offers
• Conducting surveys and soliciting feedback
• Managing referral and affiliate programs

2.7 Legal and Compliance

• Complying with legal obligations, court orders, and government requests
• Responding to legal processes and enforcing legal rights
• Protecting against legal liability
• Conducting audits and maintaining records

2.8 Business Operations

• Managing business operations, accounting, and financial reporting
• Facilitating mergers, acquisitions, or asset sales
• Resolving disputes and enforcing agreements
• Any other purpose disclosed to you at the time of collection or with your consent

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

• Consent: When you register for an account or use our services, you provide consent for us to process your data to provide and improve our services.
• Contract Performance: We process your data to fulfill our contractual obligations to provide AI services, customer support, and account management.
• Legitimate Interests: We process data to improve our AI systems, ensure security, prevent fraud, and enhance user experience. We balance these interests against your privacy rights.
• Legal Obligations: We process data to comply with applicable laws, regulations, and legal processes.

You have the right to withdraw consent at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.

4. California Consumer Privacy Act (CCPA) Disclosures

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Categories of Personal Information We Collect:

• Identifiers (name, email address, account ID)
• Commercial information (service usage, transaction history)
• Internet activity (IP address, browser type, access logs)
• Geolocation data (approximate location from IP address)

Business Purposes for Collection: We collect personal information to provide, maintain, and improve our services; process transactions; ensure security; comply with legal obligations; and improve our AI systems.

Third-Party Sharing: We do not sell your personal information. We may share data with service providers (such as Supabase for database hosting) who assist in operating our services under strict confidentiality agreements. These providers are contractually obligated to protect your data and use it only for specified purposes.

Your CCPA Rights: California residents have the right to know what personal information we collect, request deletion of personal information, opt-out of the sale of personal information (we do not sell your data), and not be discriminated against for exercising these rights. To exercise these rights, contact us at privacy@neuralops.biz.

5. Data Sharing and Third-Party Disclosure

We do NOT sell your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share data with third-party service providers who perform services on our behalf, including:

• Cloud Infrastructure: Supabase (database hosting), RunPod (AI model hosting), cloud computing providers
• Payment Processing: Stripe, PayPal, or other payment processors (they receive payment information directly)
• Analytics: Google Analytics, Mixpanel, or similar analytics platforms
• Communication: Email service providers (SendGrid, Mailgun), SMS providers
• Customer Support: Support ticketing and chat platforms
• Security: Fraud detection, DDoS protection, and security monitoring services
• CDN and Performance: Content delivery networks for performance optimization

These providers are contractually obligated to protect your data, use it only for specified purposes, and comply with applicable privacy laws. However, we are not responsible for their independent data practices.

5.2 Legal Requirements and Protection of Rights

We may disclose your information if required or permitted by law, including:

• To comply with legal process, subpoenas, court orders, or government requests
• To enforce our Terms of Service and other agreements
• To detect, prevent, or investigate fraud, security incidents, or illegal activities
• To protect the rights, property, or safety of Neural Operations, our users, or the public
• In response to lawful requests by public authorities (e.g., national security, law enforcement)

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change via email or prominent notice on our website.

5.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This includes statistics, trends, and research insights.

5.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your express consent.

5.6 Public Information

Any information you publicly post or share through the Services may be visible to other users and the public. Exercise caution when sharing information publicly.

6. Data Protection and Security

We implement industry-standard security measures to protect your personal information. We follow GDPR and CCPA guidelines to ensure your data is handled securely and in compliance with applicable data protection laws. Our security measures include:

• Encryption of data in transit (HTTPS/TLS) and at rest (AES-256-GCM encryption)
• Secure authentication with JWT tokens and HTTP-only cookies
• Row-Level Security (RLS) enabled on all database tables to restrict access
• Content Security Policy (CSP) and security headers (HSTS, X-Frame-Options, etc.)
• PII (Personally Identifiable Information) redaction before AI training data processing
• CSRF protection and rate limiting to prevent unauthorized access
• Access logging and monitoring for unauthorized activities

7. AI Training and Data Usage

IMPORTANT: Your data and interactions with our Services may be used to train and improve our AI models.

When you use Echo AI or other AI features, you explicitly consent that:

• All prompts, queries, inputs, and instructions you provide may be used for model training
• Conversations and interactions may be reviewed by our team for quality assurance and safety
• Your content, including uploaded documents, may be analyzed to improve AI accuracy, relevance, and capabilities
• We may create anonymized or aggregated datasets from your usage for research and development
• AI training data may be retained indefinitely, even after account deletion, in anonymized form

Note: While we strive to anonymize data used for training, we cannot guarantee complete anonymization in all cases. By using our AI features, you accept this risk.

8. Your Rights and Choices

You have the right to:

• Access and review your personal information
• Request correction of inaccurate or incomplete data
• Request deletion of your personal information
• Opt-out of certain data collection and processing activities
• Export your data in a portable format (GDPR right to data portability)
• Withdraw consent at any time where processing is based on consent
• Object to processing based on legitimate interests
• Lodge a complaint with your local data protection authority (for EU residents)

9. Data Retention

We retain your information for as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

9.1 Retention Periods

• Account Data: Retained while your account is active and for up to 90 days after deletion for backup and recovery purposes
• CRM and Business Data: Retained while your account is active and for 30 days after deletion
• AI Interaction Data: Retained indefinitely in anonymized form for AI training and improvement
• Communication Records: Retained for 3 years for support and quality assurance
• Log and Usage Data: Retained for 180 days for security, troubleshooting, and analytics
• Payment and Billing Records: Retained for 7 years for tax and accounting purposes
• Legal and Compliance Data: Retained as required by law or for litigation purposes

9.2 Account Deletion

When you delete your account:

• Your personal profile and account information will be deleted within 30 days
• Your CRM data will be deleted within 30 days unless legally required to retain
• Anonymized data may be retained indefinitely for analytics and AI training
• Backup copies may persist for up to 90 days in our backup systems
• Data required for legal, tax, or regulatory compliance will be retained for the required period

9.3 Right to Deletion

You may request deletion of your personal information at any time. However, we may deny deletion requests if retention is:

• Necessary to complete a transaction or provide requested services
• Required to detect security incidents or protect against illegal activity
• Necessary to debug or repair functionality
• Required to exercise free speech or comply with legal obligations
• Necessary for research purposes (if data is anonymized)

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Your Right to Lodge a Complaint (GDPR)

If you are located in the European Economic Area (EEA) and believe we have not addressed your concerns regarding data protection, you have the right to lodge a complaint with your local data protection authority (supervisory authority). You can find your local authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

General Inquiries: neuralops@neuralops.biz
Support: support@neuralops.biz
Data Protection Officer: privacy@neuralops.biz

Neural Operations & Holdings LLC
This Privacy Policy is effective as of January 25, 2026 and applies to all users of NeuralOps services.