Neurathm Privacy Policy

1. Introduction and Scope

1.1 About This Policy

Welcome and thank you for your interest in Neurathm Inc. ("Neurathm", "we", "our" or "us"). Neurathm offers advanced artificial intelligence solutions that allow companies to build private AI systems, access AI support and training, and empower individual economic activities through AI technologies - both on-premises and in the cloud.

This Privacy Policy explains how information about you, that directly identifies you, or that makes you identifiable ("personal information") is collected, used and disclosed by Neurathm in connection with the Neurathm websites and mobile applications that post or link to this Privacy Policy, including our websites https://www.neurathm.com/ and https://chat.neurathm.com/ (collectively, the "Site"), and our services offered in connection with the Site (collectively with the Site, the "Service").

For related policies, please also see our Terms of Service, Refund Policy, Risk Management Framework, Business Compliance Statement, Payment and Delivery Process, and Custom Development Terms.

Wherever our customers use our Service to submit, manage, or otherwise use content relating to our customers' end users ("Customer Data") during the provision of our Service, we have contractually committed ourselves to only process such information on behalf and under the instruction of the respective customer, who is the data controller. This Privacy Policy does not apply to such processing and we recommend you read the Privacy Policy of the respective customer if their processing concerns your personal information. For more information, please see our Customer Data section of this Privacy Policy.

We value your privacy and are committed to protecting your personal information in compliance with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR) and the Personal Information Protection Law of the People's Republic of China (PIPL).

1.2 Key Definitions

For the purposes of this Privacy Policy:

• Personal Information/Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal information, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.
• Data Subject: The individual to whom the personal information relates.
• Data Controller/Personal Information Processor: The entity that determines the purposes and means of processing personal information (in most cases, Neurathm).
• Data Processor/Entrusted Processor: The entity that processes personal information on behalf of the Data Controller.

1.3 Applicability

This Privacy Policy applies to:

• Users of Neurathm's website
• Users of Neurathm's AI platforms and SaaS solutions
• Clients participating in AI consulting, development, or data services
• Individuals whose personal information may be processed as part of client projects or model training

1.4 Data Protection Principles

Neurathm adheres to the following data protection principles:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

2. Data Controller Information and Representatives

2.1 Data Controller

Neurathm Inc. is the data controller responsible for your personal information.

Contact Information:
Address: 30 N Gould St Ste N, Sheridan, WY 82801, USA
Email: [email protected]

2.2 Data Protection Officer

For inquiries regarding our data protection practices, you may contact our designated Data Protection Officer at:
[email protected]

3. Personal Information We Collect

3.1 Categories of Personal Information

We may collect the following categories of personal information:

3.1.1 Identity and Contact Information

• Name
• Email address
• Phone number
• Postal address
• Company name and job title

3.1.2 Account Information

• Username
• Password (stored in encrypted form)
• Account preferences
• Account activity and history

3.1.3 Financial Information

• Billing Information: Transaction history, subscription details, and purchase records
• Payment Information: When you purchase our services, we use trusted third-party payment processing service providers. Your payment card information (card number, expiration date, CVV) is processed and stored directly by these payment processors, not by Neurathm. Each payment processor has its own privacy policy governing how they handle your personal information.

3.1.4 Technical Information

• IP address
• Device information (type, operating system, browser)
• Cookies and similar technologies
• Log data (access times, pages visited)
• Location data

3.1.5 Usage Information

• Features and services used
• User interactions with our platforms
• Performance metrics and analytics

3.1.6 Client-Provided Data

• Data submitted for processing, analysis, or AI model training
• Project specifications and requirements

3.2 End-User Data

When our clients use Neurathm services to process end-user data, Neurathm acts as a Data Processor/Entrusted Processor. In such cases, our clients remain the Data Controller/Personal Information Processor and are responsible for obtaining appropriate legal bases for processing such data.

4. How We Collect Personal Information

4.1 Direct Collection

• Account registration and profile creation
• Service purchases and subscriptions
• Communications with our team
• Submission of information through our website or platforms
• Participation in surveys, events, or promotions

4.2 Automated Collection

• Cookies and similar technologies
• Server logs
• Analytics tools

4.3 Third-Party Sources

• Payment processors and other payment service providers
• Analytics providers (such as Google Analytics)
• Business partners
• Publicly available sources

4.4 Prior Notification

We provide clear notification about our data collection practices at the point of collection, particularly during first interactions or when collecting specific information, through pop-ups or layered notices as appropriate.

