Privacy Policy

Introduction

This Privacy Policy describes how NeroView AI Platform ("we," "us," or "our") collects, uses, and shares information when you use our B2B research and survey platform (the "Platform" or "Services"). This includes our website at platform.neroview.com and related research tools.

Important: Two Types of Users

This Privacy Policy applies to two distinct groups:

Platform Users (Researchers/Businesses): Organizations and individuals who create and manage research studies on our Platform
Study Participants: Individuals who participate in research studies created by Platform Users. We do not collect any personally identifiable information (PII) from study participants during their sessions.

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons.

How We Notify You of Changes:

All changes: We will always update the "Last Updated" date at the top of this policy and post the new version on this page
Material changes: For significant changes that affect your rights or how we handle your data, we will provide additional notice:
- Platform Users: Email notification to your registered email address at least 30 days before the changes take effect
- Study Participants: Prominent notice displayed when you next access a study link, with an option to review changes before proceeding

What Constitutes a "Material Change":

Material changes include, but are not limited to:

Changes to data retention periods (e.g., extending how long we keep recordings)
New ways we use your personal information
Changes to who we share your information with
Changes to your privacy rights or how to exercise them
Changes in our data transfer practices to new countries
Introduction of new tracking technologies or cookies requiring consent

By continuing to use our Services after changes take effect, you accept the updated Privacy Policy. If you disagree with any changes, you should discontinue use and (for Platform Users) may request deletion of your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

1. Information We Collect

1.1 Information from Platform Users (Researchers/Businesses)

When you create an account and use our Platform to conduct research, we collect:

Account information: Name, email address, password (encrypted), organization name, profile picture
Study creation data: Study titles, descriptions, questions, survey design, research objectives
Billing information: Payment details (processed by third-party payment providers), subscription information
Communication data: Messages, support requests, feedback you send to us
Usage data: How you interact with the Platform, features used, studies created, reports generated

1.2 Information from Study Participants

🔒 Privacy-First Approach: No PII Collection

We do NOT collect any personally identifiable information (PII) from study participants during their research sessions. This means we do not collect names, email addresses, phone numbers, or any other information that could directly identify an individual participant.

Important Note on Audio/Video Data: While we do not collect traditional PII, audio and video recordings may contain biometric information (voice patterns, facial features) that could potentially identify individuals. We treat all such recordings as pseudonymized personal data and apply strict data protection measures including automatic deletion within 45 days, encryption, and restricted access. Recordings are assigned random identifiers and are never linked to names, emails, or other direct identifiers.

What Research Studies Include:

Research studies on our Platform typically consist of:

Survey questions: Demographic questions (e.g., age range, location) and statistical/research questions
Audio interviews: Voice recordings of participant responses and interactions
Video recordings (optional): In some cases, studies may include video recording during audio interviews, when explicitly disclosed to and consented by participants

✓ Explicit Consent for Audio/Video Recording

Before any audio or video recording begins, you will be asked to give explicit, unambiguous consent. The consent screen will inform you about:

That audio/video will be recorded
How the recording will be used (research purposes only)
That recordings will be deleted within 45 days
That you can withdraw consent and leave at any time
Your rights to request deletion

Participation is entirely voluntary. You may decline consent and exit the study without any consequences. If you initially consent but wish to withdraw during the session, you may stop at any time and request deletion of your recording.

Important: Even when audio or video recordings are part of a study, we do NOT collect any personally identifiable information during interviews. All recordings and responses remain anonymous and are processed without linking them to any individual's identity.

Data We Collect from Participants:

Survey responses: Answers to demographic and research questions (all anonymous)
Audio/video recordings: Interview recordings (when applicable), processed anonymously without PII
Session metadata: Session duration, completion status, timestamp (no identifying information)
Demographic data: Only aggregated demographic information provided voluntarily (e.g., age range, general location, industry)
Technical data: Browser type, device type, general location (country/region only, derived from IP address which is immediately anonymized)

Note: Study participants access studies through unique, anonymous study links. We assign each participant session a random, anonymous identifier that cannot be traced back to any individual.

