Privacy Policy

1. Introduction

Neuruz Innovations ("we", "our", or "us") operates the Neuruz application, a communication and task management platform designed for neurodivergent (ND) and neurotypical (NT) individuals. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our application and services.

By using Neuruz, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

Account Information:

• Name and display name
• Email address
• Password (stored securely using bcrypt hashing)
• Neurotype preferences
• Language preference

Usage Data:

• Messages sent within groups
• Tasks and to-do items you create
• Group memberships and interactions
• Guardian/caregiver relationships (if applicable)
• Online status and activity timestamps

Technical Data:

• Session information
• Browser type and device information
• IP address (for security purposes)

3. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve the Neuruz application
• Enable real-time messaging and task management features
• Facilitate group communication and collaboration
• Support guardian/caregiver oversight features
• Send service-related email notifications
• Provide AI-powered assistance features (optional)
• Ensure the security and integrity of our services

4. AI Features and Third-Party AI Services

Neuruz offers optional AI-powered features that require sending data to third-party AI providers. These features are disabled by default and must be explicitly enabled by you in your account settings.

What data is sent to AI providers:

• Message content (when AI mediation is enabled, your messages are sent for tone softening suggestions)
• Task descriptions (when auto-detection is enabled, messages are analyzed to suggest tasks)
• No personally identifiable information (name, email, password, IP) is sent to AI providers

Who receives the data:

Data is sent to the AI provider you configure in settings:

• OpenAI (GPT models) — openai.com/policies/privacy-policy
• Anthropic (Claude) — anthropic.com/legal/privacy
• Google (Gemini) — policies.google.com/privacy

Your consent and control:

• On your first login, you are shown a consent modal that explicitly asks for permission before any AI features can be used. You cannot bypass this modal without making a choice.
• AI features are opt-in — the AI consent checkbox is unchecked by default.
• If you refuse AI consent, all AI features are disabled server-side. Attempts to enable them in Settings will re-prompt for consent.
• You can disable AI features at any time in Settings > AI Assistant.
• When AI features are disabled, no data is sent to any AI provider.
• AI providers do not use your data to train their models (as per their API terms of service).
• Data is not retained by AI providers beyond the request processing.

By enabling AI features, you agree to your message and task content being processed by the selected third-party AI provider under their respective privacy policies.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information:

• Passwords are hashed using bcrypt before storage
• All data transmission is encrypted using HTTPS/TLS
• Session data is stored securely in Redis with expiration
• Database access is restricted and connection-pooled
• Application runs in isolated containerized environments

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Within groups: Messages and tasks are visible to members of your groups
• Guardian access: If a guardian relationship is established, guardians may access supervised account activity
• AI providers: Only when you use optional AI features
• Legal requirements: When required by law or to protect our rights

7. Data Retention and Account Deletion

We retain your personal data for as long as your account is active or as needed to provide our services.

You may delete your account at any time directly within the app:

1. Go to Settings
2. Scroll to Account
3. Tap Delete Account
4. Enter your password to confirm

Two-step deletion process:

• Immediate (Day 0): Your account is deactivated and becomes inaccessible. Your profile, messages, and tasks stop appearing in the app. You are logged out immediately.
• Permanent (Day 30): After 30 days, all your personal data (profile, messages, tasks, guardian relationships, group memberships, session logs, invites) is permanently deleted from our active databases via an automated scheduled job. This action is irreversible.

Confirmation email: Upon deactivation, you will receive an email confirming the deletion request and containing a reactivation link. This email is provided as a safeguard in case the deletion was accidental or you change your mind.

Reactivation within 30 days: You may reactivate your account at any time during the 30-day grace period using either (a) the reactivation link in the confirmation email, or (b) by attempting to log in — the app will offer to resend a reactivation link. Upon reactivation, all your data is restored.

Backups: Data may persist in encrypted backups for up to 90 days after permanent deletion for disaster recovery purposes, after which backups are permanently purged.

Third-party AI data: Data that was shared with third-party AI providers (OpenAI, Anthropic, Google) during your use of the app is subject to their respective retention policies (see Section 4). We do not have the technical ability to delete data from third-party AI providers on your behalf.

8. Your Rights

In accordance with applicable privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

• Access your personal information
• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Withdraw consent for data processing
• Request a copy of your data in a portable format

9. Children's Privacy

Neuruz is designed to be inclusive of neurodivergent individuals of various ages. For users under 13, guardian consent and oversight is required through our guardian/caregiver system. We do not knowingly collect personal information from children under 13 without parental or guardian consent.

10. Cookies and Local Storage

We use session cookies to maintain your authenticated session. We also use browser local storage and service workers to enable offline functionality. These are essential for the application to function and cannot be disabled while using the service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the application or via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

← Back to Neuruz