NeuroCRMPrivacy Policy
This Privacy Policy explains how NeuroCRM collects, uses, stores, shares, and protects information when you use our customer-relationship-management platform at neurocrm.vip and its subdomains, including app.neurocrm.vip and api.neurocrm.vip (together, the “Service”). It applies worldwide. Region-specific provisions for the EEA/UK, the United States, Canada, Brazil, Russia, and other regions appear in the annexes at the end and are highlighted for your region where we can detect it.
1. Who We Are and Our Two Roles
The Service is operated by Empire Luxury International Corporation (doing business as Neuro Empire), a company organised under the laws of the State of Florida, USA, with its registered address at 7901 4th St N, STE 300, St. Petersburg, FL 33702, USA (“NeuroCRM”, “we”, “us”, “our”).
NeuroCRM is a multi-tenant business software-as-a-service (SaaS) platform. We process personal information in two distinct roles:
- As a processor / service provider — for the data that you and your organisation enter into or connect with the Service (your contacts, deals, messages, files, and similar records, collectively “Customer Content”). Your organisation is the controller of that data and decides how it is used; we process it on your documented instructions to provide the Service. These activities are governed by our Data Processing Addendum (DPA).
- As a controller — for the data we need to run, secure, bill, and improve the Service itself (your account and identity data, usage and device data, and support communications). This Privacy Policy describes those controller activities.
By using the Service you confirm you have read this Privacy Policy. If you do not agree with it, do not use the Service.
2. Information We Collect
a) Account and identity data. Name, business email address, organisation/tenant name, role, login credentials (stored only as salted hashes), and, where applicable, billing details.
b) Usage, device, and log data. Log records, device and browser type, IP address, approximate location derived from IP, timestamps, pages and features used, and diagnostic data used to operate, secure, and improve the Service.
c) Customer Content. Data you and your team enter into the CRM. As between you and us, this belongs to your organisation; we process it on your behalf as a processor (see Section 1 and the DPA).
d) Third-party platform data accessed via OAuth. When you connect an account (for example Google Analytics/Ads/Search Console, Yandex Metrica/Direct/Webmaster, Telegram, or a payment provider) we access data from that platform only at your direction and, for analytics integrations, on a read-only basis, to display your own data inside the Service. See Sections 5–6.
e) Payment data. If you purchase a paid plan, payments are handled by third-party payment processors; we receive limited transaction data (such as plan, amount, status, and a masked identifier) and do not store full card numbers.
f) Communications. Messages you send to support, and related metadata.
3. How and Why We Use Information (Legal Bases)
We use information to provide, maintain, secure, support, bill for, and improve the Service, to communicate with you, to comply with law, and to detect and prevent fraud and abuse. Where the law requires a legal basis (for example in the EEA, the UK, Brazil, and Russia), we rely on the following:
| Purpose | Typical legal basis |
|---|---|
| Providing the Service and your account; processing Customer Content on your instructions | Performance of a contract; processor acting for the controller |
| Security, fraud prevention, network and information security, service improvement, analytics | Legitimate interests (balanced against your rights; assessment available on request) |
| Billing, tax, accounting, and other legal obligations | Legal obligation; performance of a contract |
| Optional marketing emails; non-essential cookies; connecting optional third-party accounts | Consent (which you may withdraw at any time) |
4. Artificial-Intelligence Features and Your Data
NeuroCRM includes AI-assisted features (for example a built-in AI assistant and content generation). The following applies to those features:
- No training on your data by default. By default, we and our AI sub-processors do not use Customer Content to train generalised AI or machine-learning models. We will not do so unless you give specific, affirmative opt-in consent, and even then only on anonymised or aggregated data where feasible.
- AI sub-processors. AI features may be provided through third-party model providers acting as our sub-processors; they are bound by confidentiality and data-protection obligations and are listed on our Sub-processors page.
- Human oversight. AI output is probabilistic and may be inaccurate. It is intended to assist, not replace, human judgement, and must not be used as the sole basis of decisions producing legal or similarly significant effects on individuals. Limits on AI features, and the disclaimers that apply to them, are set out in our Terms of Service.
5. Google User Data — What We Access, Why, and Limited Use
Where you choose to connect a Google account, our analytics module integrates with Google APIs so you can view your own marketing and website analytics inside NeuroCRM. We request only the minimum scopes necessary, and all access is read-only.
| Scope | What it grants | Why we use it |
|---|---|---|
analytics.readonly | Read-only Google Analytics (GA4) reporting data | To display your traffic/behaviour reports inside NeuroCRM |
adwords | Google Ads account data | To display your advertising metrics (read-only) |
webmasters.readonly | Read-only Google Search Console data | To display your search-performance metrics |
NeuroCRM’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- We use Google user data only to provide the user-facing analytics and reporting features prominent in the NeuroCRM interface.
