Privacy Policy and Notice

Effective Date: August 1, 2025
Last Updated: January 22, 2026

This Privacy Policy and Notice (“Privacy Notice”) explains how Instituto Neumair (“Instituto Neumair,” “we,” “us,” “our”) collects, uses, discloses, retains, and protects Personal Data when you access or use our websites, applications, and related services (collectively, the “Service”). By using the Service, you acknowledge that you have read and understood this Privacy Notice.

1. Definitions

“Personal Data” means information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable person.

“Processing” means any operation performed on Personal Data (e.g., collection, storage, use, disclosure, deletion).

“You” means the individual user of the Service, including account holders and visitors.

2. Scope

This Privacy Notice applies to Personal Data processed by us in connection with the Service.

This Privacy Notice does not apply to third-party services accessed through links or integrations. Their practices are governed by their own policies.

3. Categories of Personal Data We Collect

We may collect the following categories of Personal Data:

  1. Account and Profile Data: name (if provided), email address, account identifiers, preferred name or personalization fields (if used), and similar account information.
  2. Service Content and Inputs: content you submit to the Service, including messages, prompts, session titles, and any files or text you upload (“User Content”).
  3. Device, Log, and Usage Data: IP address, device and browser type, operating system, timestamps, session identifiers, pages/screens viewed, feature usage, error logs, performance diagnostics, and security/audit logs.
  4. Cookies and Similar Technologies: cookie identifiers, local storage identifiers, and related telemetry used for login/session continuity, security, and analytics (see Section 10).
  5. Communications Data: emails or messages you send to us (e.g., support requests) and associated metadata.
  6. Payment and Transaction Data (Paid Plans, if applicable): when you purchase a paid plan, payments may be processed by a payment provider and/or merchant of record (“MoR”) (for example, Paddle). We may receive limited transaction metadata such as billing status, plan type, currency, timestamps, invoice identifiers, and fraud signals. We do not store full payment card numbers.
Professional caution: Do not upload patient/client identifiers or sensitive personal data unless you have a lawful basis and authorization to do so, and the use is compliant with your professional obligations and applicable laws.

4. How We Use Personal Data (Purposes)

We process Personal Data for the following purposes:

  1. Provide and operate the Service (authentication, account management, delivering features, saving settings).
  2. Security and abuse prevention (fraud detection, incident response, audit logging, enforcing terms).
  3. Service improvement and analytics (performance monitoring, debugging, feature usage analysis).
  4. Support and communications (responding to requests, sending service notices, administrative messages).
  5. Billing and compliance (subscription management, invoicing support, tax/accounting obligations, where applicable).
  6. Legal and regulatory compliance (responding to lawful requests, protecting rights, and enforcing agreements).

5. Legal Bases (Where Applicable)

Depending on your jurisdiction, we process Personal Data under one or more of these bases:

  1. Contract (to provide the Service you request);
  2. Legitimate interests (security, fraud prevention, service reliability, and improvement);
  3. Consent (where required, such as certain cookies or optional features);
  4. Legal obligation (accounting, tax, lawful requests).

6. AI Processing, Model Training, and Human Review

AI Processing: User Content may be processed by automated systems to generate outputs and operate the Service.

No training on your User Content by default: We do not use your User Content to train general-purpose AI models by default. If we offer an explicit opt-in program for training or research purposes, participation will require your affirmative consent.

Human access: Access to User Content by humans is restricted and permitted only when reasonably necessary for security, abuse investigation, technical support you request, or legal compliance.

7. Disclosures of Personal Data

We may disclose Personal Data only as follows:

  1. Service providers (processors): vendors that help us operate the Service (hosting, databases, monitoring, analytics, customer support tooling). Providers may process Personal Data only on our instructions for the purposes described here.
  2. Payment providers / Merchant of Record: for paid plans, payment and invoicing data is processed by the payment provider/MoR under their own terms and privacy practices. We may receive limited transaction metadata necessary to deliver access and support billing.
  3. Legal, compliance, and protection: to comply with law, respond to lawful requests, protect rights and safety, investigate fraud/security issues, or enforce agreements.
  4. Business transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, Personal Data may be transferred subject to customary confidentiality protections.

No sale of Personal Data: We do not sell Personal Data.

8. International Data Transfers

The Service may be hosted or operated using infrastructure and vendors located in multiple countries. If Personal Data is transferred internationally, we take reasonable steps designed to protect it consistent with this Privacy Notice and applicable law.

9. Retention and Deletion

9.1 Session/Content Deletion

When you delete a session/conversation, we delete the associated conversation content from the Service’s primary, user-facing systems so it is no longer available to you through the Service.

9.2 Account Deletion

When you delete your account, we delete or de-identify Personal Data and User Content associated with your account from the Service’s primary systems.

9.3 Limited Retention (What May Remain and Why)

Even after deletion requests, we may retain limited data when necessary for:

  1. Security, audit, and abuse-prevention logs (which may include IP address, device/session identifiers, timestamps);
  2. Fraud prevention and platform integrity;
  3. Billing, invoicing, tax, and accounting records (especially for paid plans);
  4. Compliance with legal obligations;
  5. Aggregated or de-identified analytics that cannot reasonably identify you.

We do not retain deleted conversation content for the purpose of restoring it to your account, and there is no user-accessible restoration mechanism after deletion.

10. Cookies and Similar Technologies

We use cookies and similar technologies to maintain sessions and authentication, improve security and prevent fraud, understand how the Service is used (analytics), and maintain preferences (e.g., language). Where required by law, we will request consent for non-essential cookies. You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

11. Security

We use reasonable administrative, technical, and organizational measures designed to protect Personal Data. However, no system can be guaranteed 100% secure, and you use the Service at your own risk.

12. Your Rights (Depending on Jurisdiction)

Depending on your jurisdiction, you may have rights to access, correct, delete, object to or restrict certain processing, obtain a copy of your Personal Data (portability), and withdraw consent where processing is based on consent. To exercise rights, contact us below. We may request verification of identity and account ownership.

13. Children

The Service is not directed to children, and we do not knowingly collect Personal Data from children.

14. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. The “Last Updated” date reflects the most recent revision. Continued use of the Service after updates become effective constitutes acceptance of the revised Privacy Notice.

15. Contact

For privacy questions or requests: privacy@ineumair.com