Privacy & Cookie Policy

🔒 Privacy Policy

1. Our Roles in Data Processing

As a Data Controller

When you visit our website or contact us directly (e.g., via email or forms), we act as the Data Controller, determining how and why your personal data is processed.

As a Data Processor

When our clients use our Services (e.g., AI Voice Agents or Operator Support Assistants) to interact with their customers ("End-Users"), our clients are the Data Controllers, and we act as the Data Processor, processing data strictly according to their instructions as outlined in our Data Processing Agreement (DPA).

If you are an End-User interacting with a NeurX-powered agent, please direct privacy inquiries to the company you interacted with (the Data Controller). We assist our clients in fulfilling such requests as required by law and our DPA.

2. Information We Collect

As a Data Controller

We collect the following information for our own business purposes:

• Website Visitors: Technical data such as IP address, browser type, operating system, and usage analytics (e.g., pages visited, time spent, button clicks, navigation paths, and referral sources) to improve our website. See our Cookie Policy for details.
• Direct Communications: Name, email address, company information, and message content when you contact us via email or website forms.
• Client Account Management: Contact and business information (e.g., name, job title, company details) to manage our relationship with clients.

As a Data Processor

On behalf of our clients, we may process the following categories of End-User data as instructed:

• Identifiers: Name, surname, email address, phone number.
• Conversation Data: Audio recordings of phone interactions and their text transcripts.
• Commercial Information: Customer profile data (e.g., purchase history, preferences) from client-integrated systems.
• Structured Session Data: Information like booking references or case numbers, as defined by our clients.

We also use anonymized, aggregated metadata (e.g., system response times, session failure rates, AI response accuracy) to maintain and improve our infrastructure. This data is not used to identify individuals.

3. How We Use Your Information

As a Data Controller

We use your information to:

1. Provide, maintain, and improve our website and Services.
2. Manage client relationships and provide customer support.
3. Respond to inquiries and send administrative updates (e.g., changes to terms or policies).
4. Ensure the security and integrity of our platform.
5. Comply with legal obligations.

Legal Basis: We process this data based on our legitimate interests (e.g., operating our business and website) or to fulfill contractual obligations with our clients.

As a Data Processor

We process End-User data solely to provide our Services to clients, including:

• Transcribing audio to text.
• Running AI models to understand and respond to inquiries.
• Storing recordings and transcripts for client records.
• Passing structured data to client systems via workflow automations.

All processing is governed by the client’s instructions in our DPA. We do not sell, trade, rent, or disclose personal data for monetary or other valuable consideration, except as required by law, with explicit consent, or as necessary to fulfill our obligations under the DPA.

4. Data Sharing and Sub-processors

We do not sell or rent your personal data. We may share data only in the following cases:

• Service Providers/Sub-processors: With trusted third parties (e.g., AWS for hosting) that assist in operating our website or Services. Sub-processors are listed in our DPA and provide equivalent GDPR-compliant protection. Clients are informed of any changes to sub-processors per the DPA.
• Legal Requirements: When required by law, court order, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Consent: When you provide explicit consent for specific purposes.

For data transfers outside the EU/EEA (e.g., for specialized services like Large Language Models), we use safeguards such as Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework to ensure GDPR compliance. Core data processing occurs within our AWS EU infrastructure where feasible.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption: Data is encrypted at rest and in transit using robust protocols.
• Network Security: Firewalls and DDoS mitigation tools.
• Access Controls: Role-based access and authentication systems.
• Audits: Regular security assessments and monitoring.

6. Data Retention

As a Data Controller: We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law.

As a Data Processor: End-User data retention is determined by our clients and governed by our DPA. Upon contract termination, we return or delete all personal data as instructed, subject to legal retention obligations.

7. Your Data Rights

Under GDPR, you have the following rights over your personal data:

• Access: Request a copy of your data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("Right to be Forgotten").
• Restriction: Limit how your data is processed.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to the processing of your data.

How to Exercise Your Rights

• If NeurX is the Data Controller: Contact us directly at privacy@neur-x.com.
• If NeurX is the Data Processor: Contact the company you interacted with (the Data Controller). We assist our clients in fulfilling these requests as required by law and our DPA.

8. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated by posting the updated policy on our website with a revised "Last Updated" date.

🍪 Cookie Policy

1. What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our website is used.

2. Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function properly:

• Session Management: Maintain your session state and preferences.
• Security: Protect against fraud and security threats.
• Functionality: Enable core website features and navigation.

Analytics Cookies

These cookies help us understand how visitors interact with our website:

• neurx-session: Unique session identifier to track your visit.
• neurx-visitor: Links multiple sessions for returning visitors.
• Behavior Analysis: Page views, time spent, scroll patterns, clicks.
• Performance Monitoring: Page load times and error detection.

Consent Management Cookies

These cookies remember your privacy choices:

• neurx-gdpr-consent: Stores whether you accepted or declined cookies.
• Duration: 365 days (12 months).
• Purpose: Prevents repeated consent requests.

3. Specific Data Collection

Data Stored in Cookies:

• Session ID: Random identifier (e.g., "abc123def456").
• Visitor ID: Links sessions for returning visitors.
• Consent Status: "accepted" or "declined" for privacy choices.

Data Stored in Our Database (NOT in cookies):

• Page URLs visited and time spent on each page.
• Click patterns and scroll behavior (how far you scroll).
• Device type, browser, and operating system information.
• Screen resolution (e.g., "1920x1080").
• Geographic location (country and city from IP address).
• Referral sources and navigation paths between pages.
• Button clicks and interaction data (which elements you click).

Local Storage (on your device):

• neurx_session_id: Copy of session identifier for functionality.
• neurx_analytics_opt_out: Legacy opt-out preference (if applicable).

4. Cookie Consent

We respect your choice regarding cookies:

• Consent Required: We ask for your consent before setting non-essential cookies.
• Granular Control: You can accept or decline different types of cookies.
• Withdrawal: You can withdraw consent at any time.
• Browser Settings: You can manage cookies through your browser settings.

5. Managing Cookies

Our Cookie Consent Tool

• Use our popup to accept or decline cookies when you first visit.
• Contact us to change your preferences after initial consent.

Browser Settings

• Chrome: Settings > Privacy and Security > Cookies.
• Firefox: Settings > Privacy & Security > Cookies.
• Safari: Preferences > Privacy > Cookies.
• Edge: Settings > Cookies and Site Permissions.

6. Third-Party Cookies

Our website may contain links to third-party services that use their own cookies. We are not responsible for their cookie practices. Please review their privacy policies.

7. Cookie Retention Periods

Here are the retention periods for each type of data:

• neurx-gdpr-consent: 365 days (12 months).
• neurx-session: Browser session only (deleted when browser closes).
• neurx-visitor: Not currently implemented (if added, would be 12 months).
• Database analytics data: Retained indefinitely for business analysis.
• IP address data: Used for geolocation only, not permanently stored.

8. Data Rights

You can request:

• Data Deletion: Contact us to delete your analytics data.
• Data Export: Request a copy of data we've collected about you.
• Opt-out: Decline cookies to stop future data collection.
• Correction: Request correction of any inaccurate data.