Privacy Policy

Updated March 26th, 2026

This Privacy Policy describes how Neuroframe, Inc. (“Neuroframe,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information when you use our websites, applications, APIs, software, and related services (collectively, the “Services”).

If you do not agree with this Privacy Policy, do not use the Services.

If you use the Services through an Organization, please note that your Organization may control your use of the Services and the content and data associated with your account, as described below.

1. Scope

This Privacy Policy applies to personal information that we collect when you:

visit our websites;
create or use a Neuroframe account;
use the Services, including messaging, collaboration, search, SPs, APs, automations, and integrations;
communicate with us, including support, sales, security, or other inquiries;
attend events, participate in surveys, or otherwise interact with us.

This Privacy Policy does not apply to third-party websites, applications, or services that integrate with the Services and operate under their own terms and privacy policies.

2. Definitions

For purposes of this Privacy Policy:

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable person.
“Content” means information you submit to the Services, including messages, files, prompts, documents, images, audio, video, knowledge sources, and similar materials.
“Organization” means a company, business, institution, or other entity that provides or administers access to the Services for its users.
“SP” means a Super Person, an oracle-like AI system made available through the Services.
“AP” means an Artificial Person, an AI system made available through the Services that may act in a more human-like or real-time manner, including through connected tools or environments.

3. Personal Information We Collect

We may collect the following categories of personal information.

3.1 Information You Provide Directly

You may provide us with personal information such as:

name, username, display name, profile photo, and contact details;
account credentials and authentication information;
billing, payment, and transaction information;
support requests, survey responses, and communications with us;
Content you submit to the Services, including messages, files, prompts, documents, and similar materials;
information you provide when configuring SPs, APs, automations, integrations, permissions, or workflows.

3.2 Information Collected Automatically

When you use the Services, we may automatically collect:

log data and device information, including IP address, browser type, operating system, app version, device identifiers, language, and time zone;
usage information, including pages viewed, features used, search queries, clickstream data, referring URLs, and timestamps;
diagnostic and performance data, including crash reports, error logs, latency, and service health metrics;
cookie, local storage, and similar technology data as described in our Cookie Notice, if any.

3.3 Information from Organizations

If you use the Services through an Organization, we may receive information from that Organization, such as:

your work email address and profile details;
role, team, permissions, or administrative status;
Organization settings, retention rules, and access policies;
account provisioning and identity-provider information.

3.4 Information from Third Parties and Integrations

We may receive information from third parties you connect to the Services, such as identity providers, payment processors, and integrations.

For example, if you connect a third-party account, we may receive profile information, account identifiers, files, messages, calendar data, email metadata, or other information made available through the permissions you grant.

3.5 Publicly Available Information

We may collect information from publicly available sources where permitted by law, such as public web pages, company websites, or public profiles, for purposes such as account verification, fraud prevention, security, and improving user-facing features.

4. How We Use Personal Information

We may use personal information for the following purposes:

to provide, operate, maintain, and improve the Services;
to create and manage accounts and authenticate users;
to enable messaging, collaboration, search, file handling, SPs, APs, automations, integrations, and other Service features;
to respond to support requests, questions, and feedback;
to communicate with you about the Services, including transactional, administrative, security, and product notices;
to personalize your experience and present relevant features or settings;
to monitor, troubleshoot, secure, and debug the Services;
to detect, investigate, and prevent fraud, abuse, misuse, unauthorized access, and other harmful or illegal activity;
to comply with legal obligations and enforce our terms, policies, and agreements;
to protect the rights, privacy, safety, property, and security of Neuroframe, our users, third parties, and the public;
to perform billing, accounting, auditing, and internal reporting;
to de-identify or aggregate information and use that information for analytics, service improvement, research, and product development, where permitted by law.

5. How We Use Content

We process Content you submit to the Services in order to provide the features you request, including messaging, collaboration, search, SPs, APs, summaries, retrieval, automations, and connected workflows.

If you use the Services through an Organization, we may process Content on behalf of that Organization and in accordance with that Organization’s instructions, settings, and applicable agreements.

Except as otherwise stated in a separate agreement, product-specific notice, or consent flow:

we may use Content to operate, maintain, secure, and improve the Services;
we may use Content to investigate abuse, policy violations, bugs, and security incidents;
we may de-identify or aggregate Content-derived information for analytics and service improvement, where permitted by law.

We will not use Google user data obtained through Google API Services to develop, improve, or train generalized artificial intelligence or machine learning models.

6. Organizations and Administrative Control

If you use the Services through an Organization, that Organization may control your account and the Content and Personal Information associated with your use of the Services.

For example, Organization administrators may be able to:

provision, suspend, or remove accounts;
access, search, export, share, modify, retain, or delete Content and associated records;
configure integrations, retention settings, security controls, and permissions;
access usage logs, audit logs, metadata, and administrative reports.

Where an Organization provides your access to the Services, the Organization may act as the controller of certain Personal Information and Neuroframe may act as a processor or service provider on the Organization’s behalf, depending on the circumstances and applicable law.