5. Legal Basis for Processing

5.1 Under GDPR

We process your personal information based on one or more of the following legal grounds:

• Consent: When you have given explicit consent for specific processing activities. You may withdraw your consent at any time.
• Contract Performance: When processing is necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract.
• Legal Obligation: When processing is necessary to comply with our legal obligations.
• Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving our services, preventing fraud, and ensuring network and information security.

5.2 Under PIPL

We process your personal information based on one or more of the following legal grounds:

• Consent: When you have given informed, voluntary, and explicit consent for specific processing activities.
• Contract Performance: When processing is necessary for the conclusion or performance of a contract to which you are a party.
• Legal Obligations: When processing is necessary to fulfill legal responsibilities or obligations.
• Response to Public Health Emergencies: When necessary to protect individuals' life, health, and property safety in emergencies.
• Legitimate Purposes: When reasonably undertaking news reporting, public opinion supervision, or other activities in the public interest.
• Publicly Available Information: When processing personal information that you have disclosed to the public or that is lawfully made public.

6. How We Use Your Personal Information

6.1 Primary Purposes

We use your personal information for the following primary purposes:

• Providing, maintaining, and improving our services
• Processing transactions and managing subscriptions
• Creating and managing your account
• Authenticating user identity and access
• Providing customer support and responding to inquiries
• Fulfilling contractual obligations

6.2 Secondary Purposes

With your consent or as otherwise permitted by law, we may also use your personal information for:

• Sending service updates, security alerts, and administrative messages
• Communicating about products, services, offers, and events
• Conducting research and analysis to improve our services
• Personalizing your experience and providing tailored content
• Detecting and preventing fraud, security breaches, and other harmful activities
• Complying with legal obligations and enforcing our terms

6.3 Automated Decision-Making and Profiling

We may use automated decision-making processes, including profiling, for purposes such as:

• Fraud detection and prevention (e.g., identifying potentially fraudulent transactions)
• Risk assessment (e.g., evaluating credit risk for subscription services)
• Service personalization (e.g., recommending AI features based on your usage patterns)
• Content moderation (e.g., automated filtering of user-generated content)
• Performance optimization (e.g., resource allocation based on usage patterns)

You have the right to object to such processing and request human intervention, express your point of view, and contest decisions based solely on automated processing. To exercise this right, please contact us using the information provided in Section 15.

7. Information Sharing and Disclosure

7.1 No Sale of Personal Information

We do not sell your personal information to third parties for marketing purposes or otherwise, unless explicitly stated and with a clear opt-in/opt-out mechanism provided.

7.2 Categories of Recipients

We may share your personal information with the following categories of recipients:

7.2.1 Service Providers

• Payment processors and other payment service providers
• Cloud hosting providers
• Customer support services
• Analytics providers
• Email and communication services

7.2.2 Business Partners

• Integration partners necessary for service provision
• Consultants and professional advisors

7.2.3 Legal and Regulatory Authorities

• Government authorities when required by law
• Law enforcement agencies in response to valid legal requests

7.2.4 Corporate Transactions

• In connection with a merger, acquisition, or sale of assets

7.3 Safeguards for Data Sharing

When sharing personal information with third parties, we implement appropriate contractual, technical, and organizational safeguards to ensure the protection of your information. For transfers to third-party service providers, we enter into data processing agreements that include appropriate data protection clauses.

7.4 Separate Consent for Transfers

In accordance with PIPL requirements, we obtain separate consent before providing personal information to other data processors, where required by law.

8. International Data Transfers

8.1 Cross-Border Transfer Mechanisms

When transferring personal information across borders, we implement appropriate safeguards in compliance with applicable laws:

8.1.1 For Transfers from the EU/EEA

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Transfer Impact Assessments (TIAs) where necessary
• Adequacy decisions where applicable

8.1.2 For Transfers from China

• Security assessments by the Cyberspace Administration of China where required
• Standard contracts approved by Chinese authorities
• Certification by specialized agencies where applicable

8.2 Transfer Necessity

We only transfer personal information internationally when necessary for the provision of our services or for other legitimate purposes as permitted by applicable law.

