neuRealities Privacy and Cookie Policy
Version: 1.0 | Date: September 2025
1. Introduction
neuRealities Inc. (“neuRealities”, “we”, “our” or “us”) is committed to ensuring that your privacy is protected. This Privacy and Cookie Policy (“Privacy Policy”) describes how we use the personal information that we collect from you, or that you provide, when you:
visit any of our websites, platforms, portals or online environments (the “Websites”);
use the services and other products (together the “Services”) that we provide; or
communicate with us.
This Privacy Policy also describes the Personal Data processing where personal information about you is provided by third parties or agents acting on your behalf.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). It does not include data where the identity has been removed (anonymous data).
This Privacy Policy contains important information on who we are and how and why we collect, store, use and share your Personal Data. It also explains your rights in relation to your Personal Data and how to contact us or supervisory authorities in the event you have a complaint.
For the purpose of this Privacy Policy, neuRealities is the Data Controller of your Personal Data. Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes and manner personal information Is processed.
Personal Data can take several different forms, including:
Contact Data—data such as your name, email address, and telephone numbers.
Usage Data—includes information about how you use our website, products and services, for example, internet protocol (IP) address, your login Identifier, browser type and version, time zone setting and location.
Aggregated Data—collection of multiple data types as part of statistical analysis.
Marketing and Communications Data—includes your preferences in receiving marketing from us and our third parties and your communication preferences.
2. What data is collected?
Personal Data
While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.
Special Category Data: We do not collect any special categories of Personal Data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health data) or collect any information about criminal convictions and offences.
Usage Data
Usage Data are the metrics by which a user interacts with the website (for example, the duration of a page visit, links clicked, etc.) and is collected automatically while navigating and interacting with the Website. We collect personal information about you indirectly, including through automated means from your device when you use our Services. Some of the information we collect indirectly is captured using cookies and other tracking technologies, as explained below
Usage data includes tracking technologies, such as beacons, tags, and scripts, to collect and track information on how a Website or Service is accessed and used. This may include
information such as your computer's Internet Protocol (IP) address), browser type, browser version, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Aggregated Data
We also collect, use, and share aggregated data such as statistical or demographic data (“Aggregated Data”) for any purpose. Aggregated Data could be derived from your Personal Data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.
3. Why do we process your Personal Data?
The information that we collect and store relating to you is primarily used In the performance of a contract with you. We will only use your Personal Data when the law allows us and, in the following circumstances:
to provide information on other products and Services which we think may be of interest to you, in accordance with your communications and consent preferences;
to meet our contractual commitments to you or to take steps at your request before entering into a contract;
to review the performance and effectiveness of Services and products, including related continual improvement activities;
to support internal efficiency, training and quality control activities;
to analyze and monitor your use of our products or features to ensure compliance with our terms of use and to help develop, improve, and provide our Services.
as necessary to prevent or detect crime;
the processing is in our legitimate interests, and it is not overridden by your rights;
where we have your consent to do so;
to comply with applicable law.
A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and freedoms. We carry out an assessment when relying on legitimate interests, to balance our interests against your own.
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Website or provide Services, or for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
In some cases, we may also have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If you decline to provide Personal Data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service. We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose.
4. How is data collected?
The personal information we collect from you, either directly or indirectly, will depend on how you interact with us and with our Websites and/or Services. We collect data using the following methods:
Direct interactions. We collect Personal Data directly from you when you choose to provide us with this information online on our Websites, through communications with us, and through your other interactions with us (such as data collected via customer service communications). You may give us your contact data by filling in forms or corresponding
with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
Apply for our products or Services
Enter a competition, promotion, or survey
Give us feedback or contact us
Indirect interactions. We collect personal information about you indirectly, including through automated means from your device when you use our Services. As you interact with our Website, we will automatically collect Usage Data about your equipment, browsing actions and patterns. We collect this data by using cookies and other similar technologies. The information is used for the sole purpose of remembering your device and your interactions with our website.
Third Parties. We may receive Personal Data about you from various third parties as set out below:
analytics providers
advertising networks
search information providers
but only where we believe that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
Cookies & Tracking
Cookies are small file(s) stored on your device (computer, mobile device, or virtual reality headset) when browsing a website.
We provide the ability to decline the usage of these cookies except were deemed necessary for the functionality of the website to remain operational. Most browsers allow you to refuse to accept cookies and to delete cookies.
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
Below is a table containing the current cookies used on neuRealities websites, and by
| NAME | DOMAIN | TYPE | PLATFORM |
|---|---|---|---|
| _cf_bm | .hs-scripts.com | Marketing | Hubspot |
| __cf_bm | .hs-banner.com | Marketing | Hubspot |
| __cf_bm | .hs-analytics.net | Marketing | Hubspot |
| __cf_bm | .hsforms.com | Marketing | Hubspot |
| _cfuvid | .hsforms.com | Marketing | Hubspot |
5. Chat Session Content
Chat Session Content consists of the messages exchanged, the model response, evaluation metrics, metadata, and a timestamp. This includes but is not limited to your chat history and any personal information in inputs, in the form of data, documentation, questions, answers or otherwise which is inputted into our AI products or features, such as, for example, our AI Assistant Web application. We also collect Usage Data with our AI features. Chat Session Content information comes directly from you (e.g. inputs) and automatic collection (e.g. chat history and Usage Data).
