Privacy Policy

How NEOSUM collects, uses, and protects your data.

Last updated: April 2025

1. Introduction

NEOSUM ("we", "our", or "us") operates the neosum.io platform — an AI-native Business Operating System. This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information. By using NEOSUM, you agree to this policy.

2. Data We Collect

  • Account data: name, email address, company name, role, and password hash.
  • Usage data: pages visited, features used, session duration, and error logs.
  • Business data: invoices, contacts, inventory records, and other ERP/CRM data you import or create.
  • Device data: IP address, browser type, operating system, and locale settings.
  • Communication data: messages sent through Neogram and support tickets.

3. How We Use Your Data

  • To provide, maintain, and improve the NEOSUM platform.
  • To authenticate you and enforce access control.
  • To run AI-powered features (NEO Agent, AI Accountant, BI dashboards).
  • To send transactional emails (invoice notifications, approval alerts, password resets).
  • To detect and prevent fraud, abuse, or security incidents.
  • To comply with applicable laws and regulations.

4. Data Sharing

We do not sell your personal data. We may share data with: (a) trusted sub-processors necessary to operate the service (cloud infrastructure, email delivery, analytics); (b) law enforcement when required by a valid legal order; (c) a successor entity in the event of a merger or acquisition, with prior notice to you.

5. Data Storage & Security

Your data is stored on servers located in the European Union and, for Iranian customers, on servers within Iran where legally required. We use AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, and regular security audits. No system is perfectly secure; please choose a strong password and enable two-factor authentication.

6. Cookies & Tracking

We use strictly necessary cookies for authentication (session token) and preference cookies for locale and theme. We do not use third-party advertising cookies. You may manage cookies through your browser settings; disabling session cookies will prevent login.

7. Data Retention

We retain your account and business data for the duration of your subscription plus 90 days after cancellation, to allow recovery. Anonymized usage analytics are retained for up to 24 months. You may request deletion at any time (see section 9).

8. International Transfers

If data is transferred outside your country of residence, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms, to ensure adequate protection.

9. Your Rights

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your account and associated data.
  • Portability: export your business data in CSV or JSON format at any time from Settings → Data Export.
  • Objection: opt out of non-essential communications via your account settings.

10. Children's Privacy

NEOSUM is intended for business use by individuals 18 years or older. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately.

11. Changes to This Policy

We may update this policy to reflect product changes or legal requirements. Material changes will be notified by email at least 14 days before taking effect. Continued use of the platform after the effective date constitutes acceptance.

12. Contact

For privacy-related requests or questions, email privacy@neosum.io. We respond within 30 days.