9. Data Retention

9.1 Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account information: For the duration of your account plus a retention period of up to 2 years after account closure
• Transaction records: For the period required by tax and financial regulations (typically 7 years)
• Communications: For the duration necessary to resolve inquiries plus 1 year
• Technical data: For up to 2 years for security and analytics purposes

9.2 Criteria for Determining Retention

We consider the following criteria when determining retention periods:

• Legal and regulatory requirements
• Contractual obligations
• Business needs
• Potential disputes or claims
• Industry standards

9.3 Data Deletion or Anonymization

When personal information is no longer necessary, we either delete it securely or anonymize it. We acknowledge the technical challenges that may exist in removing data from trained AI models and implement best practices to address these challenges.

10. Data Security

10.1 Technical and Organizational Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of sensitive data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Network security monitoring and intrusion detection
• Physical security measures for our facilities
• Regular data backups and disaster recovery procedures

10.2 Security Certifications

We maintain industry-standard security certifications and comply with recognized security frameworks.

10.3 Data Breach Procedures

In the event of a personal data breach, we will:

• Assess the risk to individuals' rights and freedoms immediately upon discovery
• Notify relevant supervisory authorities without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by GDPR
• Notify affected individuals promptly when required by law or when there is a high risk to their rights and freedoms
• Provide information on the nature of the breach, likely consequences, measures taken or proposed to address the breach, and how individuals can protect themselves
• Document the facts, effects, and remedial actions taken
• Conduct a post-breach review to identify improvements to our security measures

11. Your Rights

11.1 Rights Under GDPR

If you are in the European Economic Area, you have the following rights:

• Right to Access: Request access to your personal information
• Right to Rectification: Request correction of inaccurate personal information
• Right to Erasure: Request deletion of your personal information in certain circumstances
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Data Portability: Request transfer of your personal information in a structured, commonly used, and machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Request human intervention, express your point of view, and contest decisions based solely on automated processing

11.2 Rights Under PIPL

If you are in China, you have the following rights:

• Right to Know and Decide: Know, decide on, and limit the processing of your personal information
• Right to Access and Copy: Request access to and obtain a copy of your personal information
• Right to Portability: Request transfer of your personal information to another processor designated by you, where technically feasible
• Right to Correction: Request correction of inaccurate or incomplete personal information
• Right to Deletion: Request deletion of your personal information in certain circumstances
• Right to Explanation: Request explanation of personal information processing rules
• Right to Withdraw Consent: Withdraw your consent for processing based on consent

11.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or through the contact information provided in Section 15. We will respond to your request within the timeframe required by applicable law (typically within 30 days for GDPR and 15 days for PIPL).

11.4 Verification Process

To protect your privacy and security, we may need to verify your identity before processing your request. We may request specific information from you to help us confirm your identity.

11.5 Response Timeframe and Fees

We will respond to your requests within the timeframe required by applicable law. We generally do not charge a fee for processing rights requests. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

11.6 Technical Feasibility and Service Impact

11.6.1 Technical Limitations

We will implement your data rights requests to the extent technically feasible. However, there may be technical limitations to our ability to fulfill certain requests, particularly for data that has been:

• Incorporated into AI models that have already been trained
• Anonymized or aggregated to the point where individual data can no longer be identified
• Integrated into complex systems where selective deletion is not technically possible

In such cases, we will:

• Clearly explain the technical limitations in our response
• Cease using your identifiable data for future processing or training
• Implement alternative measures to address your concerns where possible
• Document our compliance efforts and technical constraints

11.6.2 Service Continuity Impact

Exercising certain data rights, particularly the right to erasure (deletion), may impact our ability to provide specific services or features to you. Potential impacts include:

• AI Personalization: Deletion of usage data may reset personalized features and recommendations
• Account Functionality: Deletion of certain account data may limit access to services requiring that information
• AI Training: For data that has been used to train AI models, we cannot completely remove the influence of your data from already trained models, though we will prevent future use
• Service Quality: Deletion of feedback or interaction data may affect our ability to improve services based on user experience

We will clearly communicate any service limitations that may result from your data rights requests before implementing them, allowing you to make an informed decision.