Our use of Chat Session Content will align with the purposes in this Privacy Policy and may include:
Monitoring & Metrics – track token usage, model selection, and routing decisions to understand cost, performance, and reliability.
Debugging / Incident Review – if a user reports “the assistant gave a bad answer” or “timed out,” we can replay or inspect the stored session to reproduce the issue.
Quality Assurance – reviewing assistant outputs (and possibly reasoning traces) to help improve prompts, models, or routing strategies.
Analytics & Insights – understanding which models are being used most, how long sessions run, and how users interact with the system.
Personalization – potentially remembering past context or user preferences.
6. Marketing
If you opt-in to receive newsletters, marketing or promotional materials, and other information that may be of interest to you, we will use your Personal Data to contact you or send you the information you requested. You may opt-out of receiving any, or all, of these communications from us at any time by following the unsubscribe link or the instructions provided in any email we send or at any time by contacting us.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us because of a Service purchase or other transactions. Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your consent before sending third party direct marketing communications to you via email or text message.
7. Data Sharing
We may share your Personal Data with any company within our corporate group of affiliates where lawful bases exist and to third-party service providers to process data as per the purposes set out in this Privacy Policy. We require all affiliates and third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our affiliates or third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Sale of Personal Data
We do not sell your Personal Data to third parties and will not ever do so without first obtaining your consent. You have the right to opt out of any such sale at the time we notify you or at any point thereafter in the future.
8. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, use, disclosure, alteration, or destruction. These measures include:
Encryption of data in transit and at rest
Access controls limiting who can view your information
Regular security assessments and updates
Secure data storage and backup procedures
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. We encourage you to use strong passwords and keep your account information confidential.
In the event of a data breach that may compromise your personal information, we will notify you and relevant authorities as required by applicable law
9. International Transfers
In order to provide or market our Services to you, your Personal Data may be transferred to, stored in and processed in, countries outside of the EEA (includes EU), Switzerland, the UK and/or the United States. If you are using our Services from:
within the United States, you acknowledge your Personal Data may be transferred, stored and processed in the UK, Switzerland, the EEA (includes EU), and/or other countries and that and that your Personal Data will be processed by entities and individuals operating outside of the United States for the purposes as described in this Privacy Policy; or
outside the United States, you acknowledge your Personal Data may be transferred, stored and processed in the United States or other countries and that your Personal Data will be processed by entities and individuals either operating outside of the EEA (includes EU), Switzerland, and/or the UK for the purposes as described in this Privacy Policy.
These entities and individuals include our affiliates as well as various business partners and counterparties.
When we transfer, store, or process your data, we do so in accordance with this Privacy Policy and applicable law, including the implementation of appropriate and adequate safeguards in seeking to ensure that Personal Data is transferred to an adequate level of protection.
10. Data Retention
We will retain your Personal Data for as long as necessary for the purposes set out in this Privacy Policy and to the extent of compliance with legal obligations. In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes.
11. Data Protection Rights
Certain U.S. states have adopted privacy laws that give certain rights to individuals over their Personal Data. We provide these rights to all residents of the U.S., regardless of where they live. When we offer Services to you, or you access our website from the European Economic Area (EEA), we are subject to the UK General Data Protection Regulation (UK GDPR) or the EU General Data Protection Regulation (EU GDPR), depending on your location.
Your principal rights under relevant data protection laws, are summarised as the rights to:
Request access to your Personal Data.
Request correction of your Personal Data.
Request erasure of your Personal Data.
Object to processing of your Personal Data.
Request restriction of processing your Personal Data
Request transfer of your Personal Data.
Right to withdraw consent. Please note: If you withdraw your consent, we may not be able to provide certain products or services to you.
If applicable, the right to opt out of the sale of your business information.
Not be discriminated against for exercise of any of these rights.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To exercise your rights above, please contact us as described in section 3.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You have the right to lodge a complaint with a data protection supervisory authority in the UK or in the EU Member State where you live, work, or where you believe a violation has occurred. If you believe we have not complied with this privacy policy or California privacy laws, you may file a complaint with the California Privacy Protection Agency at cppa.ca.gov. We would, however, appreciate the chance to deal with your concerns before you approach an oversight body, so we ask that you please contact us in the first instance before approaching those regulators.
1. Third Party Links
You might find links to third party websites on our Websites or within documentation we provide. If you access other websites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their own privacy notices, which you should review.
We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
2. Children
This website is not intended for children, and we do not knowingly collect data relating to children.
3. Contact Details
Our representatives with respect to our obligations under data protection law are available at privacy@neurealities.com
4. Changes to the Privacy Notice
We may change this Privacy Policy from time to time by updating this document.
The online version is available at www.neurealities.com/privacy-and-cookie-policy. You should check this page from time to time to ensure that you are happy with any changes.
If material changes are made to this Privacy Policy, we will notify you by placing a prominent notice on the Website.