Last updated:
This document is available in multiple languages. In case of any conflict between translations, the English version shall prevail.
Neumar ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our web application, desktop application, and related services (collectively, the "Services").
This policy applies to all users worldwide. Where specific regulations (such as GDPR, CCPA/CPRA, or LGPD) grant additional rights, those are addressed in dedicated sections below.
(a) Account Information: Name, email address, and authentication credentials when you register. (b) Profile Information: Optional details such as profile photo, job title, or organization name. (c) Payment Information: Billing address and payment method details (processed by our third-party payment provider; we do not store full payment card numbers). (d) Customer Data: Content, files, messages, and data you upload or create through the Services. (e) Communications: Information you provide when contacting support or providing feedback.
(a) Usage Data: Features used, actions taken, timestamps, and session duration. (b) Device Information: Operating system, browser type, device type, screen resolution, and application version. (c) Network Information: IP address, approximate geographic location (city/country level), and internet service provider. (d) Cookies and Similar Technologies: As described in our Cookie Policy. (e) Log Data: Server logs, error reports, and performance metrics.
The Neumar desktop application stores certain data locally on your device: (a) Local Database: Task data, session history, and configurations stored in SQLite. (b) Workspace Files: Files within your configured workspace directory. (c) Application Settings: Preferences, MCP server configurations, and API keys stored locally.
This locally stored data is not transmitted to our servers unless you explicitly use features that require cloud synchronization.
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:
(a) Contract Performance: Processing necessary to provide the Services you have requested. (b) Legitimate Interest: Analytics, security monitoring, fraud prevention, and service improvement, where our interests do not override your fundamental rights. (c) Consent: Marketing communications, optional analytics, and non-essential cookies. You may withdraw consent at any time. (d) Legal Obligation: Compliance with applicable laws, regulations, and legal processes.
We use your information for the following purposes:
(a) Service Delivery: To operate, maintain, and provide the features of the Services. (b) Account Management: To manage your account, process payments, and provide customer support. (c) Service Improvement: To analyze usage patterns and improve our Services (using aggregated, anonymized data). (d) Security: To detect, prevent, and respond to fraud, abuse, and security incidents. (e) Communications: To send transactional notifications (account updates, security alerts) and, with your consent, marketing communications. (f) Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Important: We do NOT use your Customer Data or any personal information to train AI models. Your data is processed solely to deliver the Services you have requested.
We may share your information with the following categories of recipients:
(a) AI Service Providers: When you use AI-powered features, your prompts and relevant context are transmitted to third-party AI providers (e.g., Anthropic, OpenAI, Google) for processing. These providers are contractually prohibited from using your data for model training. (b) Cloud Infrastructure Providers: We use cloud services for hosting and data storage, governed by data processing agreements. (c) Payment Processors: Payment information is processed by PCI-compliant third-party payment providers. (d) Analytics Providers: We use privacy-focused analytics tools to understand service usage (aggregated data only). (e) Legal and Compliance: We may disclose information when required by law, court order, or to protect our legal rights. (f) Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.
We do not sell your personal information to third parties.
We retain your personal information for as long as necessary to provide the Services and fulfill the purposes described in this policy:
(a) Account Data: Retained for the duration of your account plus 30 days after deletion to allow for data export. (b) Usage and Analytics Data: Retained in aggregated, anonymized form for up to 24 months. (c) Payment Records: Retained for up to 7 years as required by tax and financial regulations. (d) Support Communications: Retained for up to 3 years after resolution. (e) Legal Hold: Data may be retained beyond standard periods when required for legal proceedings.
Locally stored data on the desktop application persists until you uninstall the application or manually delete it.
We implement industry-standard security measures to protect your data:
(a) Encryption: Data in transit is encrypted using TLS 1.2+. Cloud-stored data is encrypted at rest using AES-256. (b) Access Controls: Role-based access control, multi-factor authentication support, and principle of least privilege. (c) Infrastructure Security: Regular security assessments, vulnerability scanning, and penetration testing. (d) Incident Response: We maintain an incident response plan and will notify affected users within 72 hours of discovering a data breach, as required by applicable law. (e) Row-Level Security: Database access is enforced through row-level security policies ensuring users can only access data they are authorized to view.
No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
Your data may be processed in countries other than your country of residence. When we transfer personal data outside the EEA, UK, or Switzerland, we rely on:
(a) Standard Contractual Clauses (SCCs) approved by the European Commission. (b) Adequacy decisions where the destination country has been deemed to provide adequate data protection. (c) Your explicit consent where no other mechanism is available.
All transfers are subject to appropriate safeguards to ensure your data receives equivalent protection.
Regardless of your location, you have the right to: (a) Access the personal information we hold about you. (b) Correct inaccurate or incomplete personal information. (c) Delete your account and associated personal data. (d) Export your data in a portable format. (e) Opt out of marketing communications at any time.
If you are in the EEA, UK, or Switzerland, you additionally have the right to: (a) Restrict processing of your personal data. (b) Object to processing based on legitimate interest. (c) Withdraw consent at any time without affecting the lawfulness of prior processing. (d) Lodge a complaint with your local supervisory authority. (e) Not be subject to decisions based solely on automated processing, including profiling, that produce legal effects.
If you are a California resident, you additionally have the right to: (a) Know what personal information we collect, use, and disclose. (b) Request deletion of your personal information. (c) Opt out of the sale or sharing of personal information (we do not sell personal information). (d) Non-discrimination for exercising your privacy rights. (e) Limit the use of sensitive personal information. (f) Access information about automated decision-making technology and opt out of its use.
To exercise any of these rights, contact us at privacy@neumar.app. We will respond to verified requests within 30 days (or as required by applicable law).
The Services are not directed to children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@neumar.app.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Services at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates the most recent revision. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your privacy rights:
Email: privacy@neumar.app Website: https://neumar.app/contact
For GDPR-related inquiries, you may also contact our Data Protection team at dpo@neumar.app.
