Privacy Policy

This Privacy Policy explains how NeuroPilot ("NeuroPilot", "we", "us", "our") collects, uses, discloses, and safeguards personal information when you access our websites, applications, APIs, and AI-enabled services (collectively, the "Services").

This Policy applies to information that identifies, relates to, describes, or can reasonably be linked to an individual ("personal information").

1. Information We Collect

• Account Information: email address, username, authentication credentials (stored securely), profile settings, and subscription plan details.
• User Content: prompts, chat messages, outputs, uploaded files, feedback, and support communications.
• User Input: When you use our Services, we may collect your text input, prompt, uploaded files, photos, feedback, chat history, or other content that you provide ("Inputs"). We generate responses ("Outputs") based on your Inputs.
• Payment Information: When you subscribe to paid plans, we collect billing information such as subscription status, payment method type, and transaction history. We do not store your full credit card numbers 鈥?payment processing is handled by our third-party payment provider.
• Device and Technical Data: IP address, device identifiers, device model, operating system, browser details, language settings, and access timestamps.
• Usage Data: feature interactions, performance metrics, and session diagnostics.
• Security Signals: login attempts, risk indicators, and fraud-prevention data.

Note: The Services are not designed to process sensitive personal data (e.g., health, biometric, or children's data). Please do not submit such data to the Services.

2. Sources of Information

• Directly from you (account creation, content submission, support requests).
• Automatically through your interaction with the Services (cookies/logs/analytics).
• From service providers and integrations you connect.
• From publicly available or legally obtained anti-fraud and compliance sources.

3. How We Use Information

• To provide, maintain, and improve the Services.
• To authenticate users, prevent abuse, and maintain platform security.
• To process transactions, billing, and account management operations.
• To personalize product experience and improve feature quality.
• To investigate incidents, enforce our policies, and comply with legal obligations.
• To communicate service updates, legal notices, and support responses.

4. Cookies and Similar Technologies

We use cookies, local storage, pixels, and similar tools for authentication, security, functionality, analytics, and product performance.

• Strictly Necessary: required for login, session persistence, and security controls.
• Functional: language, UX preferences, and feature settings.
• Analytics: service measurement and quality diagnostics.

Where required by law, we obtain consent for non-essential cookies and provide controls to manage preferences.

5. AI-Specific Processing

The Services use third-party AI service providers to process your input and generate output. When you send a message, your input is transmitted to our AI service provider for processing. We select providers that maintain appropriate security standards.

We may process prompts and responses for service delivery, safety monitoring, abuse prevention, and quality improvement.

Model Training Opt-Out: You can control whether your data is used for service improvement by adjusting "Data for Experience Optimization" in Settings > Data Management.

Important: We do not engage in automated decision-making that could have legal or significant impact on you. We do not sell your personal information.

6. Legal Bases for Processing (EEA/UK/Swiss)

Where applicable, we process personal data under one or more legal bases: contract performance, legitimate interests (security, fraud prevention, product improvement), legal obligations, and consent where required.

7. Sharing of Information

• With cloud infrastructure and AI service providers to operate and deliver the Services.
• With authentication service providers to enable secure login.
• With analytics providers to understand usage patterns and improve the Services.
• With professional advisors and auditors under confidentiality obligations.
• With law enforcement or regulators where legally required or to protect rights, safety, and platform integrity.
• In connection with corporate transactions such as merger, financing, acquisition, or asset transfer.

We do not sell personal information.

8. International Data Transfers

Your information may be processed in countries outside your country of residence. Our service providers may be located in various regions including but not limited to Asia, North America, and Europe.

We implement appropriate security measures to protect your data regardless of where it is stored. Where required by law, we use appropriate transfer safeguards such as standard contractual clauses or equivalent lawful mechanisms.

9. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required by law.

• Account records: retained while account remains active and for compliance or dispute resolution needs.
• Content and logs: retained for operational continuity, safety, abuse detection, and lawful obligations.
• Billing records: retained as required by tax, accounting, and legal retention rules.
• Support records: retained for support quality, claim handling, and compliance.

10. Your Privacy Rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, or object to processing of your personal information, and to receive a portable copy.

• Right to know what categories and pieces of personal information we process.
• Right to request deletion or correction (subject to legal exceptions).
• Right to object or opt out of certain processing in specific jurisdictions.
• Right to non-discrimination for exercising privacy rights.

To submit a request, contact neuropilotai@proton.me.

We may verify your identity before fulfilling requests. Authorized agents may submit requests where permitted by law, subject to verification and authorization proof.

If we deny your request, we will explain the reason where required and provide appeal instructions when applicable.

11. U.S. State Privacy Notice

Residents of certain U.S. states may have additional rights, including rights to access, correction, deletion, portability, and opt-out of certain data uses. We honor legally required opt-out and appeal processes.

We do not knowingly process sensitive personal information for purposes that require a separate legal basis without providing required notices and controls.

12. EEA/UK/Swiss Additional Disclosures

You may have additional rights under GDPR/UK GDPR, including the right to lodge a complaint with a supervisory authority. We encourage you to contact us first so we can address your concern.

13. Security

We implement reasonable administrative, technical, and organizational safeguards to protect personal information, including access controls, monitoring, and encryption in transit where appropriate.

No system is perfectly secure; therefore, we cannot guarantee absolute security.

14. Children and Age Restrictions

The Services are not directed to children under 13 (or higher minimum age required by local law). If we become aware that we collected personal information from an underage user without valid authorization, we will take reasonable steps to delete it.

15. Third-Party Links and Services

Our Services may contain links to third-party websites or integrations. Their privacy practices are governed by their own policies, and this Policy does not cover third-party services.

16. Do Not Track

Some browsers offer a "Do Not Track" signal. Because there is no universally accepted standard for responding to this signal, our Services may not respond to all such signals unless required by law.

17. Data Processor Terms and Enterprise Requests

If you use NeuroPilot for business purposes and require a data processing addendum (DPA), subprocessor details, or security documentation, contact neuropilotai@proton.me.

18. Changes to This Policy

We may revise this Privacy Policy periodically. Material updates will be posted with an updated "Last Updated" date, and additional notice may be provided where required by law.

19. Contact

Email: neuropilotai@proton.me
Privacy requests: neuropilotai@proton.me