Legal • Updated May 22, 2026

Privacy Policy

This Privacy Policy explains how NeuroAPI collects, uses, discloses, and safeguards information when you use our website, API, MCP server, and dashboard.

1. Information we collect

Account data

Email address, hashed password, display name, organization, billing details, and authentication identifiers (e.g. Google OAuth subject ID).

Usage data

API requests, endpoint, status code, credits consumed, timestamps, IP address, and user agent. We use this for billing, abuse detection, and product analytics.

Content data

URLs, search queries, and parameters you submit, plus the responses returned. Content is processed to fulfill your request and is not used to train models.

Cookies

See our Cookie Policy.

2. How we use information

  • Provide, secure, and improve the Service
  • Authenticate users and prevent fraud
  • Meter credits and bill your account
  • Send transactional emails (receipts, security alerts, service updates)
  • Send product updates if you have opted in
  • Comply with legal obligations and enforce our Terms

3. Legal bases (GDPR)

We process personal data under one or more of the following bases: performance of a contract, legitimate interests (security, analytics, fraud prevention), consent (marketing cookies and emails), and legal obligation (tax, accounting).

4. Sharing

We share data only with vetted subprocessors strictly to operate the Service:

  • Cloud hosting — Cloudflare (edge compute), Supabase (managed Postgres & auth)
  • Payments — Stripe
  • Email — Resend
  • Analytics — first-party only; no third-party trackers

We do not sell personal data and we do not share it for cross-context behavioral advertising.

5. Data retention

  • Account data: for the life of your account plus 30 days after deletion request
  • Usage logs: 90 days
  • Scraped content and job results: 7 days unless you delete them sooner
  • Billing records: 7 years, as required by tax law

6. International transfers

Data may be processed in the United States and the European Union. Where required, transfers from the EU/UK are protected by Standard Contractual Clauses.

7. Your rights

Subject to applicable law (including GDPR and CCPA), you may request access, correction, deletion, restriction, portability, or objection to processing. Email privacy@neuroapi.me. We respond within 30 days.

8. Security

We use TLS 1.2+ in transit, encryption at rest, hashed credentials (Argon2id), least-privilege access, audit logging, and SOC 2-aligned controls. See our Security Overview.

9. Children

The Service is not directed to anyone under 16. We do not knowingly collect data from children. Contact us to remove any such data.

10. Changes

Material updates to this Policy will be announced by email or in-product banner at least 14 days before they take effect.

11. Contact

Data Protection Officer: privacy@neuroapi.me.

Questions? Email legal@neuroapi.me.