Privacy Policy

1. Overview

Neurolance ("we," "our," or "us") operates globally and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our mobile application, website, or related services (collectively, "Services").

This policy applies to all users, including those in the European Union, California, Virginia, and other jurisdictions with specific privacy laws. We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California Online Privacy Protection Act (CalOPPA), Virginia Consumer Data Protection Act (CDPA), Children's Online Privacy Protection Act (COPPA), and related privacy regulations.

By using Neurolance, you agree to this Privacy Policy.

2. Age Requirements and Parental Consent

Our Services are intended for users aged 13 and older. If you are under 18, you must have permission from a parent or legal guardian to use Neurolance. By using our Services, minors confirm they have obtained parental consent.

We do not knowingly collect personal information from children under 13 without verified parental consent. If we discover such collection, we will delete the data immediately. Parents or guardians may contact contact@neurolance.ai to request removal of a child's information.

3. Information We Collect

We collect only what is necessary to provide and improve our Services:

Personal Information

• Food images and descriptions: Content you upload for analysis
• Account information (optional): Email address, username, or login credentials if you create an account
• Payment information: Processed exclusively through Google Play or Apple App Store; we do not access or store your payment card details

Technical and Usage Data

• Device information: Device type, operating system version, unique device identifiers
• Usage analytics: Anonymized interaction patterns, feature usage, and app performance metrics for service improvement
• Log data: IP addresses, access times, and error reports for security and troubleshooting

Categories of Data (CCPA Disclosure)

We collect the following categories of personal information as defined by California law:

• Identifiers (email, username)
• Commercial information (purchase history via app stores)
• Internet/network activity (usage patterns, device info)
• Visual information (food images)

What We Don't Collect

We do not collect sensitive personal information including:

• Health or medical data, genetic or biometric data
• Racial or ethnic origin, political opinions, religious beliefs
• Sexual orientation or precise geolocation data
• Social Security numbers, driver's license numbers, or financial account details

4. How We Use Your Data

We process your information only for these specific purposes:

• Service delivery: Analyze food images and provide nutritional results
• AI improvement: Train and refine our machine learning models to enhance accuracy
• Account management: Authenticate users, manage accounts, and provide customer support
• System maintenance: Ensure security, prevent fraud, and troubleshoot technical issues
• Legal compliance: Respond to user rights requests and comply with applicable laws

Legal Basis for Processing (GDPR)

• Contract performance: Providing Services you've requested
• Consent: Processing food images and optional data (withdrawable anytime)
• Legitimate interest: Service improvement, security, and fraud prevention

We do not use your information for:

• Targeted advertising or cross-context behavioral marketing
• Automated decision-making or profiling with legal/significant effects
• Sale or sharing of personal information for monetary or other valuable consideration

Student Data (SOPIPA): If K-12 student data is inadvertently collected, it will not be used for targeted advertising or disclosed without authorization.

5. Data Sharing and Third Parties

We do not sell, rent, or share your personal information for marketing purposes.

Service Providers We Use

We engage limited third-party processors who are contractually obligated to protect your data:

• TastyAPI: Food image analysis processor. TastyAPI acts solely as our data processor under contractual agreement. See https://tastyapi.com/data-agreement for their practices. We remain the data controller and retain no ownership transfers of your data.
• Amazon Web Services (AWS): Cloud infrastructure and encrypted S3 storage (US-East-1 region)
• Supabase: Database and authentication services (utilizing AWS infrastructure)
• Google Play / Apple App Store: Payment processing (we do not access payment details)

No other third parties collect data through our Services.

When We May Disclose Information

Limited disclosure occurs only when:

• Legally required: Valid court orders, subpoenas, or legal obligations
• Safety and security: Preventing fraud, protecting rights, or ensuring user safety
• Business transfers: Merger, acquisition, or asset sale (with prior notice and deletion option)

6. Data Retention

We retain information as follows:

• Account information: Deleted within 24 hours of account deletion request
• Food images and content: Retained indefinitely to improve AI models, unless you request deletion
• Anonymized analytics: Retained indefinitely (cannot be linked to you)
• Payment records: Maintained by Google/Apple per their policies

You may request deletion of any retained data at dataprocessing@neurolance.ai. We will process deletion requests within 30-45 days, except where retention is required by law.

7. Data Security

We implement industry-standard security measures:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access controls: Limited employee access with multi-factor authentication
• Secure infrastructure: AWS and Supabase enterprise-grade security features
• Private storage: Encrypted S3 buckets accessible only by authorized Neurolance systems
• Regular audits: Ongoing security assessments and vulnerability testing

Data Breach Notification

If a breach compromises your personal information, we will:

• Notify affected users via email without undue delay
• Notify relevant authorities within 72 hours (GDPR requirement)
• Provide breach details, potential consequences, and protective measures

While we employ extensive safeguards, no system is completely secure. We cannot guarantee absolute security but commit to industry best practices.