1.2.1 Biometric Data Processing

Audio and Video as Pseudonymized Data: Under data protection laws (including GDPR), voice patterns and facial features in recordings may constitute biometric or personal data. We acknowledge this and treat all interview recordings accordingly:

Pseudonymization: Each recording is assigned a random identifier that cannot be linked back to you without additional information (which we do not collect).We do not maintain any key or database that would allow re-identification of participants from their random session IDs.
No identification attempts: We do not use facial recognition, voice recognition, or any other biometric identification technology on recordings
Re-identification prevention: We apply reasonable and appropriate organizational and technical measures to prevent re-identification, including access controls, encryption, staff training, and strict data handling policies
Limited retention: Audio and video recordings are automatically deleted within 45 days. Text transcripts (which do not contain biometric data) are retained for research purposes.
Purpose limitation: Recordings are used solely for the research purposes of the specific study and are never used for any other purpose (see Section 2.6)
Access restrictions: Only authorized personnel processing study data have access to recordings

Legal Status: While recordings contain biometric features, we treat them as pseudonymized personal data under GDPR (not fully anonymized) due to the theoretical possibility of re-identification through external means. This is why we apply strict deletion timelines, security measures, and transparency requirements.

1.3 Information Collected Automatically

When you use our Platform, we automatically collect certain technical information:

Platform usage data: Pages visited, features used, time spent, studies created and managed
Device information: IP address (anonymized for participants), browser type, operating system, device type
Location data: Approximate geographic location (country/region) based on IP address
Performance data: Page load times, error logs, technical issues
Cookies and tracking: Session identifiers, preferences, analytics data (see our Cookie Policy section)

1.4 Information from Third Parties

We may receive or work with information from third-party services:

For Platform Users:

Authentication providers: Google, GitHub (if you use social login to create your account)
Payment processors: Transaction information (we do not store credit card details)
Analytics services: Aggregated usage statistics

For Study Participant Recruitment:

Depending on your chosen recruitment method, participants may be sourced through:

Your own distribution: You share study links directly with your target audience
Social media campaigns: When you request, we may help recruit participants through social media advertising (targeting is based on demographics, not individual identity)
Panel providers: We may partner with third-party panel providers to recruit qualified participants based on your study requirements. These providers handle their own participant databases and consent processes. We only receive anonymous session data from participants sourced through panel providers.

Important: Regardless of recruitment method, we do not collect PII from participants during their study sessions on our Platform.

2. How We Use Your Information

We use the information we collect differently depending on the type of user:

2.1 For Platform Users (Researchers/Businesses)

Provide research services: Enable you to create, manage, and conduct research studies
Generate reports: Compile and analyze study responses to create insights and reports for you
Participant recruitment: Help you find qualified participants through social campaigns or panel providers (when requested)
Account management: Create and manage your account, authenticate users, process payments
Communications: Send you updates about your studies, respond to support requests, provide platform notifications
Platform improvement: Analyze usage patterns to improve features and user experience

2.2 For Study Participants

Facilitate study participation: Enable you to access and complete research studies via study links, including surveys and audio/video interviews
Process interview data: Record, transcribe, and analyze audio/video interviews (when applicable) for research purposes, always maintaining anonymity
Generate aggregated insights: Combine your anonymous responses and interview data with other participants' data to create research reports and analytics
Quality assurance: Detect and prevent fraudulent or spam responses to ensure data quality and research integrity
Technical support: Troubleshoot technical issues you may encounter during study participation, including audio/video functionality

Remember: We process study participant data on behalf of the Platform User (researcher) who created the study. The researcher is the data controller for the study responses, and we act as a data processor.

2.3 Security and Fraud Prevention

Detect and prevent fraud, spam, and abuse
Protect the security and integrity of our Platform
Prevent unauthorized access to accounts and data
Respond to security incidents

2.4 Analytics and Platform Improvement

Analyze aggregated, anonymized usage patterns
Measure platform performance and feature effectiveness
Conduct internal research and development
Develop new features and improve existing ones

2.5 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and prevent illegal activity
Enforce our Terms of Service and policies
Protect our rights, property, and safety, and that of our users

2.6 What We Do NOT Do With Your Data

🚫 No AI Training or Model Development

We will NEVER use study participant audio, video, or response data to train machine learning models, artificial intelligence systems, or any other models for our own purposes.

