Privacy Policy
How we collect, use, and protect your data — transparency and security are core to everything we build.
Last Updated: February 17, 2026GDPR Compliant
1. Information We Collect
1.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email, company, password | Account creation and authentication |
| Payment Information | Billing address, payment method (via Stripe) | Process subscriptions and payments |
| Uploaded Content | Documents, files for processing | Provide document processing services |
| Communications | Support tickets, feedback | Customer support and service improvement |
| Third-Party Credentials | Google OAuth2 tokens (Gmail, Google Workspace) | Enable AI agent integrations with your connected services |
| Email Data (connected accounts) | Email messages, subjects, senders, labels accessed by AI agents | Perform email tasks on your behalf when you instruct an AI agent |
| AI Agent Interactions | Chat messages, agent responses, tool call logs | Provide AI agent services, track usage, improve quality |
| Phone Number & SMS Consent | Mobile phone number, SMS opt-in status, consent timestamp, consent IP address | Send SMS notifications (if opted in), TCPA compliance records |
| SMS Communications | Message content, delivery status, timestamps | Deliver notifications, maintain service quality, compliance |
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, processing history
- Device Information: Browser type, operating system, IP address
- Cookies: Session cookies for authentication, preference cookies for settings
- Log Data: Access times, error logs, performance metrics
2. How We Use Your Information
We use collected information to:
- Provide Services: Process your documents, run analyses, deliver results
- Maintain Accounts: Authenticate users, manage subscriptions, track usage
- Improve Service: Analyze usage patterns, fix bugs, develop new features
- Communicate: Send service updates, respond to inquiries, provide support
- Security: Detect fraud, prevent abuse, protect user data
- Legal Compliance: Meet regulatory requirements, respond to legal requests
3. AI Agent Services & Third-Party Integrations
3.1 AI Agents
NeuroGen provides AI-powered agents that can perform tasks on your behalf, including reading, drafting, and sending emails. When you interact with an AI agent:
- Your chat messages are sent to AI providers (OpenAI, Anthropic) for processing
- Agent responses, tool calls, and outcomes are logged for service delivery and usage tracking
- Agents only act on your explicit instructions — they do not autonomously monitor or process your data
- Email drafts require your explicit confirmation before sending
3.2 Google Account Integration (Gmail & Google Workspace)
When you connect your Google account to NeuroGen, you authorize our AI agents to access your Google services on your behalf. Specifically:
- Data Accessed: Email messages, email metadata (subject, sender, date, labels), and the ability to send emails via your Gmail account
- How It’s Used: Only when you explicitly instruct an AI agent to perform an email-related task (e.g., “check my unread emails”, “draft a reply to John”)
- Storage: OAuth2 refresh tokens are stored encrypted on our servers. Email content accessed by agents is processed in real-time and is not permanently stored by NeuroGen
- Revocation: You can disconnect your Google account at any time from your account settings or from your Google Account permissions page
3.3 Google API Services User Data Policy
NeuroGen’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide and improve the user-facing features that are visible to you
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable laws, or as part of a merger/acquisition with notice to users
- We do not use Google user data for serving advertisements
- We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations
4. Information Sharing
We do NOT sell your personal information. We may share data with:
- Service Providers: Stripe (payments), Google (Gmail API for connected accounts), cloud hosting providers, email services — only as needed to provide our services
- AI Providers: OpenAI and Anthropic for AI analysis features, processed per their privacy policies
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In connection with merger, acquisition, or sale of assets
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Processed Files (temporary) | Deleted within 24 hours |
| Saved Files (user storage) | Until deleted by user or account termination |
| Account Information | Duration of account + 30 days after deletion |
| Usage Logs | 90 days |
| Payment Records | 7 years (legal requirement) |
| Google OAuth Tokens | Until disconnected by user or account termination |
| AI Agent Chat Logs | 90 days |
| Email Content Accessed by Agents | Not stored — processed in real-time only |
| SMS Messages & Consent Records | 90 days (messages); consent records retained for duration of account |
6. Data Security
We implement industry-standard security measures:
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Access Controls: Role-based access, multi-factor authentication available
- Infrastructure: Secure cloud hosting with regular security audits
- Monitoring: 24/7 security monitoring and intrusion detection
- Compliance: Regular penetration testing and vulnerability assessments
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
Access
Request a copy of the personal data we hold about you
Correction
Request correction of inaccurate or incomplete data
Deletion
Request deletion of your personal data (“right to be forgotten”)
Portability
Receive your data in a portable, machine-readable format
Objection
Object to processing of your data for certain purposes
Restriction
Request restriction of processing in certain circumstances
To exercise these rights, contact us at privacy@neurogen.cc. We will respond within 30 days.
8. Cookies & Tracking
We use cookies for:
- Essential Cookies: Required for authentication and security (cannot be disabled)
- Preference Cookies: Remember your settings (dark mode, language)
- Analytics Cookies: Understand how users interact with our service
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect functionality.
8.1 Affiliate Referral Tracking
When you visit NeuroGen through an affiliate referral link (e.g., /affiliate/ref/{code}), we set a tracking cookie to credit the affiliate if you subscribe to a paid plan.
Information Collected:
- Affiliate Code: Unique identifier from the referral URL
- IP Address: Used for fraud prevention and duplicate detection
- UTM Parameters: Marketing source, medium, and campaign tags
- Conversion Events: Account creation, subscription purchases
Cookie Duration: 30 days from your first visit
Purpose: To fairly compensate affiliates who refer customers to NeuroGen and to measure the effectiveness of our affiliate program.
Opt-Out: You can opt out of affiliate tracking by:
- Clearing your browser cookies before signing up
- Using private/incognito browsing mode
- Visiting our website directly without clicking referral links
Opting out of affiliate tracking will not affect your ability to create an account or use NeuroGen services.
Data Sharing: Affiliate conversion data is shared with our affiliate partners only to the extent necessary to calculate commissions (e.g., “User X signed up for Plan Y on Date Z”). We do not share personally identifiable information with affiliates.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all service providers
- Compliance with applicable data protection laws
10. Children’s Privacy
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy on this page with an updated date
- Sending an email notification to registered users
- Displaying a notice in the application
12. Contact Us
For privacy-related questions or to exercise your rights:
- Email: privacy@neurogen.cc
- Data Protection Officer: dpo@neurogen.cc
- Address: NeuroGen Platform, Inc.
EU Users: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
Your privacy matters to us. If you have any questions, please don’t hesitate to reach out.
Contact Us Terms of Service