8. Your Privacy Rights

You have comprehensive control over your data. Rights vary by jurisdiction:

All Users

• Access: Request a copy of your personal information
• Correction: Update inaccurate or incomplete data
• Deletion: Request erasure of your information
• Portability: Receive data in a structured, machine-readable format
• Withdraw Consent: Revoke consent for processing at any time

California Residents (CCPA/CPRA Rights)

• Right to Know: Request categories and specific pieces of personal information collected, sold, or shared in the preceding 12 months
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt out of "sale" or "sharing" of personal information (we don't engage in these activities)
• Right to Limit Sensitive PI: Restrict use of sensitive personal information (we don't collect this)
• Non-Discrimination: Exercise rights without discriminatory treatment or pricing differences

California Minors (Under 18): You may request removal of content you've posted. Contact dataprocessing@neurolance.ai

California Minors (Under 16): You or your parent/guardian may opt out of any sale of personal information. We do not sell data.

Virginia Residents (CDPA Rights)

All rights under "All Users" above, plus:

• Right to Opt-Out: Opt out of targeted advertising, sale of data, or profiling (we don't engage in these)
• Right to Appeal: Contest denial of your request (see appeals process below)

EU/EEA Residents (GDPR Rights)

All rights under "All Users" above, plus:

• Right to Restrict Processing: Limit processing under certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: File complaint with your local Data Protection Authority

9. How to Exercise Your Rights

Submit requests via:

• Email: dataprocessing@neurolance.ai
• In-App: Settings > Privacy > "Manage My Data"

Response Timeframes:

• GDPR/CDPA: 30-45 days
• CCPA/CPRA: 45 days (may extend additional 45 days if needed)

Requests are free of charge unless manifestly unfounded or excessive. We may request identity verification before processing.

Appeals Process (Virginia Residents)

If we deny your request, you may appeal within 60 days by:

• Replying to our denial email, or
• Emailing dataprocessing@neurolance.ai with "Appeal" in the subject line

We will respond within 60 days. If unsatisfied, contact the Virginia Attorney General: oag.state.va.us

Additional Resources

• California residents: California Attorney General - oag.ca.gov
• EU residents: European Data Protection Board - edpb.europa.eu
• General inquiries: contact@neurolance.ai

10. Do Not Sell or Share My Personal Information

We do not sell or share your personal information as defined by the CCPA/CPRA. We do not:

• Sell data for monetary or other valuable consideration
• Share data for cross-context behavioral advertising
• Disclose data to third parties for their own marketing purposes

In the preceding 12 months, we have:

• Not sold any categories of personal information
• Not shared personal information for cross-context behavioral advertising
• Disclosed identifiers and visual information to service providers (TastyAPI, AWS) solely for business purposes

To formally opt out of any potential future sale or sharing, contact dataprocessing@neurolance.ai or use Settings > Privacy > "Do Not Sell My Info."

11. International Data Transfers

Neurolance operates globally through the Apple App Store and Google Play Store. Your data is stored on AWS servers in the United States (US-East-1 region).

If you access our Services from outside the U.S., your information will be transferred to and processed in the United States. We use safeguards including:

• Standard Contractual Clauses (SCCs) for EU/EEA data transfers
• Adequate data protection measures consistent with GDPR Article 46
• Contractual protections with all service providers

12. Automated Decision-Making

Neurolance does not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals without human oversight.

Our AI provides nutritional analysis for informational purposes only and does not make decisions affecting your legal rights, financial status, or access to services.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be communicated as follows:

• Material changes: Email notification at least 30 days before taking effect
• Non-material changes: Posted here with updated "Last Updated" date
• All changes: Reflected in the "Effective Date" and "Last Updated" fields above

Continued use of our Services after changes take effect constitutes acceptance of the updated policy. We encourage periodic review of this policy.

How you'll be notified: Via email to your registered address. We may also provide in-app notifications.

14. Data Protection Officer

Neurolance's founders serve as Data Protection Officers for privacy matters. For DPO-related inquiries, contact:

Email: dataprocessing@neurolance.ai

15. Business Information and Jurisdiction

• Operating Entity: Neurolance
• Base of Operations: Florida, United States
• Service Reach: Global via Apple App Store and Google Play Store
• Governing Law: This policy is governed by U.S. law and the laws of Florida

16. Contact Us

For questions, concerns, or requests:

• Privacy & Data Requests: dataprocessing@neurolance.ai
• General Inquiries: contact@neurolance.ai

17. Legal Compliance Statement

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR) - EU Regulation 2016/679
• California Consumer Privacy Act (CCPA) - Cal. Civ. Code § 1798.100 et seq.
• California Privacy Rights Act (CPRA) - 2020 California Proposition 24
• California Online Privacy Protection Act (CalOPPA) - Cal. Bus. & Prof. Code § 22575-22579
• Virginia Consumer Data Protection Act (CDPA) - Va. Code Ann. § 59.1-575 et seq.
• Children's Online Privacy Protection Act (COPPA) - 15 U.S.C. §§ 6501-6506
• Privacy Rights for California Minors in the Digital World - Cal. Bus. & Prof. Code § 22581
• Student Online Personal Information Protection Act (SOPIPA) - Cal. Bus. & Prof. Code § 22584-22585

Thank you for trusting SavorAI with your privacy.