Your participation data is used exclusively for the specific research study you participated in. We do not incorporate participant data into any AI training datasets, do not develop models based on participant responses, and do not use participant data to improve our AI/ML capabilities.

To be absolutely clear, we do NOT:

Train AI models: We do not use your audio, video, or text responses to train or improve artificial intelligence or machine learning models
Build databases for AI: We do not aggregate participant data across studies to create AI training datasets
Sell to AI companies: We do not sell, license, or provide participant data to companies developing AI technologies
Use for commercial model development: We do not use participant data to develop commercial AI products or services

Note: We do use AI services (like OpenAI) to transcribe and analyze interview recordings for research purposes as described in Section 4.2. However, our contracts with these providers explicitly prohibit them from using participant data to train their own models. All data sent to AI services for transcription is processed according to our data processing agreements and is subject to the same deletion timelines.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal information based on the following legal grounds:

Contract performance: Processing necessary to provide the Services you requested
Legitimate interests: Processing necessary for our legitimate business interests (e.g., improving services, security, analytics)
Consent: When you have given explicit consent (e.g., marketing communications, optional features)
Legal obligation: Processing necessary to comply with legal requirements

4. How We Share Your Information

✓ We do not sell your personal information to anyone.

✓ Study participant responses are never sold to third parties.

✓ Anonymous study data is only shared with the Platform User (researcher) who created the study.

4.1 With Platform Users (Researchers)

When you participate in a research study, your anonymous responses are shared with the Platform User (researcher/business) who created that study. This is the primary purpose of our Platform.

📊 Aggregate Reports Only - No Raw Data Sold

We do NOT sell participant raw data to anyone. Study owners (researchers) only receive aggregated reports and analytics based on anonymous participant responses. Individual raw responses, audio/video recordings, and participant data are processed to create aggregate insights and are never sold to third parties.

The researcher receives aggregated, anonymous data and reports. They do not receive any personally identifiable information about you unless you explicitly and voluntarily provide it in your survey responses.

4.2 Service Providers and Infrastructure

We work with trusted third-party service providers who help us operate the Platform:

Cloud hosting: Vercel (hosting), Neon (database storage)
Video/audio infrastructure: Stream (video and audio interview processing for research studies)
AI services: OpenAI (transcription and analysis of anonymous interview data for research purposes)
Analytics: Google Analytics, Vercel Analytics (aggregated usage data)
Authentication: Better Auth, Google OAuth, GitHub OAuth
Background processing: Inngest (automated workflows and job processing)
Payment processing: Payment providers (for Platform User subscriptions)
Email services: Email delivery services (for account notifications)

These providers are contractually obligated to protect your information and use it only for the purposes we specify. They cannot use your data for their own purposes. All audio/video interview data processed by these services remains anonymous and is not linked to any personally identifiable information.

4.3 Panel Providers (Participant Recruitment)

When a Platform User requests participant recruitment through panel providers, we may work with third-party panel companies to source qualified participants. In these cases:

The panel provider manages their own participant database and consent processes
The panel provider directs their participants to our Platform via study links
We only receive anonymous session data from these participants (no PII)
The panel provider may receive aggregated, anonymous completion data (e.g., how many of their participants completed the study)

We only work with reputable panel providers who maintain high data protection and privacy standards.

4.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change.

4.5 Legal Requirements

We may disclose your information if required by law or if we believe in good faith that:

It is necessary to comply with legal obligations or court orders
It is necessary to protect our rights, property, or safety
It is necessary to prevent fraud or illegal activity
It is necessary to protect the safety of our users or the public

5. Data Retention

We retain information for different periods depending on the type of data and user:

5.1 Platform User Data

Account information: Retained while your account is active and for 90 days after account deletion
Study data and reports: Retained for the duration of your account or until you manually delete specific studies
Billing information: Retained for 7 years for tax and accounting purposes (as required by law)
Support communications: Retained for up to 3 years for customer service purposes

5.2 Study Participant Data

⏱️ Automatic Data Deletion

All audio and video interview recordings are automatically deleted within 45 daysafter study completion. This ensures participant privacy is protected and data is not retained longer than necessary for research purposes.

