Privacy & Cookie Policy

Privacy Policy

1. Our Roles in Data Processing

As a Data Controller

When you visit our website or contact us directly (e.g., via email or forms), we act as the Data Controller, determining how and why your personal data is processed.

As a Data Processor

When our clients use our Services (e.g., AI Voice Agents or Operator Support Assistants) to interact with their customers ("End-Users"), our clients are the Data Controllers, and we act as the Data Processor, processing data strictly according to their instructions as outlined in our Data Processing Agreement (DPA).

If you are an End-User interacting with a NeurX-powered agent, please direct privacy inquiries to the company you interacted with (the Data Controller). We assist our clients in fulfilling such requests as required by law and our DPA.

2. Information We Collect

As a Data Controller

We collect the following information for our own business purposes:

• Website Visitors: Technical data such as IP address, browser type, operating system, and usage analytics (e.g., pages visited, time spent, button clicks, navigation paths, and referral sources) to improve our website. See our Cookie Policy for details.
• Direct Communications: Name, email address, company information, and message content when you contact us via email or website forms.
• Client Account Management: Contact and business information (e.g., name, job title, company details) to manage our relationship with clients.

As a Data Processor

On behalf of our clients, we may process the following categories of End-User data as instructed:

• Identifiers: Name, surname, email address, phone number.
• Conversation Data: Audio recordings of phone interactions and their text transcripts.
• Commercial Information: Customer profile data (e.g., purchase history, preferences) from client-integrated systems.
• Structured Session Data: Information like booking references or case numbers, as defined by our clients.

We also use anonymized, aggregated metadata (e.g., system response times, session failure rates, AI response accuracy) to maintain and improve our infrastructure. This data is not used to identify individuals.

3. How We Use Your Information

As a Data Controller

We use your information to:

1. Provide, maintain, and improve our website and Services.
2. Manage client relationships and provide customer support.
3. Respond to inquiries and send administrative updates (e.g., changes to terms or policies).
4. Ensure the security and integrity of our platform.
5. Comply with legal obligations.

Legal Basis: We process this data based on our legitimate interests (e.g., operating our business and website) or to fulfill contractual obligations with our clients.

As a Data Processor

We process End-User data solely to provide our Services to clients, including:

• Transcribing audio to text.
• Running AI models to understand and respond to inquiries.
• Storing recordings and transcripts for client records.
• Passing structured data to client systems via workflow automations.

All processing is governed by the client's instructions in our DPA. We do not sell, trade, rent, or disclose personal data for monetary or other valuable consideration, except as required by law, with explicit consent, or as necessary to fulfill our obligations under the DPA.

4. Data Sharing and Sub-processors

We do not sell or rent your personal data. We may share data only in the following cases:

• Service Providers/Sub-processors: With trusted third parties (e.g., AWS for hosting) that assist in operating our website or Services. Sub-processors are listed in our DPA and provide equivalent GDPR-compliant protection.
• Legal Requirements: When required by law, court order, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Consent: When you provide explicit consent for specific purposes.

For data transfers outside the EU/EEA (e.g., for specialized services like Large Language Models), we use safeguards such as Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework to ensure GDPR compliance.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption: Data is encrypted at rest and in transit using robust protocols.
• Network Security: Firewalls and DDoS mitigation tools.
• Access Controls: Role-based access and authentication systems.
• Audits: Regular security assessments and monitoring.

6. Data Retention

As a Data Controller: We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law.

As a Data Processor: End-User data retention is determined by our clients and governed by our DPA. Upon contract termination, we return or delete all personal data as instructed, subject to legal retention obligations.

7. Your Data Rights

Under GDPR, you have the following rights over your personal data:

• Access: Request a copy of your data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("Right to be Forgotten").
• Restriction: Limit how your data is processed.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to the processing of your data.

How to Exercise Your Rights

• If NeurX is the Data Controller: Contact us directly at privacy@neur-x.com.
• If NeurX is the Data Processor: Contact the company you interacted with (the Data Controller). We assist our clients in fulfilling these requests as required by law and our DPA.

8. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated by posting the updated policy on our website with a revised "Last Updated" date.

Cookie Policy

1. What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our website is used.

2. Types of Cookies We Use

Essential Cookies (Always Set)

We use only ONE essential cookie, which is necessary to remember your privacy choice:

• neurx-gdpr-consent-v2: Stores your cookie consent choice ("accepted" or "declined").
• Duration: 365 days (12 months).
• Purpose: Prevents repeated consent requests and respects your privacy preference.
• Why it's essential: This cookie is necessary to comply with privacy regulations and to avoid asking for your consent on every page visit.

Analytics Cookies (Optional - Only Set With Your Consent)

These cookies help us understand how visitors interact with our website and are only set if you click "Accept All":

• neurx-session: Unique session identifier to track your visit.
• neurx-visitor: Links multiple sessions for returning visitors.
• Behavior Analysis: Page views, time spent, scroll patterns, clicks.
• Performance Monitoring: Page load times and error detection.

3. Specific Data Collection

Data Stored in Cookies:

• Session ID: Random identifier (e.g., "abc123def456").
• Visitor ID: Links sessions for returning visitors.
• Consent Status: "accepted" or "declined" for privacy choices.

Data Stored in Our Database (NOT in cookies):

• Page URLs visited and time spent on each page.
• Click patterns and scroll behavior (how far you scroll).
• Device type, browser, and operating system information.
• Screen resolution (e.g., "1920x1080").
• Geographic location (country and city from IP address).
• Referral sources and navigation paths between pages.
• Button clicks and interaction data (which elements you click).

Local Storage (on your device):

• neurx_session_id: Copy of session identifier for functionality.
• neurx_analytics_opt_out: Legacy opt-out preference (if applicable).

4. Cookie Consent & Your Choices

We respect your choice regarding cookies. When you visit our website, you have two options:

"Accept All" Choice:

• Total Cookies: 3 cookies will be set.
• neurx-gdpr-consent-v2: Records your "accepted" choice (essential).
• neurx-session: Tracks your current browsing session for analytics.
• neurx-visitor: Links multiple sessions to understand returning visitor patterns.

"Essential Only" Choice:

• Total Cookies: 1 cookie will be set.
• neurx-gdpr-consent-v2: Records your "declined" choice (essential to remember your preference).
• Analytics Disabled: No session or visitor tracking cookies will be set.
• Full Access: You can browse the website normally without any restrictions.

Managing Your Consent:

• Withdrawal: You can change your choice at any time by clearing your cookies or contacting us.
• Browser Settings: You can also manage cookies through your browser settings.

5. Managing Cookies

Our Cookie Consent Tool

• Use our popup to accept or decline cookies when you first visit.
• Contact us to change your preferences after initial consent.

Browser Settings

• Chrome: Settings > Privacy and Security > Cookies.
• Firefox: Settings > Privacy & Security > Cookies.
• Safari: Preferences > Privacy > Cookies.
• Edge: Settings > Cookies and Site Permissions.

6. Third-Party Cookies

Our website may contain links to third-party services that use their own cookies. We are not responsible for their cookie practices. Please review their privacy policies.

7. Cookie Retention Periods

Here are the retention periods for each cookie:

• neurx-gdpr-consent-v2: 365 days (12 months).
• neurx-session: Session duration (deleted when browser closes) - only set if you "Accept All".
• neurx-visitor: 365 days (12 months) - only set if you "Accept All".
• Database analytics data: Retained indefinitely for business analysis - only collected if you "Accept All".
• IP address data: Used for geolocation only, not permanently stored in identifiable form.

8. Data Rights

You can request:

• Data Deletion: Contact us to delete your analytics data.
• Data Export: Request a copy of data we've collected about you.
• Opt-out: Decline cookies to stop future data collection.
• Correction: Request correction of any inaccurate data.