Privacy Policy

1. Introduction

Neuranum ("we", "us", "our") operates the neuranum.com platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

The data controller for the purposes of applicable data protection law is Unioney LLC, 8 The Green STE B, Dover, Delaware 19901, United States.

By using Neuranum, you agree to the collection and use of information as described in this policy.

This Privacy Policy is part of our Terms of Service. Your use is also governed by our Acceptable Use Policy and Refund Policy.

2. Data We Collect

Account data: Email address (for magic link authentication or Google OAuth). We do not collect passwords.

Payment data: Processed and stored by Stripe. We receive your Stripe customer ID and subscription status. We do not store card numbers, CVVs, or bank details.

Node metrics: Connection counts, bandwidth usage, and destination IP diversity from managed nodes. These metrics power our automated abuse detection system. We do not inspect packet contents or log browsing activity.

Server logs: IP address, request timestamps, and user agent strings for security and rate limiting. Logs are retained for 30 days.

DIY one-time purchases: No email is collected. Stripe processes the payment. After token delivery, we retain no record linking the purchase to a person.

3. How We Use Your Data

• Authenticate your account and manage sessions
• Provision and manage your Personal Cloud Nodes
• Process payments and manage subscriptions
• Detect and prevent abuse (automated monitoring)
• Send transactional emails (magic links, node status, abuse notifications)
• Comply with legal obligations

We do not sell your data. We do not use your data for advertising. We do not profile your browsing activity.

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to deliver the service you subscribed to, including account creation, node provisioning, and subscription management.
• Legitimate interest: Abuse detection, fraud prevention, and platform security measures to protect all users and our infrastructure.
• Consent: Marketing communications, if any. We currently do not send marketing emails.
• Legal obligation: Compliance with applicable laws, responding to valid legal requests, and fulfilling regulatory requirements.

5. Third-Party Services

• Stripe — Payment processing. Subject to Stripe's Privacy Policy.
• Hetzner Cloud — Infrastructure provider for managed nodes. Subject to Hetzner's Privacy Policy.
• Cloudflare — DNS and CDN services. Subject to Cloudflare's Privacy Policy.
• IPQualityScore — Fraud detection (IP reputation scoring). We send your IP address for fraud assessment during signup.
• Google — OAuth authentication (if you choose Google login). Subject to Google's Privacy Policy.

6. International Data Transfers

Your data may be processed and stored in multiple jurisdictions. Servers hosting Neuranum infrastructure are provided by Hetzner and located in Germany, Finland, and the United States.

For users in the European Economic Area (EEA): transfers of personal data to the United States are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

Stripe processes payment data in accordance with its own data processing agreement, which includes appropriate safeguards for international transfers.

7. Data Retention

• Account data: Retained while your account is active. Deleted upon request.
• Node metrics: Retained for 90 days, then automatically purged.
• Server logs: Retained for 30 days.
• Audit logs: Retained for 1 year for security and compliance.
• Payment records: Retained by Stripe per their data retention policies.
• DIY one-time tokens: Purged 24 hours after delivery.

Upon receipt of a verified deletion request, your personal data will be deleted within 30 days.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law.

Notification will be sent to your registered email address and, where required, to the relevant supervisory authority.

9. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

• Access: Request a copy of all data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your account and associated data.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your data for specific purposes.
• Restriction: Request that we limit how we process your data.

To exercise any of these rights, contact us at s*****t@***.com. We will respond within 30 days.

10. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: You have the right to know what personal information is collected about you and how it is used.
• Right to delete: You have the right to request deletion of your personal information.
• Right to opt-out of sale: Neuranum does not sell your personal information to third parties.
• Right to non-discrimination: You will not be discriminated against for exercising your CCPA rights.

To exercise your CCPA rights, contact us at s*****t@***.com. We will verify your identity and respond within 45 days.

If you are a California resident under the age of 16, we do not knowingly collect or sell your personal information.

11. Cookies

Neuranum uses only essential cookies and local storage for authentication (JWT tokens). We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

12. Security

All data is encrypted in transit (TLS 1.3). Sensitive credentials are encrypted at rest using AES-256-GCM. Authentication uses cryptographically secure tokens. We follow industry-standard security practices to protect your data.

13. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent revision.

This Privacy Policy is governed by the laws of the State of Delaware, United States.

14. Contact

Questions about this privacy policy: s*****t@***.com

Phone: +1 (***) ***-****

Unioney LLC, 8 The Green STE B, Dover, Delaware 19901, United States

Related Policies

• Terms of Service
• Acceptable Use Policy
• Refund Policy