Technology

Applications

About

Partner with Us

Technology

Applications

About

Partner with Us

Privacy Policy

Neurun, Inc. — Privacy Policy


Effective Date: March 5, 2026 Last Updated: March 5, 2026

1. Introduction


Neurun, Inc. ("Neurun," "we," "us," or "our") operates white labeled AI-powered digital concierges for events. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you interact with our services through voice, web chat, mobile applications, or our website at neurun.com.


We are committed to transparency and to protecting your privacy. Please read this policy carefully. If you have questions, contact us at [email protected].

2. Information We Collect


2.1 Information You Provide Directly


  • Account and profile information:
    Name, email address, and preferences you share with us.

  • Communication content:
    Messages, voice recordings, and chat transcripts or web chat.

  • Event information:
    Event preferences, schedule selections, and related details you provide or that we receive from event organizers.

  • Health and fitness data:
    Training metrics, performance data, and health information you choose to share or that is synced from connected services such as Garmin.

  • Feedback and support requests:
    Any information you submit when contacting us for support or providing feedback.


2.2 Information Collected Automatically


  • Device and usage data:
    IP address, browser type, operating system, device identifiers, device tokens (for push notifications), and general usage patterns.

  • Location data:
    Approximate location derived from IP address; precise location only if you explicitly grant permission (e.g., for 3D interactive maps or nearby event recommendations).

  • Cookies and similar technologies:
    See Section 9 below.


2.3 Information from Third Parties


  • Event organizers and partners: Event-specific information shared by event organizers, host committees, or partners (e.g., TCS, ASICS).

  • Connected fitness platforms: Health and training data from services you choose to link, such as Garmin Connect.

3. How We Use Your Information


We use your information for the following purposes:


  • Providing our services:
    Delivering AI-powered event information, schedules, route guidance, recommendations, and training journey support.

  • AI processing:
    Processing your messages and queries through our AI systems (including third-party AI models) to generate relevant, personalized responses.

  • Communication:
    Sending you event updates, reminders, and responses via SMS, voice, email, or push notifications.

  • Personalization:
    Remembering your preferences, conversation history, and past interactions to improve future responses.

  • Analytics and improvement:
    Understanding how our services are used so we can improve features, accuracy, and reliability.

  • Safety and security:
    Detecting and preventing fraud, abuse, and security incidents.

  • Legal compliance:
    Meeting legal obligations, responding to lawful requests, and enforcing our terms.


3.1 AI Processing


Our AI assistant processes your messages and data using a combination of our own systems and third-party AI services. This processing is necessary to deliver our core service. AI-generated responses are not used to make automated decisions with legal or similarly significant effects on you without human oversight.

4. How We Share Your Information


We do not sell your personal information. We share information only in the following circumstances:


4.1 Service Providers and Processors


We use third-party service providers to operate our platform. These providers process data on our behalf under contractual obligations to protect your information:


  • Cloud infrastructure:
    Google Cloud Platform (hosting, compute, storage)

  • Content delivery and security:
    Cloudflare (CDN, DDoS protection, DNS)

  • AI and language processing:
    Google Gemini (natural language understanding and response generation)

  • Voice processing:
    ElevenLabs (voice synthesis and interaction)

  • Email:
    Mailgun (transactional email)

  • Productivity and collaboration:
    Google Workspace (internal operations)


4.2 Event Partners


We may share limited information (such as your name and event-related preferences) with event organizers and partners to the extent necessary to deliver event-specific services. This sharing is governed by agreements with those partners.


4.3 Legal Requirements


We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.


4.4 Business Transfers


In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention


We retain your information only as long as necessary to fulfill the purposes described in this policy:


  • Account and profile data:
    Duration of your account plus 30 days after deletion request

  • Conversation history:
    24 months from date of interaction, then anonymized or deleted

  • Voice recordings:
    90 days, then deleted (transcripts retained per conversation history policy)

  • Health and fitness data:
    24 months from date of collection, or upon your deletion request

  • Location data:
    30 days for precise location; aggregated/anonymized data may be retained longer

  • Device and usage logs:
    12 months

  • Event-specific data:
    Duration of the event plus 12 months


You may request deletion of your data at any time (see Section 6). Certain data may be retained longer where required by law or for legitimate business purposes such as fraud prevention.

6. Your Rights


Depending on your jurisdiction, you may have the following rights regarding your personal information:


  • Access:
    Request a copy of the personal data we hold about you.

  • Correction:
    Request correction of inaccurate or incomplete data.

  • Deletion:
    Request deletion of your personal data, subject to legal retention requirements.

  • Portability:
    Request a machine-readable copy of data you provided to us.

  • Restriction:
    Request that we limit processing of your data in certain circumstances.

  • Objection:
    Object to processing based on legitimate interests.

  • Withdraw consent:
    Where processing is based on consent, withdraw that consent at any time.


To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

7. GDPR Provisions (European Economic Area Users)


If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:


7.1 Lawful Basis for Processing


We process your personal data under the following legal bases:


  • Contract performance:
    Processing necessary to provide our services to you (Article 6(1)(b) GDPR).

  • Legitimate interests:
    Analytics, service improvement, and security, where these interests are not overridden by your rights (Article 6(1)(f) GDPR).

  • Consent:
    Where you have given explicit consent, such as for optional health data sharing or marketing communications (Article 6(1)(a) GDPR).

  • Legal obligation:
    Where processing is required to comply with applicable laws (Article 6(1)(c) GDPR).


7.2 International Data Transfers


Your data may be transferred to and processed in the United States, where our primary infrastructure is located (GCP us-central1 region). We protect these transfers using:


  • Standard Contractual Clauses (SCCs) approved by the European Commission.

  • Data Processing Agreements with all sub-processors.

  • Supplementary technical measures including encryption in transit and at rest.


7.3 Data Protection Officer


For GDPR-related inquiries, you may contact our Data Protection Officer at:


Email: [email protected] Subject line: DPO Inquiry


You also have the right to lodge a complaint with your local data protection supervisory authority.

8. CCPA Provisions (California Users)


If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and its amendments (CPRA):


  • Right to know:
    You may request details about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.

  • Right to delete:
    You may request deletion of your personal information, subject to certain exceptions.

  • Right to opt out of sale or sharing:
    We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

  • Right to non-discrimination:
    We will not discriminate against you for exercising your CCPA rights.


To submit a request, contact [email protected] or call us using the contact information on our website. We will verify your identity and respond within 45 days.

9. Cookies and Tracking Technologies


Our web-based services use cookies and similar technologies for the following purposes:


  • Essential cookies:
    Required for core functionality such as authentication and session management.

  • Analytics cookies:
    Help us understand usage patterns and improve our services (e.g., page views, feature usage).

  • Preference cookies:
    Remember your settings and preferences.


We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect service functionality.

10. Children's Privacy


Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will promptly delete it. If you believe a child under 16 has provided us with personal information, please contact us at [email protected].

11. Security


We implement appropriate technical and organizational measures to protect your personal information, including:


  • Encryption of data in transit (TLS) and at rest.

  • Access controls and role-based permissions for internal systems.

  • Regular security assessments and vulnerability monitoring.

  • Incident response procedures for prompt detection and remediation of security events.

  • Employee security awareness training.


While we take reasonable steps to protect your data, no system is completely secure. We encourage you to protect your account credentials and notify us promptly if you suspect unauthorized access.

12. Changes to This Policy


We may update this Privacy Policy from time to time. When we make material changes, we will:


  • Update the "Last Updated" date at the top of this policy.

  • Notify you through our services or via email if the changes are significant.

  • Where required by law, obtain your consent before applying material changes.


We encourage you to review this policy periodically.

13. Contact Us


If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:


Neurun, Inc. Email: [email protected] Website: https://neurun.com


For GDPR-specific inquiries, please reference "DPO Inquiry" in the subject line of your email.