Privacy Policy & Legal Terms
Effective Date: May 22, 2026
1. Scope and Explicit Consent
This Privacy Policy and Legal Agreement ("Agreement") governs the collection, processing, routing, and protection of data by Neuralith AI Studio ("Neuralith", "we", "us", or "Company"). By accessing, registering for, or utilizing the Neuralith application, web platform, or API (collectively, the "Service"), you hereby grant explicit, legally binding consent to the practices described in this Agreement. If you do not agree with these terms, you must immediately cease all use of the Service.
2. Data Categorization and Processing
For the purposes of this Agreement, data is legally categorized as follows:
- Personally Identifiable Information (PII): Email addresses, cryptographic authentication tokens, and basic user profiles strictly necessary for account provisioning.
- User Content (The "Payload"): Intellectual property including, but not limited to, text prompts, proprietary code snippets, uploaded documents, and subsequent AI-generated outputs.
- Statutory Financial Data: Transaction histories, real-time token consumption metrics, and credit ledger balances required for billing and legal compliance.
3. Third-Party Sub-Processors & Disclaimer of Liability
Neuralith operates strictly as an orchestration and routing layer. To fulfill its core functionality, User Content must be actively transmitted to third-party Large Language Model providers acting as Sub-processors (including, but not limited to, OpenAI, Anthropic, Google, DeepSeek, and Mistral).
Neuralith utilizes Enterprise-grade API endpoints.
Under the binding Service Level Agreements (SLAs) of
these Sub-processors, your User Content is strictly prohibited from being used to train or
improve their foundational AI models.
LIMITATION OF LIABILITY: While we enforce
TLS 1.3 encryption in transit, Neuralith assumes zero legal liability or indemnification
obligations for any data breaches, unauthorized access, or policy
violations occurring directly on the infrastructure or
servers of these third-party Sub-processors.
4. Security Standards & Volatile Processing
We employ commercially reasonable technical safeguards to protect your data. Active conversational contexts are processed using volatile, ultra-low-latency in-memory data stores (e.g., Redis). Transient data is routinely flushed and overwritten to minimize risk exposure. However, Neuralith provides the Service on an "AS-IS" and "AS-AVAILABLE" basis without warranties of absolute security.
5. Account Termination & Mandatory Statutory Retention
Users maintain the right to initiate the deletion of their accounts. Upon execution of an account deletion request:
- Immediate Purge: All active User Content, chat logs, uploaded files, and custom system configurations are irrevocably destroyed from our active production servers.
- Statutory AML/KYC Retention: To comply with international Anti-Money Laundering (AML) regulations, tax legislation, and to prevent systematic credit fraud, Neuralith is legally obligated to retain your hashed Email Address and Financial Transaction/Balance Ledger for exactly one (1) calendar year post-deletion. This data is segregated into encrypted cold storage and is accessible solely for binding legal, financial, or law enforcement audits.
6. Children's Privacy
Our Service is not intended for individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction, such as 16 under GDPR Article 8). We do not knowingly collect, solicit, or process personal data from children. If we become aware that a child has provided us with personal data without verifiable parental consent, we will take immediate steps to delete such information and terminate the associated account.
7. International Data Transfers
Neuralith operates on a globally distributed infrastructure. Your data, including User Content, may be transferred to, processed, and stored on servers located in various jurisdictions (including the United States, European Union, and Asia-Pacific regions). When transferring data across borders, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and ensure that Sub-processors adhere to equivalent data protection standards.
8. Cookies & Tracking Technologies
The Service uses strictly necessary cookies and local storage for authentication, session management, and security purposes only. We do not deploy behavioral advertising cookies, third-party analytics trackers, or fingerprinting scripts. No cookie consent banner is required under the ePrivacy Directive for these essential cookies. Should we introduce non-essential tracking in the future, we will provide prior notice and obtain explicit opt-in consent.
9. Your Rights (GDPR, CCPA, KVKK & Equivalent)
Depending on your jurisdiction, you may exercise the following rights regarding your personal data:
- Right of Access: Request a structured copy of your PII and usage data.
- Right of Rectification: Correct inaccurate or incomplete personal data.
- Right of Erasure ("Right to be Forgotten"): Request deletion of your data, subject to the Statutory Retention obligations in Section 5.
- Right of Data Portability: Receive your non-proprietary data in a machine-readable format.
- Right to Object & Restrict Processing: Object to or restrict certain processing activities where applicable.
To exercise any of these rights, contact us at the address listed in Section 12. We will respond within the statutory timeframe (typically 30 days). We will verify your identity before processing your request to prevent unauthorized access.
10. General Limitation of Liability & Indemnification
Generative Artificial Intelligence is inherently probabilistic. By using the Service, you expressly agree that Neuralith shall not be held liable for any direct, indirect, incidental, special, or consequential damages (including loss of profits, data, or intellectual property) arising from the outputs generated by the AI models. You assume full legal and operational responsibility for the implementation of any generated code, text, or architecture in your proprietary environments.
11. Changes to This Policy & Governing Law
We may update this Agreement periodically to reflect changes in our practices, technology, or applicable law. When material changes are made, we will notify active users via email and/or a prominent in-app notice at least 14 days prior to the change taking effect. The "Effective Date" at the top of this document will always indicate the latest revision.
This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles. Any dispute arising from this Agreement shall be subject to binding arbitration in accordance with the rules of the American Arbitration Association.
12. Legal Inquiries & DPO Contact
For formal legal inquiries, GDPR/CCPA data export requests, or to contact our Data Protection Officer (DPO), please initiate a transmission to our legal department:
[email protected]