Privacy Policy

Last updated: June 2026

1. Introduction

Neuranum ("we", "us", "our") operates the neuranum.com platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

The data controller for the purposes of applicable data protection law is Unioney LLC, 8 The Green STE B, Dover, Delaware 19901, United States.

By using Neuranum, you agree to the collection and use of information as described in this policy.

This Privacy Policy is part of our Terms of Service. Your use is also governed by our Acceptable Use Policy and Refund Policy.

2. Data We Collect

Account data: Email address (for magic link authentication or Google OAuth). We do not collect passwords.

Payment data: Processed and stored by Stripe. We receive your Stripe customer ID and subscription status. We do not store card numbers, CVVs, or bank details.

Node metrics: Connection counts, bandwidth usage, and destination IP diversity from managed nodes. These metrics power our automated abuse detection system. We do not inspect packet contents or log browsing activity.

Server logs: IP address, request timestamps, and user agent strings for security and rate limiting. Logs are retained for 30 days.

DIY one-time purchases: No email is collected. Stripe processes the payment. After token delivery, we retain no record linking the purchase to a person.

3. How We Use Your Data

We do not sell your data. We do not use your data for advertising. We do not profile your browsing activity.

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

5. Third-Party Services

The following sub-processors and service providers receive limited data strictly to deliver the functionality described:

IP-intelligence providers (used at sign-in and during node ignition for anti-fraud and geolocation). We send only your IP address — no email, no account identifier — through a layered fallback chain:

The IP-intelligence chain runs only at moments where the platform's anti-fraud or geolocation logic is required (sign-in, node ignition). It does not run on every page load.

First-party (no third-party sharing). Crash reports and diagnostics are collected by an open-source Sentry-compatible service (GlitchTip) running on Neuranum-owned infrastructure at errors.neuranum.com — these never leave Neuranum-controlled servers.

6. International Data Transfers

Your data may be processed and stored in multiple jurisdictions. Servers hosting Neuranum infrastructure are provided by Hetzner and located in Germany, Finland, and the United States.

For users in the European Economic Area (EEA): transfers of personal data to the United States are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

Stripe processes payment data in accordance with its own data processing agreement, which includes appropriate safeguards for international transfers.

7. Data Retention & Right to Deletion

The following table mirrors the wording on our public delete-account page (/legal/delete-account) and the verify-link email body, so every surface tells you the same thing.

How to request deletion: use the public form at neuranum.com/legal/delete-account — accessible without the app installed and without logging in. We email a one-use confirmation link (15-minute TTL). Tapping it triggers the deletion sequence above. The flow is identical for active users (in-app) and ex-users.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law.

Notification will be sent to your registered email address and, where required, to the relevant supervisory authority.

9. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

To exercise any of these rights, contact us at s*****t@***.com. We will respond within 30 days.

10. Your Rights Under CCPA / CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) effective 2023:

To exercise any of these rights, contact us at s*****t@***.com. We will verify your identity using your registered email and respond within 45 days, with one 45-day extension where reasonably necessary, in accordance with the CPRA.

If you are a California resident under the age of 16, we do not knowingly collect, sell, or share your personal information.

11. Children's Privacy

Neuranum is intended for adults. You must be at least eighteen (18) years of age to create an account or use the Service. In compliance with the Children's Online Privacy Protection Act (COPPA), the Service is not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible. If you believe we may have any information from or about a child under 13, please contact us at s*****t@***.com.

12. Cookies and Local Storage

Neuranum uses only strictly-necessary cookies and browser local storage to hold JWT authentication tokens that keep you signed in. We do not use tracking cookies, analytics cookies, advertising cookies, third-party cookies, or any form of persistent identifier for cross-site profiling.

Because the cookies and local storage we use are strictly necessary for the service to function — the application cannot authenticate you without them — no separate consent banner is required under Article 5(3) of the EU ePrivacy Directive (2002/58/EC, as amended) or the United Kingdom's Privacy and Electronic Communications Regulations (PECR). Continuing to use the service constitutes acknowledgement that these strictly-necessary cookies will be set.

12a. Do Not Track Signals

Neuranum does not engage in cross-site tracking. We have no third-party analytics, no advertising network embeds, and no behavioral profiling. Because we do not track users across sites or applications in the first place, the Do Not Track (DNT) browser header and the Global Privacy Control (GPC) signal have no operational effect on our service — there is no tracking activity to opt out of.

13. Security

All data is encrypted in transit (TLS 1.3). Sensitive credentials are encrypted at rest using AES-256-GCM. Authentication uses cryptographically secure tokens. We follow industry-standard security practices to protect your data.

14. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent revision.

This Privacy Policy is governed by the laws of the State of Delaware, United States.

15. Contact

Questions about this privacy policy: s*****t@***.com

Phone: +1 (***) ***-****

Unioney LLC, 8 The Green STE B, Dover, Delaware 19901, United States

Related Policies