Skip to content

Privacy and data protection

Privacy Notice

A clearer, product-aware notice for website visitors, customers, support contacts, research collaborators, and enterprise users of the Neura Parse stack.

This page is a public notice. Customer-specific processing, security commitments, sub-processors, and retention controls may be governed by a separate agreement or DPA.

Company

UK company #16547481. We operate public website, product, support, research, and procurement channels for the Neura Parse stack.

Data posture

Website and commercial data are controlled by Neura Parse. Customer workflow and integration data may be processed on behalf of the customer.

AI systems

High-impact, regulated, safety-critical, or rights-affecting workflows need documented oversight, review, and deployment controls.

01

Scope

This notice explains how Neura Parse Ltd handles personal data across the public website, product inquiries, support, research collaboration, and contracted product use.

Neura Parse Ltd is a UK company registered at Companies House under company number 16547481. For website, sales, support, security, and account administration data, Neura Parse normally acts as the controller.

For customer workflow content, integration payloads, telemetry, logs, and user data processed inside a contracted enterprise deployment, Neura Parse may act as a processor or service provider under the customer agreement, data processing addendum, or order form.

This notice does not replace a signed data processing agreement, product-specific order form, enterprise security schedule, or open-source project licence.

Controller

We decide how public-site analytics, contact forms, support requests, security reports, procurement messages, and account administration data are handled.

Processor

For contracted deployments, the customer usually controls what data enters workflows, devices, integrations, and model pipelines.

02

Data categories

The exact data depends on whether you browse the site, contact us, use a hosted product, deploy NeuralOS, or collaborate on research.

Name, work email, company, role, region, support details, billing contact, authentication metadata, and communication preferences.

Demo requests, security questionnaires, procurement notes, issue reports, audit requests, messages, and support history.

Workflow definitions, run metadata, prompts, task state, approval logs, integration configuration, API events, and operational records submitted by authorized users.

For NeuralOS or edge deployments, configured telemetry may include device identifiers, software version, health signals, logs, rollout status, and security events.

Paper correspondence, benchmark artifacts, repository access details, collaborator information, reviewer notes, and reproducibility records.

IP address, browser, approximate location, pages visited, referral source, consent preferences, and optional analytics identifiers where enabled.

We do not intentionally request special-category data on the public site. Customers must avoid sending regulated health, biometric, defence, export-controlled, or child data unless a written agreement authorizes that processing and defines the required safeguards.

03

Purpose

We use data to operate the site, provide products, secure systems, support customers, improve reliability, and meet legal obligations.

  • Provide, secure, maintain, monitor, and improve the website, products, hosted environments, and support workflows.
  • Respond to demos, procurement requests, support tickets, security reports, legal requests, and research collaboration inquiries.
  • Operate authentication, access control, billing, account administration, incident response, abuse prevention, and audit trails.
  • Measure product reliability, site performance, and service adoption where analytics are enabled through consent or a lawful basis.
  • Send product, legal, security, and administrative notices, including material policy updates and service-impacting changes.
  • Comply with tax, accounting, sanctions, export control, law enforcement, corporate, and regulatory obligations.

04

UK GDPR / GDPR

Where UK GDPR or EU GDPR applies, we rely on the lawful basis that matches the processing purpose.

Basis

Contract

Typical use

Providing products, accounts, support, subscriptions, order forms, customer communications, and requested services.

Basis

Legitimate interests

Typical use

Security monitoring, fraud prevention, product reliability, B2B outreach, service improvement, and non-intrusive operational analytics.

Basis

Consent

Typical use

Optional cookies, marketing subscription, certain product telemetry, research participation, and optional communications.

Basis

Legal obligation

Typical use

Tax, accounting, corporate, sanctions, export control, law enforcement, and regulatory recordkeeping.

05

AI and autonomy

Neura Parse products are designed for governed automation, not invisible decision-making.

NowFlow and related tools may process prompts, workflow state, tool outputs, approvals, and model responses. Customers are responsible for configuring workflows with appropriate permissions, policies, human review, and rollback paths.

The public website does not make solely automated decisions that produce legal or similarly significant effects about visitors. Enterprise customers must not use our products for high-impact decisions without a lawful basis, transparency, human oversight, evaluation, and documented controls.

Where EU AI Act, sector safety, medical, defence, aviation, automotive, employment, credit, education, or biometric rules apply, the customer deployment must define roles, risk classification, documentation, testing, monitoring, and incident handling before production use.

