Privacy Policy

Last updated: September 2025

🇪🇺 European Data Sovereignty: All data processing occurs within EU borders with full GDPR compliance and enterprise-grade security.

1. Introduction

NeuroCluster B.V. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI infrastructure and automation platform.

As a European company, we adhere to the General Data Protection Regulation (GDPR) and other applicable data protection laws. We believe in transparency and your right to control your personal data.

2. Information We Collect

2.1 Personal Information

Account Information: Name, email address, company details, job title
Contact Information: Phone number, mailing address, billing information
Profile Information: Professional background, investment interests, preferences
Communication Data: Messages, support tickets, feedback

2.2 Technical Information

Usage Data: Platform interactions, feature usage, session duration
Device Information: IP address, browser type, device identifiers
Performance Data: System performance metrics, error logs
Cookies and Tracking: As described in our Cookie Policy

2.3 Business Data

AI Workloads: Models, training data, inference requests
Infrastructure Usage: Resource consumption, deployment configurations
Financial Information: Billing data, payment methods, transaction history

3. How We Use Your Information

We use your information for the following purposes:

Service Provision: Deliver AI infrastructure and automation services
Account Management: Create and maintain user accounts, authentication
Customer Support: Respond to inquiries, troubleshoot issues
Platform Improvement: Analyze usage patterns, enhance features
Security: Detect fraud, prevent abuse, ensure system security
Legal Compliance: Meet regulatory requirements, respond to legal requests
Communication: Send service updates, security alerts, marketing (with consent)
Business Operations: Billing, accounting, business analytics

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

Contract Performance: To provide services you've requested
Legitimate Interest: For business operations, security, and improvements
Consent: For marketing communications and non-essential cookies
Legal Obligation: To comply with applicable laws and regulations
Vital Interest: To protect health and safety in emergency situations

5. Data Sharing and Disclosure

5.1 We May Share Data With:

Service Providers: EU-based cloud providers, payment processors, analytics tools
Business Partners: Authorized resellers, integration partners (with your consent)
Legal Authorities: When required by law or to protect rights and safety
Corporate Transactions: In case of merger, acquisition, or asset sale

5.2 We Do NOT:

Sell personal data to third parties
Share AI training data or models without explicit permission
Transfer data outside the EU without adequate safeguards
Use your data for unauthorized marketing or advertising

6. Data Security

We implement comprehensive security measures:

Encryption: Data encrypted in transit and at rest using industry standards
Access Controls: Role-based access, multi-factor authentication
Infrastructure Security: Secure data centers, network isolation, monitoring
Regular Audits: Security assessments, penetration testing, compliance reviews
Incident Response: 24/7 monitoring, rapid response procedures
Staff Training: Regular security awareness and data protection training

7. Your Data Protection Rights

Under GDPR, you have the following rights:

Access: Request copies of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a portable format
Objection: Object to processing based on legitimate interest
Withdraw Consent: Revoke consent for consent-based processing

To exercise your rights: Contact us at [email protected] or use the settings in your account dashboard.

8. Data Retention

We retain personal data only as long as necessary:

Account Data: While your account is active plus 3 years
Business Records: 7 years for tax and legal compliance
Technical Logs: 12 months for security and performance analysis
Marketing Data: Until consent is withdrawn
AI Training Data: As specified in your service agreement

9. International Data Transfers

As part of our commitment to European data sovereignty, we primarily process data within the EU. When transfers outside the EU are necessary, we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions for approved countries
Additional safeguards and risk assessments
Your explicit consent for specific transfers

10. Children's Privacy

Our services are designed for business and professional use. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will:

Notify you of material changes via email or platform notification
Post the updated policy on our website with the effective date
Provide a summary of key changes when significant updates occur
Obtain consent for changes that expand how we use your data

12. Contact Information

Data Controller

NeuroCluster B.V.
Eindhoven, Netherlands
Email: [email protected]

Data Protection Officer

Email: [email protected]
For data protection inquiries and rights requests

Supervisory Authority: If you have concerns about our data processing, you can contact your local data protection authority or the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Loading NeuroCluster...

Europe's AI Infrastructure