Privacy Policy

Last Updated: 25 August 2025

GDPR Compliant

At Neural Summary, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We comply with the General Data Protection Regulation (GDPR) and are committed to protecting your personal data.

Data Controller

The data controller responsible for your personal data is:

Company Name: DreamOne Holding BV
Registration Number: 88073955
Contact Email: info@neuralsummary.com
Data Protection Officer: admin@neuralsummary.com

What Data We Collect

We collect different types of information to provide and improve our Service:

Personal Information

  • Email address
  • Name (optional)
  • Profile information from OAuth providers (Google)
  • Payment information (processed securely via third-party providers)

Usage Data

  • Audio files you upload for transcription
  • Transcriptions and analysis results
  • AI-generated summaries and insights
  • User preferences and settings

Technical Data

  • IP address and approximate location
  • Browser type and version
  • Device information and operating system
  • Access logs and usage patterns

How We Use Your Data

We use the collected data for various purposes:

  • To provide and maintain our transcription and analysis services
  • To communicate with you about your account and service updates
  • To improve and personalize your experience
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our terms
  • To analyze usage patterns and improve our service (with your consent)

Data Sharing and Third Parties

We may share your data with trusted third-party service providers who assist us in operating our Service:

Service Providers

  • Cloud Infrastructure: Firebase (Google Cloud Platform)
  • Transcription Services: AssemblyAI, OpenAI Whisper
  • AI Analysis: OpenAI GPT-4
  • Email Service: Gmail SMTP
  • Analytics: Firebase Analytics

We never sell your personal data to third parties. All service providers are bound by strict confidentiality agreements and can only use your data to provide services to us.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Retention Periods

  • Account Data: Until 12 months after account deletion
  • Transcriptions: Keep until deleted
  • Audio Files: Raw uploads are deleted right after processing
  • System Logs: 1 year for audit/security purposes
  • Analytics Data: 12 months

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right to Access

You have the right to request copies of your personal data we hold.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances.

Right to Data Portability

You have the right to receive your data in a structured, commonly used, and machine-readable format.

Right to Restrict Processing

You have the right to request restriction of processing under certain circumstances.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise any of these rights, please contact our Data Protection Officer at the email address provided below.

We will respond to your request within 30 days as required by GDPR.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Security Measures

  • End-to-end encryption for data in transit and at rest
  • Strict access controls and authentication mechanisms
  • Continuous security monitoring and threat detection
  • Regular backups and disaster recovery procedures
  • Regular security training for our staff
  • Incident response and breach notification procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience:

Types of Cookies

Essential Cookies

Required for the Service to function properly (authentication, security)

Analytics Cookies

Help us understand how users interact with our Service (with your consent)

Functional Cookies

Remember your preferences and settings

You can manage cookie preferences through your browser settings or our cookie consent tool.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA).

Safeguards

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection laws
  • Appropriate safeguards as required by GDPR Article 46

Children's Privacy

Our Service is not intended for children, and we do not knowingly collect personal data from anyone under the age specified below.

Minimum Age: 16 years

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Data Protection Officer

Email: admin@neuralsummary.com

Supervisory Authority

You also have the right to lodge a complaint with your local data protection supervisory authority:

Authority Name: Netherlands – Autoriteit Persoonsgegevens (AP)
Website: https://www.autoriteitpersoonsgegevens.nl/en

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. The updated version will be indicated by an updated 'Last Updated' date.

For material changes, we will notify you via email or through a prominent notice on our Service.

Neural Summary | Privacy Policy