Privacy Policy

3.1 When NeuroPage acts as controller

NeuroPage acts as an independent controller where it determines the purposes and means of processing for its own business operations, including account administration, website operations, customer relationship management, billing, fraud prevention, security monitoring, support, legal compliance, and internal service improvement activities.

3.2 When NeuroPage acts as processor or service provider

NeuroPage generally acts as a processor or service provider when it processes Customer Data, including lead-related or professional-profile data, on behalf of a customer in order to provide the Services, generate personalized pages, apply customer-configured logic, or support campaign workflows directed by the customer.

3.3 Role allocation depends on the context

The allocation of controller and processor roles depends on the factual context of the processing and not solely on the labels used in this Privacy Policy. Where required by applicable law, NeuroPage and the relevant customer will enter into a Data Processing Agreement.

4.1 Account and contact data

We may process names, work email addresses, billing contacts, account credentials, business details, subscription information, and related administrative records needed to create and manage customer accounts and workspaces.

4.2 Professional profile and lead data

Depending on the workflow used by a customer, we may process business-related profile data such as a LinkedIn URL, name, job title, employer or company name, seniority, public professional history, industry context, and other professional profile information reasonably relevant to page generation or persona analysis.

4.3 Generated content and personalization data

We process prompts, generated pages, generated copy, persona-analysis outputs, fit indicators, layout choices, and related service outputs created through the Services.

4.4 Usage and analytics data

We process page events, visit counts, session events, interaction signals, device or browser information, error logs, and other technical or behavioral analytics relating to use of the Services and use of generated pages. Where possible, analytics are limited, bucketed, de-identified, or aggregated depending on the purpose.

4.5 Support and communications data

If you contact us, request a demo, open a support request, or otherwise communicate with us, we may process the information contained in those communications, including contact details, account references, issue descriptions, and related correspondence.

4.6 Data we do not seek to use in standard workflows

NeuroPage does not require personal phone numbers, private email addresses, or Sensitive Data for its standard persona-generation workflow. If such data is received unnecessarily, we may ignore it, restrict it, encrypt it, suppress it from downstream use, or delete it according to our service design and retention practices.

5.1 Data provided directly by customers or users

We receive personal data directly from customers, authorized users, website visitors, and support contacts when they create accounts, connect integrations, configure workspaces, upload files, submit URLs, request support, or otherwise interact with the Services.

5.2 Customer-authorized integrations and uploaded sources

We may receive personal data from integrations and uploads authorized by a customer, including CRM systems, outreach platforms, spreadsheets, APIs, and similar business systems used by the customer.

5.3 Customer-provided profile URLs and related third-party services

Where customers provide professional profile URLs or instruct related workflows, NeuroPage may receive professional profile data from third-party providers involved in service delivery. NeuroPage does not provide customers with a native social-platform scraping interface. Customers remain responsible for ensuring that source data, connected tools, and related disclosures are used lawfully and in accordance with applicable terms and laws.

5.4 Website and page interaction sources

We also collect personal data and usage data automatically through the website, through generated pages, and through limited analytics tools used to understand usage, performance, security, and service quality.

6.1 To provide the Services

We use personal data to create, host, deliver, and operate customer workspaces, personalized pages, service outputs, customer-authorized workflows, integrations, and customer support.

6.2 To perform persona analysis and personalization

We use business-profile and related signals to support persona analysis, page generation, copy suggestions, fit assessments, and other personalization logic requested or configured by the customer. NeuroPage uses such functionality as decision-support and personalization infrastructure and not as a system intended to make final legal, employment, credit, insurance, or similarly significant decisions about individuals.

6.3 To manage subscriptions and customer relationships

We use personal data to manage subscriptions, process payments through third-party payment providers such as Stripe, provide notices, administer accounts, respond to inquiries, and maintain customer records.

