Privacy Policy

Effective date: 12 March 2026

1. Data Controller

Neural Detective is operated by a sole proprietor registered in Spain.

• VAT ID (NIF-IVA): Y4504039D
• Contact email: [email protected]

For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”), the data controller is the individual identified above.

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account information

When you register, we collect your name, email address, organization name, and optionally your tax/company ID. This data is necessary to create and manage your account.

2.2 Usage data

We automatically collect technical information when you use the service, including IP addresses, browser type, pages visited, and timestamps. This data helps us maintain security and improve the service.

2.3 AI decision data (via API)

When you use our API, you may send us data about AI model decisions, inputs, outputs, protected attributes, and text for safety scanning. We process this data solely to provide the monitoring, compliance, and explanation services you have requested.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

• Contract performance (Art. 6(1)(b)): Processing account and API data is necessary to provide the Neural Detective service under our terms of service.
• Legitimate interest (Art. 6(1)(f)): We process usage data for security, fraud prevention, and service improvement. Our legitimate interest does not override your fundamental rights.
• Consent (Art. 6(1)(a)): Where required, we obtain your explicit consent before processing — for example, for optional analytics cookies. You may withdraw consent at any time.

4. Data Retention

• Account data: Retained for the duration of your account and up to 30 days after deletion, unless longer retention is required by law.
• API decision and scan data: Retained for the period configured in your account settings, or 12 months by default, after which it is automatically deleted.
• Usage and security logs: Retained for up to 90 days.
• Invoicing and tax records: Retained for the legally required period under Spanish tax law (generally 4 years).

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): Obtain confirmation of whether your data is being processed and request a copy.
• Right to rectification (Art. 16): Request correction of inaccurate personal data.
• Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”).
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interest.
• Right to restriction (Art. 18): Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. International Transfers

Your data is processed and stored within the European Economic Area (EEA). If we need to transfer data outside the EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision under Article 45 GDPR.

7. Cookies

Neural Detective uses strictly necessary cookies to maintain your session and authenticate you. These cookies are essential for the service to function and do not require consent.

We do not use third-party tracking or advertising cookies. If we introduce optional analytics cookies in the future, we will obtain your consent before placing them.

8. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
www.aepd.es

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the service. The “effective date” at the top of this page indicates when the policy was last revised.

11. Contact

For any questions about this privacy policy or our data practices, contact us at:
[email protected]