Text transcripts of interviews are retained as valuable research data. These transcripts contain the text content of conversations but do not include biometric identifiers (voice patterns or facial features). Aggregated, anonymized study insights and transcripts remain available to researchers, but raw audio/video recordings are permanently removed.

Anonymous survey responses: Retained as long as the Platform User (researcher) maintains their study, or until the Platform User deletes the study. Platform Users are encouraged to delete studies that are no longer actively used for research purposes, in accordance with data minimization principles. We recommend reviewing and archiving or deleting studies older than 2-3 years unless ongoing research requires retention.
Audio/video interview recordings: Automatically deleted within 45 days after study completion or when the Platform User deletes the study, whichever occurs first. All recordings are processed and stored anonymously during this retention period.
Interview transcripts and analysis: Retained permanently as part of the study results. Text transcripts do not contain biometric data (voice/facial features) and provide valuable research insights. Anonymized and aggregated for research purposes.
Session metadata: Retained in anonymized form for up to 12 months for quality assurance and fraud prevention
Technical logs: Anonymized and retained for up to 6 months for debugging and security purposes

5.3 Analytics and Aggregated Data

Platform usage analytics: Retained in aggregated, anonymized form for up to 26 months
Security logs: Retained for up to 12 months for security monitoring and incident response

Important for Platform Users: When you delete your account, we will delete or anonymize your personal information within 90 days. However, if you have active studies with participant data, we will notify you and provide options to export or transfer your study data before deletion.

Important for Study Participants: Your anonymous responses are part of the research data owned by the Platform User (researcher) who created the study. However, you have the right to request deletion of your session recordings and responses.

How to Request Deletion of Your Participation Data:

Contact the Researcher: If you have the researcher's contact information (provided when you joined the study), you can directly request deletion from them
Contact NeroView Platform: You can also email us at privacy@neroview.com with:
- The study link or study name (if you remember it)
- Approximate date of participation
- Any other details that can help us identify your session
We will work with the study owner to facilitate deletion of your recordings and responses.

Timeline: We will confirm deletion within 30 days of receiving your request. Audio/video recordings will be immediately removed from our active systems and queued for deletion from backups (which occurs within 30 days as backup systems refresh). All audio/video recordings are also automatically deleted within 45 days regardless.

Deletion Scope: When we process a deletion request, we remove:

Your data from production databases and storage systems (immediate)
Your data from backup systems (within 30 days as backups cycle)
Session identifiers from access logs (where technically feasible)
Cached data from third-party service providers (e.g., transcription services)

6. International Data Transfers

🌍 Data Processing Locations

Your information is primarily processed and stored in the United Statesthrough our service providers (Vercel, Neon, Stream, OpenAI, Inngest). If you are accessing our Services from the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with data protection laws, your data will be transferred to and processed in the United States, which may have different data protection standards.

6.1 Legal Basis for International Transfers

When we transfer your personal information from the EEA, UK, or Switzerland to the United States or other countries, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with our service providers to ensure your data receives adequate protection when transferred outside the EEA
Data Processing Agreements: All third-party service providers processing your data are bound by contractual obligations to protect your information and comply with applicable data protection laws
Explicit Consent: For study participants, by accessing a study via a study link and proceeding with participation, you consent to the transfer of your anonymous response data to the United States for processing
Necessary for Service Performance: For Platform Users, data transfers are necessary to provide the research platform services you have requested

6.2 Additional Safeguards for EU/UK Data

Beyond legal mechanisms, we implement additional protections for data transferred from the EU/UK:

Data minimization - we only transfer data necessary for the specific purpose
Encryption in transit (TLS 1.3) and at rest
Access controls and authentication requirements
Automated deletion of recordings within 45 days
Regular security assessments of our service providers

6.3 Your Rights Regarding Transfers

If you are in the EEA, UK, or Switzerland and have concerns about data transfers, you have the right to:

Request information about the safeguards in place for your data
Request a copy of the Standard Contractual Clauses we use
Object to the transfer if you believe adequate safeguards are not in place
File a complaint with your local data protection authority (see Section 8.1 for details)

📄 How to Request SCC Documentation

To request a copy of the Standard Contractual Clauses (SCCs) we use with our service providers:

Email: privacy@neroview.com
Subject: "Request for Standard Contractual Clauses"
Include: Your name, the specific service provider you're inquiring about (if applicable), and confirmation of your EEA/UK/Swiss residency

We will provide the relevant SCCs within 30 days. Some commercially sensitive information may be redacted to protect our business relationships.