6.4 To maintain security and service integrity

We use personal data and technical logs to detect misuse, investigate incidents, enforce our contractual terms, prevent fraud or abuse, debug issues, and protect the Services and our users.

6.5 To analyze and improve the Services

We use service usage data, page interaction data, and performance data to improve service quality, understand how features perform, optimize page-generation logic, and measure platform performance over time. Identifiable or customer-linked analytics are treated differently from aggregated or de-identified analytics and are retained for different periods as described below.

6.6 To comply with legal obligations

We may use personal data where necessary to comply with applicable laws, court orders, lawful requests, accounting obligations, tax obligations, or regulatory requirements.

7.1 Performance of a contract

We process personal data where necessary to provide the Services, manage accounts, generate outputs requested by the customer, support subscriptions, and perform our contractual obligations.

7.2 Legitimate interests

We process personal data where necessary for our legitimate interests, including operating and improving the Services, securing the platform, preventing abuse, managing customer relationships, maintaining records, understanding service performance, and protecting our legal rights, provided that such interests are not overridden by applicable rights and freedoms.

7.3 Consent where required

Where consent is legally required, such as for certain non-essential cookies or similar technologies, we will rely on consent and provide appropriate mechanisms to manage or withdraw that consent.

7.4 Legal obligations

We may process personal data where necessary to meet legal, tax, accounting, regulatory, or enforcement obligations.

8.1 Minimum necessary approach

NeuroPage is designed to use only the data reasonably necessary for the configured use case. Not all data fields available through an integration, upload, or API are required or used by the Services.

8.2 Handling of unnecessary fields

Where data fields are not necessary for page generation, persona analysis, analytics, security, billing, or other legitimate service purposes, NeuroPage may ignore those fields, suppress them from downstream use, encrypt them, restrict access to them, or delete them in accordance with internal workflows and retention controls.

8.3 Sensitive Data and restricted processing

NeuroPage does not intend to process Sensitive Data through its standard service offering. Customers must not intentionally submit Sensitive Data or use the Services for political campaigning, credit decisions, insurance decisions, or solely automated employment or other decisions that produce legal effects or similarly significant effects concerning individuals.

8.4 De-identification and aggregation practices

Where feasible, NeuroPage may transform usage and performance data into de-identified or aggregated analytics for product improvement, benchmarking, and optimization. However, data that remains linked to an individual, a customer account, a personalized page, a workspace, or a campaign remains subject to the safeguards and retention limits applicable to personal data.

9.1 Service providers and subprocessors

We may share personal data with service providers and subprocessors that support hosting, analytics, payment processing, infrastructure, communications, support, and related service delivery. Such providers may process personal data only as needed to perform services for us and subject to appropriate contractual protections.

9.2 Analytics and infrastructure providers

We currently use limited analytics and infrastructure tools in connection with the Services, including PostHog for product and page analytics and other providers needed to operate, host, secure, and improve the Services. We may maintain a separate subprocessors list rather than naming all providers directly in this Privacy Policy.

9.3 Professional advisers and legal disclosures

We may disclose personal data to professional advisers, auditors, insurers, legal counsel, or competent authorities where reasonably necessary for legal, compliance, defence, or transaction-related purposes.

9.4 Business transfers

If NeuroPage is involved in a merger, acquisition, financing, restructuring, or sale of assets, personal data may be disclosed as part of that transaction subject to applicable confidentiality and legal requirements.

9.5 No sale of personal data as a lead database

NeuroPage is not a lead database provider and does not position its standard service as the sale of lead lists. Our service is designed as a personalization and page-generation layer on top of customer-provided or customer-authorized data sources.

10.1 Primary hosting posture

NeuroPage intends to host core service data in the European Union. Where possible, we seek to keep primary hosting and core production data within the EEA or the European Union.

10.2 Transfers outside the EEA

Where personal data is transferred outside the EEA, we will seek to rely on an appropriate transfer mechanism under applicable data protection law, which may include adequacy decisions, standard contractual clauses, or another recognized safeguard as appropriate to the transfer context.

