Privacy Policy

1. Introduction

Neural Roots AI ("we," "us," "our," or "Neural Roots") operates neuralroots.ai and provides AI-powered document intelligence solutions for professional services businesses. We are committed to protecting your privacy and handling your data with transparency and security.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our Document Intelligence Platform, or engage with our services.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: Name, email address, company name, job title, phone number, billing address
• Customer Documents: Tax forms, insurance documents, genealogical records, receipts, and other business documents you upload for processing
• Communication Data: Information from emails, support tickets, demo requests, and customer feedback
• Payment Information: Billing details processed through secure third-party payment processors (we do not store credit card numbers)

2.2 Information Collected Automatically

• Usage Data: IP address, browser type, device information, operating system, pages visited, time spent on pages, clickstream data
• Cookies and Tracking: We use cookies, web beacons, and similar technologies to enhance user experience and analyze platform performance
• Document Processing Metadata: Upload timestamps, document types, processing status, accuracy scores, and workflow information

2.3 Information from Third Parties

• Integration Partners: Data from QuickBooks, TaxWise, Dentrix, and other third-party systems you authorize us to access
• Authentication Providers: Information from Auth0 for secure login and identity verification

3. How We Use Your Information

3.1 Service Delivery

• Process documents using OCR, machine learning, and generative AI technologies
• Provide document classification, data extraction, validation, and enrichment services
• Enable Human-in-the-Loop (HITL) review workflows for quality assurance
• Generate reports, task recommendations, and automated notifications
• Integrate with your existing business systems (accounting software, practice management systems)

3.2 Platform Improvement

• Train and refine our AI models to improve accuracy and performance
• Analyze usage patterns to enhance user experience and develop new features
• Conduct A/B testing and quality assurance
• Monitor system performance, uptime, and security

3.3 Business Operations

• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Send service notifications, updates, and maintenance alerts
• Comply with legal obligations and enforce our Terms of Service

3.4 Marketing (With Your Consent)

• Send promotional emails about new features, case studies, and industry insights
• Personalize content and recommendations based on your business vertical
• Create anonymized case studies and testimonials (with explicit permission)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on:

• Contract Performance: To deliver services you've subscribed to
• Legitimate Interests: To improve our platform, prevent fraud, and ensure security
• Legal Compliance: To meet tax, accounting, and regulatory requirements
• Consent: For marketing communications and optional data processing (withdrawable at any time)

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third-party vendors who assist in service delivery:

• Google Cloud Platform: Infrastructure hosting, AI/ML services (Document AI, Gemini Pro, Vertex AI, Cloud Storage)
• Auth0: Identity management and authentication
• SendGrid/Twilio: Email and SMS notifications
• Payment Processors: Stripe or similar for billing (PCI-DSS compliant)

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5.3 Legal Requirements

We may disclose information to:

• Comply with legal obligations, court orders, or government requests
• Protect our rights, property, or safety, and that of our users
• Investigate fraud, security incidents, or Terms of Service violations

5.4 With Your Consent

We will share data with third parties when you explicitly authorize integrations (e.g., QuickBooks, TaxWise) or request data transfers.

6. Data Security

We implement industry-standard security measures:

• Encryption: TLS 1.3 for data in transit; AES-256 encryption for data at rest
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA)
• Infrastructure Security: Google Cloud Platform with SOC 2 Type II compliance
• Audit Logging: Comprehensive tracking of all data access and modifications
• Regular Security Assessments: Penetration testing and vulnerability scanning

7. Data Retention

• Active Customer Data: Retained for the duration of your subscription plus 90 days
• Processed Documents: Stored for 7 years (tax documents) or as required by applicable law
• Account Information: Retained for 3 years after account closure for legal and audit purposes
• Marketing Data: Retained until you unsubscribe or request deletion

You may request earlier deletion by contacting sales@neuralroots.ai, subject to legal retention requirements.

8. Your Privacy Rights

8.1 All Users

8.2 Additional Rights (EEA/UK Users)

• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for marketing or optional processing
• Lodge a Complaint: File a complaint with your local data protection authority

9. Cookies and Tracking Technologies

We use:

• Essential Cookies: Required for platform functionality (authentication, session management)
• Analytics Cookies: Google Analytics to understand usage patterns (anonymized)
• Marketing Cookies: Track campaign effectiveness (opt-in required)

Cookie Preferences: Manage settings via our cookie banner or browser settings. Disabling non-essential cookies may limit functionality.

10. International Data Transfers

Neural Roots operates globally. Data may be transferred to and processed in the United States and other countries where Google Cloud Platform operates. We ensure adequate safeguards through:

• Standard Contractual Clauses (SCCs) for EEA/UK transfers
• Google Cloud's Data Processing Addendum
• Adherence to Privacy Shield principles (where applicable)

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, contact us immediately for deletion.

12. Changes to This Privacy Policy

We may update this policy to reflect service changes, legal requirements, or industry best practices. Material changes will be communicated via:

• Email notification to account administrators
• Prominent notice on our website
• In-app notifications for active users

Continued use after changes constitutes acceptance.

13. Contact Us

For privacy questions, data requests, or security concerns, please reach out to us through any of the following channels:

We aim to respond to all privacy-related inquiries within 30 days.