Default stance

Workflow outputs should be reviewed where they affect rights, safety, access, eligibility, financial position, employment, health, or public services.

Evidence

Approvals, tool calls, model versions, policy checks, and run outputs should remain inspectable for debugging and governance.

06

Processors

We share data only when needed to provide, secure, improve, sell, support, or legally operate the services.

  • Infrastructure, hosting, CDN, security, observability, backup, and incident-response providers.
  • Email, support, CRM, scheduling, procurement, payment, and customer communication providers.
  • Analytics or advertising providers only if those tools are enabled and the required consent or legal basis applies.
  • Professional advisers, auditors, insurers, banks, payment processors, regulators, courts, or law enforcement where required.
  • Enterprise customer administrators where your account belongs to an organization that controls the workspace.

We do not sell personal data. If any future activity is treated as sharing for cross-context behavioral advertising or similar under applicable law, we will provide the required notice and opt-out mechanism.

07

Retention

We keep data only for as long as needed for the purpose collected, the customer agreement, security, audit, backup, legal obligations, or dispute handling.

Record type

Contact and inquiry records

Typical retention

Up to 24 months after the last meaningful interaction unless a longer business or legal need applies.

Record type

Customer account records

Typical retention

For the account term, then a limited post-termination period for export, audit, billing, and legal purposes.

Record type

Workflow, prompt, and integration records

Typical retention

Set by the customer plan, workspace settings, enterprise agreement, and backup deletion window.

Record type

Security logs

Typical retention

Usually 12 to 24 months, or longer for active investigations, abuse prevention, or compliance needs.

Record type

Billing, tax, and accounting records

Typical retention

Usually 6 to 7 years depending on applicable tax, accounting, and corporate rules.

Record type

Cookie consent preferences

Typical retention

Normally up to 12 months unless refreshed or deleted by the user.

08

International transfers

Neura Parse may use providers or infrastructure outside your country. We use transfer safeguards where required.

  • For UK or EEA data, we may rely on adequacy decisions, standard contractual clauses, the UK International Data Transfer Agreement or UK Addendum, and supplementary measures where appropriate.
  • For US transfers, we may use vendors certified under an applicable Data Privacy Framework where available, or use contractual safeguards and risk assessment.
  • Enterprise customers can request sub-processor and transfer information through procurement or security review.

09

Individual rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, port, or opt out of certain uses of personal data.

UK / EEA

Access, rectification, erasure, restriction, portability, objection, consent withdrawal, and rights related to automated decision-making.

California

Know, access, delete, correct, opt out of sale or sharing, limit sensitive personal information where applicable, and non-discrimination.

Enterprise users

If your account belongs to an organization, we may route requests to the customer administrator or controller.

Response

We may need to verify identity, authority, and jurisdiction before responding to a rights request.

Email privacy@neuraparse.com

Use the subject line Privacy Rights Request.

Email dpo@neuraparse.com

For GDPR, UK GDPR, DPA, or controller/processor questions.

10

Safeguards

We use administrative, technical, and organizational safeguards designed for product-grade automation and edge deployments.

  • Encryption in transit, least-privilege access, secure credential handling, access review, and environment separation.
  • Security logging, incident triage, vulnerability handling, backup controls, and software supply-chain hygiene.
  • Customer-configurable controls for approvals, roles, integration credentials, model routing, and audit records.
  • Security reports should be sent to security@neuraparse.com rather than public repositories.

11

Regulatory references

These official resources inform the structure of this notice. They are provided for transparency and do not replace legal advice.

ICO: Guide to the UK GDPR

UK privacy principles, individual rights, lawful bases, and controller obligations.

ICO: AI and data protection

UK guidance on AI systems, data protection, transparency, fairness, and accountability.

European Commission: AI Act

EU AI Act framework and phased application, including obligations relevant from 2025 and 2026.

California Privacy Protection Agency: CCPA

California privacy regulations, consumer rights, and opt-out mechanisms.

Contact

Send privacy rights requests, DPA questions, sub-processor inquiries, and security due-diligence routing requests to the appropriate mailbox.

privacy@neuraparse.com

Privacy rights, notices, and data handling requests.

dpo@neuraparse.com

GDPR, UK GDPR, DPA, and controller/processor questions.

security@neuraparse.com

Security reviews, vulnerabilities, attestations, and procurement checks.