Privacy Policy — NeuranAI

Overview

NeuranAI, Inc. ("NeuranAI," "we," "us," or "our") operates an agentic AI platform for business process automation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at neuranai.com, use our platform and APIs, or interact with our services.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our services. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Short version

We collect information you give us directly (like your email when signing up), information generated as you use our platform (like usage logs), and some information automatically (like IP addresses). We use it to run our services, improve them, and communicate with you. We do not sell your personal data.

Information we collect

Information you provide directly

Account information: name, work email address, company name, job title, and password when you create an account.
Payment information: billing address and payment card details, processed through our PCI-compliant payment processors. We do not store raw card numbers.
Communications: messages you send us via email, chat, or support tickets, including the content of those messages.
Demo and access requests: information you submit when requesting a demo or early access, such as your use case and estimated conversation volume.

Information generated through platform use

Agent configuration data: agent definitions, skills, policies, and tool configurations you create in the NeuranAI Console.
Conversation data: messages exchanged between end-users and your deployed agents, including timestamps, session metadata, and resolution outcomes.
Usage and telemetry: API call logs, token counts, latency measurements, error rates, and feature usage patterns.
Integration credentials: API keys and OAuth tokens for third-party systems you connect (e.g., Salesforce, Twilio). Stored encrypted at rest.

Automatically collected information

Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps.
Device information: device type, unique device identifiers, and network information.
Cookies and tracking: see our Cookie Policy for full details.

Information from third parties

We may receive information about you from third parties such as business partners, analytics providers, or public sources, which we may combine with information we already hold about you.

How we use your information

Purpose	Legal basis	Description
Service delivery	Contract	Provisioning accounts, running agents, processing API calls, and billing.
Security & fraud prevention	Legitimate interest	Detecting abuse, unauthorized access, and ensuring platform integrity.
Product improvement	Legitimate interest	Analyzing aggregated usage patterns to improve reliability, accuracy, and features.
Model training	Legitimate interest / Consent	We may use de-identified conversation data to improve our models. Enterprise customers may opt out via their MSA.
Customer support	Contract	Responding to support requests, debugging issues, and providing onboarding assistance.
Marketing	Consent / Legitimate interest	Sending product updates, case studies, and relevant offers to business contacts who haven't opted out.
Legal compliance	Legal obligation	Retaining records as required by applicable law, responding to legal process.

We do not use your data to train general-purpose AI models sold to third parties without explicit consent. Conversation data processed through your deployed agents is treated as your data under your MSA.

Data sharing

We do not sell, trade, or rent your personal information. We share data in the following limited circumstances:

Service providers

We engage sub-processors to help operate our platform — including cloud infrastructure (AWS), payment processors (Stripe), analytics providers, and customer support tools. All sub-processors are contractually bound to handle data only as instructed and maintain appropriate security standards. An up-to-date sub-processor list is available upon request.

Business transfers

If NeuranAI is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your personal data becomes subject to a different privacy policy.

Legal requirements

We may disclose your information where required to comply with applicable law or valid legal process (such as a court order or government request), to enforce our Terms of Service, or to protect the rights, property, or safety of NeuranAI, our users, or the public.

With your consent

We may share information for any other purpose with your prior consent.

Data retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

Account data: retained for the lifetime of your account plus 90 days after deletion request, to allow for recovery and to fulfill legal obligations.
Conversation logs: retained for 12 months by default; configurable per-tenant under Enterprise plans.
Usage telemetry: aggregated metrics retained indefinitely; raw event logs purged after 18 months.
Billing records: retained for 7 years as required by tax law.
Support tickets: retained for 3 years after closure.

You may request deletion of your personal data at any time (see Your rights). Upon verified deletion request, we will remove or anonymize your personal data within 30 days, except where retention is required by law.

Your rights

Depending on your location, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Correction: request that we correct inaccurate or incomplete data.
Deletion: request that we delete your personal data ("right to be forgotten").
Portability: receive your data in a structured, machine-readable format.
Restriction: ask us to restrict how we process your data in certain circumstances.
Object: object to processing based on legitimate interests, including for direct marketing.
Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

For US residents: California residents have additional rights under CCPA/CPRA, including the right to know categories of personal information collected and sold, and the right to opt out of the "sale" or "sharing" of personal information (we do not sell or share personal information as defined under CCPA).

Exercise your rights

To submit a rights request, email [email protected] with subject line "Privacy Request." We will respond within 30 days. We may need to verify your identity before fulfilling the request.

Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include:

Encryption in transit (TLS 1.3) and at rest (AES-256).
SOC 2 Type II audited infrastructure on AWS.
Role-based access controls and mandatory MFA for all NeuranAI employees with data access.
Regular penetration testing and vulnerability scanning.
Comprehensive security incident response procedures with 72-hour breach notification to affected customers.

No method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security, but we take it seriously and continuously improve our practices.

International data transfers

NeuranAI operates primarily in the United States, Mexico, and Brazil. If you access our services from outside these regions, your information may be transferred to and processed in countries where data protection laws differ from those of your jurisdiction.

For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses approved by the European Commission. Copies are available upon request at [email protected].

For data processed in Brazil, we comply with the Lei Geral de Proteção de Dados (LGPD). For data processed in Mexico, we comply with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP).

Cookies

We use cookies and similar technologies on our website. For detailed information about the specific cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

Children's privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without parental consent, please contact us at [email protected] and we will take steps to remove such information.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date, and by emailing you or displaying a prominent notice in the NeuranAI Console at least 30 days before the changes take effect.

Your continued use of our services after the effective date constitutes acceptance of the updated policy.

Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

Data Protection

NeuranAI, Inc.
Email: [email protected]
For EU/UK residents, you also have the right to lodge a complaint with your local data protection authority.