- We do not transfer Google user data except as necessary to provide or improve those features, to comply with law, or as part of a merger or acquisition with prior notice.
- We do not use or transfer Google user data for advertising, including retargeting or interest-based advertising.
- We do not use Google user data to train generalised AI/ML models.
- We do not allow humans to read Google user data unless: (i) you first give affirmative consent for specific data; (ii) it is necessary for security or to comply with law; or (iii) the data is aggregated and anonymised.
You can revoke our access at any time in NeuroCRM (Reports / Integrations) or at myaccount.google.com/permissions.
6. Yandex and Other Connected Platforms
Where you connect Yandex Metrica, Yandex Direct, Yandex Webmaster, Telegram, or other supported platforms, we access that data analogously to the Google integrations: at your direction, on a read-only basis for analytics, solely to display your own data inside NeuroCRM. We do not modify those accounts, do not sell the data, and do not use it for unrelated purposes. Access tokens are stored encrypted and you may disconnect at any time.
7. How We Share Information
We do not sell personal information, and we do not share it for cross-context behavioural advertising. We share information only:
- With sub-processors that help us run the Service (hosting, infrastructure, AI model providers, email delivery, analytics, payment processing), under contractual confidentiality and data-protection obligations and only as needed. A current list, with locations, is at /legal/subprocessors.
- To comply with law — in response to a valid legal request, or to protect the rights, property, or safety of NeuroCRM, our users, or the public.
- In a business transfer — a merger, acquisition, or sale of assets, with notice; any successor remains bound by a policy at least as protective.
- With your direction or consent — for example to a third-party integration you connect.
8. International Transfers and Data Residency
NeuroCRM operates a geographically segregated architecture:
- Worldwide tenants: data is hosted on infrastructure in the United States (Amazon Web Services) and the European Union (Hetzner, Germany).
- Russian tenants: personal data of individuals in the Russian Federation is recorded and stored on servers located in Russia, in accordance with Russian data-localisation law (see the Russia annex and our separate Russian Personal Data Processing Policy).
Where personal data is transferred across borders, we use an appropriate transfer mechanism — for example the European Commission’s Standard Contractual Clauses (and the UK Addendum/IDTA), an applicable adequacy decision or certification, or your explicit consent — and apply supplementary safeguards as needed.
No data-residency warranty. Except where a specific written commitment is made, we make no warranty that any particular hosting location will meet your or your customers’ data-residency requirements; you are responsible for determining whether the Service’s configuration meets your legal obligations.
9. How We Protect Information
We apply administrative, technical, and organisational safeguards appropriate to the risk, including: encryption in transit (TLS/HTTPS); encryption of OAuth tokens at rest using AES-GCM authenticated encryption with separately managed keys; logical tenant isolation in our multi-tenant architecture; role-based access controls and audit logging; and access to production data restricted to authorised personnel on a need-to-know basis. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Data Retention
We retain personal data for as long as needed for the purposes described in this Policy — generally while your account is active and as required thereafter to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. We retain data in a form permitting identification of the individual no longer than necessary for the purposes of processing, unless a longer period is required or permitted by law. Customer Content is retained and deleted as described in the DPA. Routine backups containing data are overwritten on our standard backup-rotation cycle.
11. Your Privacy Rights
Depending on where you live, you may have rights to: access your personal data; correct or update it; delete it; obtain a copy in a portable format; restrict or object to certain processing; opt out of certain sharing or automated decision-making; and withdraw consent. To exercise these rights, contact support@neurocrm.vip. We will respond within the period required by applicable law and may need to verify your identity. You also have the right to lodge a complaint with your local data-protection authority. If you are an individual whose data was entered into the Service by one of our business customers, please contact that customer (the controller); we will assist them as their processor.
12. Cookies and Similar Technologies
We use strictly necessary cookies to operate the Service (for example to keep you signed in and maintain session security) and, with your consent where required, limited preference and analytics cookies. We honour recognised opt-out signals such as Global Privacy Control (GPC) where legally required. Details, categories, and your choices are in our Cookie Policy.
13. Children
The Service is a business tool intended for use by organisations and by individuals who are at least 18 years old. It is not directed to children, and we do not knowingly collect personal data from children. Our business customers must not upload personal data of children to the Service except where they have a lawful basis and have informed us in writing. If you believe a child’s data has been collected, contact us so we can delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When changes are material, we will update the “Last updated” date above and, where appropriate, notify you within the Service or by email. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy, to the extent permitted by law.
