Privacy Policy

Last updated: June 20, 2026

1. Data Controller

Neuroline AI ("we", "us", "our") is the data controller responsible for your personal data. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws worldwide.

Contact: privacy@neuroline-ai.com

2. What Data We Collect

2.1 Data you provide directly:

  • Name, email address, company name, website URL — when you fill out our contact or onboarding form
  • Payment information — processed by Lemon Squeezy (our Merchant of Record); we do NOT store your credit card details
  • Communication records — emails, messages, and call notes related to our services

2.2 Data collected automatically:

  • We use Umami Analytics (self-hosted) on our website, which is a privacy-first analytics tool
  • Umami does NOT use cookies, does NOT track individuals, and does NOT collect personal data
  • Umami collects only aggregate data: page views, referrer sources, country, device type, and browser
  • No consent banner is required because no personal data is processed

2.3 Data we do NOT collect:

  • We do not use Google Analytics, Facebook Pixel, or any tracking cookies
  • We do not sell, rent, or share your personal data with third parties for marketing
  • We do not perform automated individual decision-making or profiling

3. Why We Process Your Data (Legal Basis)

  • Contract performance: To provide the services you purchased (analytics, email marketing, automation)
  • Legitimate interest: To respond to your inquiries and improve our services
  • Explicit consent: For marketing communications — only with your opt-in
  • Legal obligation: Tax records, invoicing, and regulatory compliance

4. How We Store and Protect Your Data

  • All client data is stored on servers located in the European Union (Frankfurt, Germany)
  • Servers are encrypted at rest and in transit (TLS 1.3)
  • Access to servers is restricted by SSH key authentication and firewalls
  • We use self-hosted open-source tools — your data is NOT stored on third-party SaaS platforms
  • Regular automated backups are maintained

5. Data Sharing

We share your data only with these processors, solely to provide our services:

  • Lemon Squeezy (Merchant of Record) — payment processing, invoicing, and sales tax compliance
  • Brevo — transactional email delivery (SMTP relay)
  • Amazon Web Services (AWS) — server infrastructure (eu-central-1, Frankfurt, Germany)
  • Vercel — website hosting and content delivery
  • ImprovMX — email forwarding

We do NOT sell your data to any third party. We do NOT share data for advertising purposes.

6. Data Retention

  • Contact form data: Retained for 2 years after last contact, then deleted
  • Client service data: Retained for the duration of the contract + 1 year
  • Invoices and financial records: Retained as required by applicable tax law (typically 5–10 years depending on jurisdiction)
  • Analytics data: Aggregate only, no personal data, retained indefinitely

7. Your Rights

Under GDPR and other applicable data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Withdraw marketing consent at any time

To exercise any of these rights, contact us at privacy@neuroline-ai.com. We will respond within 30 days.

8. International Data Transfers

Your data is primarily stored on EU-based servers. If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under applicable law.

9. Children's Privacy

Our services are intended for businesses, not individuals under 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to active clients. The "Last updated" date at the top reflects the most recent revision.

11. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your national authority at edpb.europa.eu.

12. Contact

Neuroline AI
Email: privacy@neuroline-ai.com
Website: neuroline-ai.com