11.1 Active customer data

We generally retain customer account data, workspace data, customer-configured content, and active service records for as long as the relevant account or service relationship remains active and for a limited period thereafter as necessary for support, transition, security, legal compliance, or restoration purposes.

11.2 Deleted accounts and page availability after churn

Following account termination or churn, NeuroPage may keep relevant customer data and generated pages available for a short grace period of up to 30 days, after which active page visibility may be disabled, redirected, deleted, or otherwise removed from general access.

11.3 Deletion timing

Where a valid deletion request is accepted and no legal basis requires continued retention, NeuroPage aims to delete relevant active production data within approximately 72 hours, subject to system limitations, queueing, and operational safeguards.

11.4 Backups

Secure backup copies may remain in protected backup systems for up to 30 days before routine overwrite or deletion. Backup copies are retained for disaster recovery and security purposes and are not intended for ordinary production use.

11.5 Identifiable or customer-linked analytics

Analytics that remain linked to an identifiable individual, a customer account, a personalized page, a workspace, or a customer campaign are retained only for a limited period and are not intended to be stored indefinitely. Unless a shorter period is required, NeuroPage expects to retain such identifiable or customer-linked analytics for up to 24 months where necessary to operate, measure, and improve the Services.

11.6 Aggregated and de-identified analytics

Aggregated or de-identified analytics designed not to identify a specific individual, customer, campaign, or page may be retained for longer periods, including for long-term benchmarking, service optimization, and product improvement, provided that such analytics are not reasonably intended to identify a specific natural person.

12.1 General security posture

NeuroPage implements reasonable and appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful access, accidental loss, destruction, alteration, or disclosure. Such measures may include encryption, access restrictions, credential controls, logging, role-based limitations, secure hosting practices, and backup management.

12.2 No absolute guarantee

No platform, service, or transmission method can be guaranteed to be completely secure. While we take security seriously, we cannot guarantee that the Services will be immune from every threat, incident, or vulnerability.

12.3 Customer responsibility

Customers are also responsible for maintaining the security of their own credentials, connected systems, source data, integrations, and lawful configuration of their workflows.

13.1 Rights that may apply

Subject to applicable law and the nature of the processing, individuals may have rights of access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a competent supervisory authority.

13.2 Direct requests to NeuroPage

Where NeuroPage acts as controller, requests may be sent to us using the contact details in this Privacy Policy. We may request reasonable verification information before acting on a request.

13.3 Requests relating to customer-controlled data

Where NeuroPage processes personal data on behalf of a customer as processor or service provider, we may refer the request to the relevant customer or act only in accordance with the customer's documented instructions, unless applicable law requires otherwise.

13.4 Direct marketing and profiling objections

Where personal data is processed for direct marketing purposes or related profiling by or on behalf of a customer, applicable law may provide a right to object. NeuroPage expects customers to manage suppression, deletion, notice, and objection handling for their own campaign data where they determine the purpose of that processing.

14.1 General use of cookies and similar technologies

NeuroPage may use cookies, analytics tags, pixels, local storage, or similar technologies on its website and in connection with generated pages where appropriate for service delivery, security, and analytics.

14.2 Consent-based technologies

Where required by applicable law, non-essential cookies and similar technologies will be deployed only on the basis of consent or another legally valid mechanism.

14.3 Separate Cookie Policy

Further details about cookies and similar technologies will be provided in the NeuroPage Cookie Policy and any applicable consent banner or preference center.

15.1 Business-oriented service

The Services are designed primarily for business and professional use. NeuroPage does not intend its standard services for use in relation to children's data or child-directed services.

15.2 Restricted use cases

Customers must not use the Services for child-directed targeting, political campaigning, unlawful discrimination, credit scoring, insurance eligibility decisions, or solely automated employment or other decisions that produce legal effects or similarly significant effects concerning individuals.