Privacy Policy

1. Introduction

NeuroLine ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you access or use the NeuroLine platform ("the Service"). By using the Service, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

We collect the following categories of information:

• Account information: When you register, we collect your email address, username, and a securely hashed version of your password. We do not store your password in plain text.
• Profile information: Optional information you provide such as a display name or profile preferences.
• Usage data: Pages visited, features accessed, market pairs viewed, watchlist contents, analysis history, and interaction logs — used to improve the Service.
• Technical data: Browser type, operating system, device type, IP address, time zone, and session duration — collected for security, performance monitoring, and rate limiting.
• Payment data: Subscription plan and billing status. All payment transactions are processed by our third-party payment provider. We do not receive, store, or process credit card numbers, bank account details, or other sensitive payment credentials.
• Communications: Any messages you send to our support team, including email content, for the purpose of resolving your inquiry.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create, maintain, and secure your account.
• To authenticate your identity and manage session tokens.
• To provide access to the platform features according to your subscription plan.
• To process and manage your subscription and billing.
• To send transactional communications (account verification, password reset, billing receipts, subscription changes).
• To send important service notifications, security alerts, and policy updates.
• To monitor for and prevent fraud, abuse, and unauthorized access.
• To improve platform performance, reliability, and user experience through aggregate analytics.
• To comply with our legal obligations.

We do not use your data for advertising, behavioural profiling, or sale to third parties.

4. Legal Basis for Processing (GDPR)

Where applicable under the EU General Data Protection Regulation (GDPR) or similar laws, we process your personal data on the following legal bases:

• Contractual necessity: Processing required to fulfil the service agreement with you (account management, subscription delivery).
• Legitimate interests: Security monitoring, fraud prevention, and platform improvement.
• Legal obligation: Compliance with applicable laws and regulations.
• Consent: For any optional communications or data uses where we have obtained your consent.

5. Information Sharing and Disclosure

We do not sell, rent, trade, or share your personal information with third parties for marketing or commercial purposes. We may disclose information only in the following limited circumstances:

• Payment processors: We share billing-related information with our payment provider solely to process transactions and manage subscriptions. Our payment provider operates under its own privacy policy and complies with applicable data protection standards.
• Infrastructure and service providers: We use trusted third-party providers for hosting, email delivery, and platform monitoring. These providers are bound by strict data processing agreements and may only process data as directed by us.
• Legal requirements: We may disclose your information when required by law, court order, regulatory authority, or government request, or when necessary to protect the rights, property, or safety of NeuroLine, its users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. You will be notified in advance of any such change.

6. Data Security

We implement industry-standard technical and organisational measures to protect your personal data:

• Passwords are hashed using PBKDF2-SHA256 with a minimum of 100,000 iterations and unique per-user salts. Plain text passwords are never stored or transmitted.
• All data in transit is encrypted using HTTPS/TLS.
• Authentication session tokens (JWTs) expire automatically after 48 hours.
• Rate limiting and account lockout mechanisms are applied to authentication endpoints to prevent brute-force attacks.
• Access to production systems and user data is restricted to authorised personnel only.
• We conduct periodic reviews of our security practices.

While we take security seriously, no system is completely immune to threats. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: Retained for the duration of your account. Upon account deletion, personal data is permanently removed within 30 days, except where retention is required by law.
• Billing records: Retained for up to 7 years to comply with financial and tax regulations.
• Support communications: Retained for up to 2 years after the last interaction.
• Anonymised analytics: May be retained indefinitely as they cannot identify individual users.

8. Cookies and Local Storage

We use the following types of storage on your device:

• Essential session storage: We store your authentication token in browser local storage to maintain your login session. This is strictly necessary for the Service to function.
• Preference storage: We may store UI preferences (such as selected timeframes or watchlist state) locally to improve your experience.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that share data with external parties. We do not use cookies for behavioural advertising or cross-site tracking.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your account and personal data, subject to legal retention requirements.
• Right to data portability: Request your personal data in a structured, machine-readable format.
• Right to restriction: Request that we restrict processing of your data in certain circumstances.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at support@neuroline-ai.com. We will respond within 30 days. We may need to verify your identity before processing certain requests.

10. International Data Transfers

NeuroLine operates with infrastructure that may be located in various countries. If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent data protection mechanisms, to protect your information in accordance with applicable law.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a user under 18, we will promptly delete that information. If you believe a minor has provided us with their data, please contact us immediately.

12. Third-Party Links

The Service may contain links to third-party websites or services. This Privacy Policy applies solely to NeuroLine. We are not responsible for the privacy practices of any third-party sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes via email and/or in-app notification at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact

For any privacy-related questions, data access requests, or concerns, please contact us: