Privacy Policy

The data controller is NeuronaX S.A.S, a Colombian legal entity registered and operating under Colombian law. For privacy requests, data subject rights, portability questions, security notices, or complaints, contact us through the website contact form or by email at privacy@neuronax.com. If a different official privacy address is later published by NeuronaX S.A.S, that address will replace this contact point.

NeuronaX S.A.S designates its legal and administrative management function as the internal area responsible for receiving and coordinating personal data requests, including access, correction, deletion, revocation of authorization, complaints, and data portability-related requests.

Colombian data protection law applies to personal data recorded in databases or files that are processed in Colombian territory by public or private entities. It also applies where a controller or processor not established in Colombia is subject to Colombian law by virtue of applicable rules, contracts, treaties, or international law. Because NeuronaX S.A.S is incorporated, physically present, and operationally managed in Colombia, Colombian law is our primary privacy and data governance framework.

Colombian law is not a copy of the GDPR, but it protects the same core legal interests: privacy, habeas data, transparency, authorization, security, restricted circulation, purpose limitation, data quality, data subject rights, and accountability before the competent authority. For that reason, NeuronaX S.A.S has chosen to operate with GDPR-grade safeguards as a matter of corporate policy for international services, cross-border digital products, cloud processing, and third-party API integrations.

GDPR may apply directly where a specific processing activity falls within its territorial scope, including where goods or services are offered to people in the European Economic Area or where behavior in the EEA is monitored. Where GDPR applies, NeuronaX S.A.S will apply the required GDPR legal basis, transparency, rights, transfer, security, processor, and accountability obligations. Where GDPR does not apply directly, we still use GDPR-aligned controls as a professional standard unless Colombian law, mandatory local law, or a stricter contractual obligation requires a different approach.

Some NeuronaX S.A.S services may allow a user to connect a third-party account, authorize a data portability request, or permit an API integration so that our application can receive data from an external platform. We request this access only for a clear user-facing purpose, only through the platform's authorized consent flow, and only within the scope approved by the user and the platform.

We do not obtain third-party platform data by scraping, password collection, impersonation, hidden automation, circumvention of access controls, or any method that bypasses the platform's technical and contractual rules. We do not claim that a platform sponsors, endorses, verifies, or guarantees NeuronaX S.A.S unless that platform expressly states so in writing.

Data received from a portability or third-party API integration is used only for the purpose presented to the user at authorization and in the corresponding product experience. We do not sell portability data, use it for unlawful profiling, make legal or similarly significant decisions without appropriate safeguards, or combine it with unrelated datasets in a way that conflicts with the user's authorization, platform terms, or applicable law.

NeuronaX S.A.S does not intentionally request sensitive data unless it is strictly necessary, clearly identified, legally permitted, and subject to explicit authorization or another valid legal basis. Sensitive data may include biometric data, health data, political opinions, religious beliefs, union membership, sex life, or data that may create discrimination risks.

Our services are intended for business users and adults. We do not knowingly collect personal data from children through this website. If we learn that a child's data has been provided without proper authorization, we will delete it or apply the safeguards required by law.

We share personal data only when necessary for the purposes described in this policy, when the data subject authorizes it, when a contract requires it, or when law permits or requires it. Recipients may include hosting providers, cloud infrastructure providers, analytics and security vendors, email and communications providers, payment or accounting providers, professional advisers, public authorities, and approved integration partners.

Where service providers process personal data for NeuronaX S.A.S, we require confidentiality, security, purpose limitation, and appropriate contractual safeguards. We do not sell personal data.

Because we use modern cloud, communication, and software providers, personal data may be processed outside Colombia. International transfers and transmissions are handled under Colombian law, applicable contractual obligations, and GDPR-style safeguards where relevant. These safeguards may include data processing agreements, confidentiality duties, vendor due diligence, transfer impact review when appropriate, access controls, encryption, audit logging, deletion commitments, and purpose limitation.

For portability or third-party API data, we will also follow the applicable platform terms, developer documentation, consent requirements, and any additional restrictions required by the platform or applicable data protection law.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, for the duration of the relationship with the user or client, for legal limitation periods, for accounting and tax obligations, for dispute resolution, and for security or audit needs.

Portability and third-party API data will be retained only while necessary for the authorized feature or service, unless a shorter retention period is required by the platform terms, the user withdraws authorization, the data is no longer needed, or deletion is legally required.

Under Colombian law, data subjects may know, update, correct, and delete personal data; request proof of authorization; be informed about use; file complaints with the Colombian Superintendence of Industry and Commerce; revoke authorization; and request deletion when legally appropriate. Where GDPR or equivalent international standards apply, additional rights may include restriction, objection, portability, and rights relating to automated decision-making.

To exercise rights, contact NeuronaX S.A.S using the privacy contact above. We may need to verify your identity and request details needed to locate the relevant data. We will respond within the time periods required by applicable law. Withdrawal of consent does not affect processing performed lawfully before withdrawal and may limit our ability to provide certain services.

Our website may use cookies, local storage, analytics, security tools, and similar technologies to operate the site, understand performance, protect against abuse, remember preferences, and improve services. Where required, optional cookies or marketing technologies will depend on consent or an equivalent lawful basis. Users can also manage cookies through browser settings.

NeuronaX S.A.S may use automation and artificial intelligence to support software development, analytics, client operations, security, marketing workflows, or service delivery. We do not use personal data to make automated decisions with legal or similarly significant effects without appropriate notice, human review, and safeguards required by applicable law.

Portability and third-party API data will not be used to train general-purpose AI models unless the user has been clearly informed, the use is lawful, compatible with the authorization, and permitted by applicable platform terms.

We may update this Privacy Policy to reflect changes in our services, legal obligations, security practices, API requirements, platform rules, or business operations. Material changes will be published on this website with a revised effective date and, where required, additional notice or consent.