15. Contact and Representatives
Controller: Empire Luxury International Corporation (DBA Neuro Empire), 7901 4th St N, STE 300, St. Petersburg, FL 33702, USA.
For any privacy, data-protection, or other enquiry, contact us at support@neurocrm.vip.
Region-specific rights and details are set out in the regional annexes below. For Russia, see our separate Personal Data Processing Policy.
A. EEA & European Union — GDPRRegion-specific✓ Applies to you
If you are in the European Economic Area, this annex supplements the above.
Controller. The controller is identified in Section 15. You may contact us about your personal data at support@neurocrm.vip.
Legal bases. As set out in Section 3 (Articles 6(1)(a)–(f) GDPR). Where we rely on legitimate interests (Art. 6(1)(f)), you may request our balancing assessment.
Your rights (Arts. 15–22). Access, rectification, erasure, restriction, portability, objection, and not to be subject to solely automated decisions producing legal or similarly significant effects. You may withdraw consent at any time and lodge a complaint with your supervisory authority.
Processing of Customer Content. Governed by our Article 28-compliant DPA, including the EU Standard Contractual Clauses for any transfer outside the EEA.
B. United Kingdom — UK GDPRRegion-specific✓ Applies to you
For individuals in the United Kingdom, the UK GDPR and the Data Protection Act 2018 apply. You may contact us about your personal data at support@neurocrm.vip. International transfers from the UK rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs. You have the right to complain to the UK Information Commissioner’s Office (ICO).
C. Switzerland — nFADPRegion-specific✓ Applies to you
For individuals in Switzerland, the revised Federal Act on Data Protection (nFADP) applies. The rights and bases described above apply analogously, and you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC). Transfers rely on the SCCs as recognised by the FDPIC with Swiss adaptations.
D. United States — California and Other StatesRegion-specific✓ Applies to you
This annex applies to U.S. residents and supplements the above.
We do not sell or “share” personal information for cross-context behavioural advertising, and we do not process sensitive personal information for purposes requiring an opt-out beyond providing the Service. We honour Global Privacy Control (GPC) signals where required.
California (CCPA/CPRA). California residents have rights to know, access, delete, and correct personal information, to opt out of sale/sharing, to limit use of sensitive personal information, and to non-discrimination. To exercise rights, use support@neurocrm.vip. We provide a “Notice at Collection” through this Policy.
Other states (including Virginia, Colorado, Connecticut, Texas, Utah, Oregon, and others as their laws take effect) provide similar rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising, sale, and certain profiling. To appeal a decision on your request, reply to our response and we will reconsider.
E. Canada — PIPEDA and Quebec Law 25Region-specific✓ Applies to you
For individuals in Canada, we handle personal information in accordance with PIPEDA and, for Quebec residents, Law 25. You may access and correct your information and withdraw consent. Quebec residents are informed of any transfer outside Quebec and of any automated decision-making. Our Privacy Officer is contactable at support@neurocrm.vip. Marketing emails are sent in compliance with CASL.
F. Brazil — LGPDRegion-specific✓ Applies to you
For individuals in Brazil, the LGPD applies. You have the rights set out in Article 18 LGPD (confirmation, access, correction, anonymisation, portability, deletion, information about sharing, and more), with responses generally within 15 days. International transfers rely on ANPD-approved mechanisms (including ANPD Standard Contractual Clauses). You may contact us in Portuguese about your personal data at support@neurocrm.vip. Uma versão em português desta política está disponível mediante solicitação.
G. Russia — Federal Law No. 152-FZRegion-specific✓ Applies to you
For individuals in the Russian Federation, processing of personal data is governed by Federal Law No. 152-FZ and is described in our dedicated, Russian-language Personal Data Processing Policy, which controls for Russian data subjects. Personal data of Russian individuals is recorded and stored on servers located in Russia, and consent is collected as a separate document. NeuroCRM does not carry out cross-border transfer of the personal data of Russian individuals: such data stays on servers in Russia, while data of individuals located outside Russia is processed on servers outside Russia. NeuroCRM has filed the personal-data processing notification with Roskomnadzor.
H. Asia-Pacific and Other Regions
We respect applicable data-protection laws wherever our users are located, including Australia (Privacy Act / APPs), Japan (APPI), South Korea (PIPA), Singapore (PDPA), India (DPDP Act), China (PIPL), and others. The rights and protections described above apply to the extent required by your local law. Where your country requires a specific transfer mechanism or local consent for international transfers (for example China’s PIPL), we obtain it as required. Australian Consumer Law note: nothing in this Policy or our Terms excludes rights that cannot be excluded under applicable consumer law. To exercise any right, contact support@neurocrm.vip.