Note: We do not rely on EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020 (Schrems II decision). All our data transfers are based on Standard Contractual Clauses and additional safeguards as described above.

7. Data Security

We take the security of your information seriously and implement industry-standard security measures:

Encryption: Data in transit is encrypted using TLS/SSL; sensitive data at rest is encrypted
Access controls: Strict access controls and authentication requirements
Secure infrastructure: Hosted on secure, SOC 2 compliant cloud platforms
Regular audits: Regular security assessments and vulnerability testing
Employee training: Staff trained on data protection and security best practices

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 GDPR Rights (EEA, UK, Switzerland)

Access: Request access to your personal information
Rectification: Request correction of inaccurate information
Erasure: Request deletion of your information ("right to be forgotten")
Restriction: Request restriction of processing
Portability: Request a copy of your data in a portable format
Object: Object to processing based on legitimate interests
Withdraw consent: Withdraw consent at any time (where processing is based on consent)
Lodge a complaint: File a complaint with your data protection authority

8.2 CCPA Rights (California)

Know: Request information about the personal information we collect and how we use it
Delete: Request deletion of your personal information
Opt-out: Opt-out of the "sale" of personal information (we do not sell personal information)
Non-discrimination: Not be discriminated against for exercising your rights

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@neroview.com or use the in-app settings. We will respond to your request within 30 days.

We may ask you to verify your identity before processing your request to ensure the security of your information.

For Study Participants - Requesting Deletion

If you participated in a research study and want to delete your recordings or responses:

Email: privacy@neroview.com with subject line: "Participant Data Deletion Request"

Include: study link/name, participation date, and any identifying details about your session. We will process your request within 30 days or confirm that recordings have already been automatically deleted.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our Services. When you first visit our Platform, you will see a cookie consent banner that allows you to accept or reject optional cookies. You can change your cookie preferences at any time using the "Cookie Settings" button in the footer of our website.

✓ EU/EEA Users: Our cookie consent mechanism complies with GDPR and the ePrivacy Directive. Essential cookies are automatically enabled, but analytics and marketing cookies require your explicit consent. You can withdraw consent at any time through the Cookie Settings.

9.1 Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the Platform to function and cannot be disabled.

better-auth.session_token - Authentication and session management

Analytics Cookies (Optional)

These cookies help us understand how users interact with the Platform.

Google Analytics: _ga, _gid, _ga_*
Vercel Analytics: Privacy-focused analytics (no personal data)

9.2 Managing Cookie Preferences

You can manage your cookie preferences at any time by:

Clicking "Cookie Settings" in the footer or settings menu
Adjusting your browser settings to block or delete cookies
Opting out of Google Analytics using the Google Analytics Opt-out Browser Add-on

Note: Disabling cookies may affect the functionality of the Platform.

9.3 Third-Party Cookies

Some cookies are set by third-party services we use:

Google Analytics: If you consent to analytics cookies, Google Analytics sets cookies to help us understand how users interact with our Platform. Google's use of data is governed by their privacy policy at policies.google.com/privacy
Authentication providers: When you use social login (Google, GitHub), those providers may set their own cookies governed by their respective privacy policies

We ensure all third-party service providers comply with applicable data protection laws and have appropriate data processing agreements in place.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us immediately at privacy@neroview.com, and we will take steps to delete such information.

11. Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to these third-party services. We encourage you to review the privacy policies of any third-party services you access through our Platform.

We are not responsible for the privacy practices or content of third-party services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

Update the "Last Updated" date at the top of this page
Notify you via email or in-app notification for significant changes
Obtain your consent if required by applicable law