Privacy Policy
Last updated: July 10, 2026
This page is maintained by the Neuron Lab team to explain, in plain language, how the platform handles data. It is not a certification and does not create additional legal obligations beyond those in the Terms of Service.
1. Who we are
Neuron Lab (“Neuron Lab”, “we”, “us”) operates a research platform for reproducible neurobioinformatics and computational neuroscience. This policy applies to the website, the authenticated application, and any related services (together, the “Service”).
2. Data we collect
- Account data: email address, hashed password (handled by our authentication provider), profile name, and account timestamps.
- Content you upload: datasets you attach to a project, analysis parameters, and analysis results.
- Usage data: pages visited, features used, request timestamps, IP address, and browser user agent. Used to operate the Service and detect abuse.
- Support communications: messages you send us through the contact form or by email.
We do not intentionally collect special-category personal data. Do not upload identifiable patient data or datasets you are not authorised to process.
3. How we use data
- Provide the Service: run the analyses you launch, store the results, and show them back to you.
- Secure the Service: authenticate requests, enforce row-level access controls, and investigate suspicious activity.
- Improve the Service: analyse aggregated, non-identifying usage to prioritise features and fix bugs.
- Communicate: send transactional messages (sign-in, password reset, billing, incident notices). Marketing email is opt-in only.
We do not sell personal data, and we do not use your uploaded datasets to train our foundation models.
4. Legal bases (EEA/UK users)
We rely on the following legal bases under GDPR/UK GDPR: performance of a contract (to deliver the Service you requested); legitimate interests (to secure and improve the Service); consent (for optional cookies and marketing email); and legal obligation (to keep records required by law).
5. Storage and processing
- Uploaded datasets are stored in a private object-storage bucket scoped to your account.
- Analysis results and metadata are stored in a managed Postgres database with row-level security policies keyed on your authenticated user id.
- The application and its backend run on managed cloud infrastructure. Servers are stateless; durable data lives in the storage and database services above.
- Passwords are handled by the managed authentication provider and never stored in plaintext by us.
6. Subprocessors
We use a small number of subprocessors to run the Service. Each is bound by a data-processing agreement and receives only the data needed for its function:
- Managed hosting and edge network for the application.
- Managed database, storage, and authentication provider for account and content data.
- Optional AI Gateway provider for foundation-model inference — only invoked when you launch a foundation-model run.
- Email delivery provider for transactional messages.
A current list of subprocessors is available on request from privacy@neuron.app.
7. Retention
- Account data: kept while your account is active and for up to 90 days after deletion for backup and audit.
- Datasets and analyses: kept until you delete them or delete your account.
- Server logs: retained for up to 30 days, then aggregated or deleted.
- Billing records: retained for the period required by applicable tax and accounting law.
8. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict processing, and to lodge a complaint with your local data-protection authority. You can exercise most of these directly in the app (Settings) or by emailing privacy@neuron.app. We respond within 30 days.
9. International transfers
Data may be processed in countries other than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for transfers out of the EEA/UK.
10. Cookies and analytics
The Service uses strictly necessary cookies for authentication and session management. Optional analytics cookies, when introduced, will require explicit consent through a banner and can be revoked at any time.
11. Security
We use encryption in transit (HTTPS) for all traffic, encryption at rest for stored data through our cloud providers, short-lived access tokens with rotating refresh tokens, row-level security policies for user data, and least-privilege service accounts. No system is perfectly secure; report suspected vulnerabilities to security@neuron.app.
12. Children
The Service is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time. Material changes will be notified in-app or by email at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.
14. Contact
Privacy questions: privacy@neuron.app. General questions: hello@neuron.app.