12. Cookies and Similar Technologies

12.1 Types of Cookies We Use

We use the following types of cookies and similar technologies:

• Essential Cookies: Necessary for the functioning of our website and services
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how visitors interact with our website
• Marketing Cookies: Track your browsing habits to deliver targeted advertising

12.2 Cookie Management

You can manage your cookie preferences through your browser settings or our cookie preference center. Here's how to manage cookies in common browsers:

Google Chrome:

1. Click the three dots in the top-right corner
2. Select "Settings"
3. Scroll down and click "Advanced"
4. Under "Privacy and security," click "Site Settings"
5. Click "Cookies and site data"

Mozilla Firefox:

1. Click the three lines in the top-right corner
2. Select "Options" (Windows) or "Preferences" (Mac)
3. Select "Privacy & Security"
4. Under "Cookies and Site Data," choose your preferred settings

Safari:

1. Click "Safari" in the menu bar
2. Select "Preferences"
3. Click the "Privacy" tab
4. Choose your cookie settings

Microsoft Edge:

1. Click the three dots in the top-right corner
2. Select "Settings"
3. Click "Cookies and site permissions"
4. Click "Manage and delete cookies and site data"

Please note that blocking or deleting cookies may affect your ability to use certain features of our services.

12.3 Do Not Track

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to have your online activities tracked. Due to the lack of a common understanding of how to interpret these signals, our website does not currently respond to Do Not Track signals.

13. Children's Privacy

13.1 Age Restrictions and Compliance

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16 without verifiable parental/guardian consent.

13.2 Inadvertent Collection and Parental Rights

If we inadvertently collect personal information from a child under 16 without verifiable parental/guardian consent, we will:

1. Promptly notify the parent/guardian if contact information is available
2. Temporarily suspend processing of the child's personal information
3. Seek verifiable parental/guardian consent within 30 days
4. Delete the information if consent is not received within this timeframe

Parents or legal guardians have the right to:

• Review their child's personal information
• Request deletion of their child's personal information
• Refuse further collection or use of their child's personal information
• Request restrictions on the processing of their child's personal information

To exercise these rights, parents or guardians can contact us at [email protected] with the subject line "Children's Privacy Request".

13.3 Regional Compliance

13.3.1 United States - COPPA Compliance

For users in the United States, we comply with the Children's Online Privacy Protection Act (COPPA). If any part of our service is determined to be directed toward children under 13, we will:

• Obtain verifiable parental consent before collecting personal information
• Provide parents with the ability to review, delete, and refuse further collection of their child's information
• Limit the collection of personal information to what is reasonably necessary
• Maintain the confidentiality, security, and integrity of information collected from children

13.3.2 China - PIPL Compliance

For users in China, we comply with the relevant provisions of the Personal Information Protection Law (PIPL) regarding the protection of children's personal information, particularly for users under the age of 14. This includes obtaining consent from parents or other guardians and implementing special protective measures for children's personal information.

13.3.3 European Union - GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR) requirements for processing children's data, including obtaining parental consent for children under 16 (or the relevant age threshold in the specific EU member state).

13.4 Educational Services

If we offer services directed at educational institutions or that may be used by children in educational contexts, we will:

• Collect only the minimum personal information necessary to provide the educational service
• Not use children's personal information for commercial purposes unrelated to the provision of the educational service
• Provide educational institutions with appropriate controls and access to student information
• Comply with applicable educational privacy laws, such as the Family Educational Rights and Privacy Act (FERPA) in the United States

14. Privacy Policy Updates

14.1 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. The updated policy will be posted on our website with a revised "Last Updated" date.

14.2 Notification of Changes

For significant changes to this Privacy Policy, we will notify you by email or through a prominent notice on our website before the changes become effective. "Significant changes" include:

• Changes to the types of personal information we collect
• New purposes for processing your personal information
• Changes to the categories of third parties with whom we share your information
• Changes to your rights regarding your personal information
• Changes due to new legal requirements that substantially affect our privacy practices
• Implementation of automated decision-making that produces legal or similarly significant effects

We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

15. Contact Information

15.1 Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]

Postal Address:
Neurathm Inc.
30 N Gould St Ste N
Sheridan, WY 82801
United States

15.2 Data Protection Officer

You can contact our Data Protection Officer at:
[email protected]

15.3 Supervisory Authority

If you are in the European Economic Area and believe that we have not adequately resolved your concerns, you have the right to lodge a complaint with your local data protection authority.