If you have questions about your Organization’s privacy practices, please contact your Organization administrator.

We may share personal information as follows:

7.1 Vendors and Service Providers

We may share personal information with vendors, contractors, and service providers that perform services for us, such as hosting, cloud infrastructure, analytics, payment processing, customer support, security, fraud prevention, communications, content delivery, and information technology services.

7.2 Organizations

If you use the Services through an Organization, we may share personal information and Content with that Organization and its administrators, subject to the Organization’s settings, instructions, and applicable agreements.

7.3 Integrations and Connected Services

When you enable an integration or connect a third-party account or service, we may share information with that third party as necessary to provide the requested feature and consistent with the permissions you authorize.

7.4 Affiliates and Corporate Transactions

We may share personal information with our affiliates and in connection with an actual or proposed merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar corporate transaction.

7.5 Legal, Safety, and Security Reasons

We may disclose personal information if we believe disclosure is reasonably necessary to:

comply with applicable law, regulation, legal process, or governmental request;
enforce our terms, agreements, and policies;
detect, prevent, or address fraud, abuse, security, or technical issues;
protect the rights, property, safety, and security of Neuroframe, our users, third parties, or the public.

We may share personal information with third parties when you direct us to do so or otherwise consent.

8. Google API Data Use

8.1 Use of Google API Services

Neuroframe’s use and transfer of information received from Google API Services to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

8.2 What Google Data We Access

If you choose to connect your Google account, we may access:

Basic profile information, such as your name and email address
Google Drive files and metadata, if you grant permission

We only access Google user data that you explicitly authorize.

8.3 How We Use Google Data

We use Google user data solely to provide and improve user-facing features of the Services, including:

Enabling login via Google
Allowing access to and processing of files from Google Drive
Powering workflows and automations initiated by the user

8.4 Limited Use Disclosure

We comply with Google’s Limited Use requirements. Specifically:

We do not use Google user data for advertising purposes
We do not sell Google user data
We do not use Google user data to train generalized artificial intelligence or machine learning models

We do not share Google user data with third parties except:

As necessary to provide the Services
To comply with applicable law

8.5 Data Retention and Deletion

We retain Google user data only as long as necessary to provide the Services.

If you disconnect your Google account, we will:

Immediately stop accessing new Google user data through that connection
Delete or anonymize previously accessed Google user data within a reasonable period, unless retention is required by law

8.6 User Control

You can revoke Neuroframe’s access to your Google account at any time via:

https://myaccount.google.com/permissions

8.7 Data Security

We implement appropriate technical and organizational safeguards to protect Google user data, including access controls and encryption where applicable.

8.8 No Human Access

We do not allow humans to read your Google user data unless:

You explicitly request support
It is required for security purposes
It is required to comply with applicable law

9. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

provide the Services;
maintain account records;
comply with legal, tax, accounting, and regulatory obligations;
resolve disputes;
enforce agreements;
detect and prevent abuse and security incidents.

Retention periods may vary depending on:

the type of information;
the Service feature involved;
whether the account is personal or Organization-managed;
applicable contractual commitments;
legal requirements; and
the need to preserve evidence relating to disputes, abuse prevention, or security.

If you use the Services through an Organization, retention and deletion may also be controlled by that Organization’s settings and instructions.

We may retain de-identified or aggregated information for longer periods where permitted by law.

10. Security

We implement reasonable technical, administrative, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure.

These measures may include encryption in transit and at rest, access controls, logging, monitoring, authentication safeguards, least-privilege access, employee training, vendor review, and other security practices appropriate to the nature of the Services.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. International Data Transfers

We may process and store personal information in the United States and other countries where we or our service providers operate.

If you are located outside the United States, your personal information may be transferred to and processed in jurisdictions that may not provide the same level of protection as your home jurisdiction.

Where required by applicable law, we will use appropriate safeguards for cross-border transfers of personal information.

12. Your Privacy Choices and Rights

Depending on where you live, you may have certain rights regarding your personal information, such as the right to:

access personal information;
correct inaccurate personal information;
delete personal information;
restrict or object to certain processing;
withdraw consent where processing is based on consent;
receive a portable copy of certain personal information;
appeal a decision regarding your privacy request.

You may also have choices regarding:

account settings;
communications preferences;
cookies and similar technologies;
connected integrations and permissions;
Organization-managed account settings, where applicable.

To exercise available rights, please contact us at [email protected].

We may need to verify your identity before processing your request. In some cases, your rights may be limited by applicable law, technical constraints, security needs, or our role as a processor or service provider on behalf of an Organization.

If your data is controlled by an Organization, you may need to direct your request to that Organization.

13. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If applicable law requires a higher minimum age for certain processing, we will comply with that law.

If you believe a child has provided us with personal information in violation of applicable law, please contact us at [email protected], and we will take appropriate steps.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will post the updated Privacy Policy and update the effective date above. Where required by law, we will provide additional notice.

Your continued use of the Services after the effective date of the updated Privacy Policy means the updated Privacy Policy will apply to your use of the Services.