Privacy Policy

CoreNeural

Last Updated: 25th February 2026

1. Introduction

CoreNeural (“CoreNeural”, “we”, “our”, or “us”) provides a private enterprise AI intelligence platform that enables organizations to securely search, analyze, and interact with their internal data and knowledge systems.

We are committed to protecting the privacy, confidentiality, and integrity of personal data and enterprise information processed through our platform.

This Privacy Policy explains how CoreNeural collects, uses, processes, stores, and protects personal data when you:

• Access or use the CoreNeural platform
• Visit our website
• Interact with our services, integrations, or communications

This Policy applies globally and is designed to align with applicable data protection laws including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA/CPRA)
• India Digital Personal Data Protection Act (DPDP)
• Other applicable international privacy regulations

2. Scope of This Policy

This Privacy Policy applies to:

• Customers (enterprise organizations)
• Authorized users of customer workspaces
• Website visitors and prospects
• Individuals whose data may be processed within enterprise content uploaded by customers

Where CoreNeural processes data on behalf of enterprise customers, we act as a Data Processor, and the customer acts as the Data Controller.

3. Definitions

• Personal Data: Any information relating to an identified or identifiable individual.

• Customer Data: All data, documents, and content uploaded or processed by customers within CoreNeural.

• Processing: Any operation performed on data (collection, storage, analysis, retrieval, etc.).

• Controller: The entity determining the purposes and means of processing personal data.

• Processor: The entity processing personal data on behalf of a controller.

4. Roles & Data Processing Responsibilities

CoreNeural operates under two roles:

4.1 When CoreNeural is a Data Controller

We act as a Controller for:

• Website visitor data
• Account registration information
• Marketing and communication preferences
• Support inquiries and product analytics

4.2 When CoreNeural is a Data Processor

We act as a Processor when:

• Customers upload enterprise documents
• AI queries analyze organizational data
• Internal knowledge bases are indexed or searched

In these cases:

• Customers retain full ownership and control of their data
• CoreNeural processes data strictly per contractual instructions

5. Information We Collect

5.1 Information Provided Directly by Users

• Name and contact details
• Work email address
• Organization and role
• Account credentials
• Communications and support requests

5.2 Enterprise Customer Data (Processed on Behalf of Customers)

Customers may upload:

• Documents, reports, contracts, and policies
• Internal communications and knowledge repositories
• Structured or unstructured enterprise data

This data may contain personal data depending on customer usage.

5.3 Automatically Collected Data

• IP address and device identifiers
• Log files and usage activity
• Authentication and session metadata
• Platform performance and diagnostic data

6. AI Processing & Automated Analysis

CoreNeural uses artificial intelligence models to:

• Summarize documents
• Generate responses to enterprise queries
• Extract insights from authorized datasets

Important:

• Customer data is not used to train public or shared AI models
• AI processing occurs within secure, governed environments
• Outputs are generated based only on permitted and authorized data sources

7. Legal Bases for Processing (GDPR)

We process personal data based on one or more of the following:

• Performance of a contract
• Legitimate business interests
• Compliance with legal obligations
• User consent where required

Customers remain responsible for ensuring lawful processing of any personal data uploaded to the platform.

8. How We Use Personal Data

We use personal data to:

• Provide and maintain the CoreNeural platform
• Authenticate and manage user accounts
• Deliver AI-powered enterprise intelligence services
• Monitor security, prevent misuse, and enforce governance controls
• Improve platform performance and reliability
• Communicate product updates and support information
• Comply with legal and regulatory requirements

9. Data Ownership & Customer Control

Enterprise customers retain full ownership of all Customer Data.

CoreNeural:

• Does not sell customer data
• Does not use customer data for external AI model training
• Processes data solely to deliver contracted services

Customers determine:

• Data uploaded
• User access permissions
• Retention and deletion rules

10. Sharing and Disclosure of Data

We may share data only under the following circumstances:

• With authorized subprocessors providing infrastructure or technical services
• To comply with legal obligations or lawful requests
• To protect rights, security, or integrity of our services
• During corporate transactions (merger, acquisition, restructuring)

All subprocessors are bound by strict confidentiality and security obligations.

11. Subprocessors & Third-Party Services

CoreNeural may rely on trusted third-party providers for:

• Cloud infrastructure and hosting
• Authentication and identity services
• AI model routing and compute
• Analytics and monitoring tools

A current list of subprocessors may be provided upon request.

12. International Data Transfers

Personal data may be processed in multiple jurisdictions where our infrastructure or service providers operate.

Where data is transferred internationally, CoreNeural implements safeguards such as:

• Standard Contractual Clauses (SCCs)
• Contractual data protection obligations
• Secure encryption and transfer protocols

13. Data Security & Protection Measures

CoreNeural implements enterprise-grade security controls including:

• End-to-end encryption in transit and at rest
• Role-based access control (RBAC)
• Tenant isolation and workspace-level permissions
• Audit logs and activity monitoring
• Zero-Trust access architecture
• Secure API and integration controls

Despite these measures, no system is completely immune to risk.

14. Data Retention

We retain personal data only for as long as necessary to:

• Fulfill contractual obligations
• Provide platform functionality
• Meet legal and regulatory requirements

Customer Data retention is determined by customer-defined policies and contractual agreements.

15. User Rights & Privacy Choices

Depending on jurisdiction, individuals may have rights to:

• Access personal data
• Correct inaccurate data
• Request deletion of personal data
• Restrict or object to processing
• Request data portability
• Withdraw consent where applicable

Requests may be submitted via: support@coreneural.ai

We may require identity verification before processing requests.

16. Cookies & Tracking Technologies

CoreNeural may use cookies and similar technologies to:

• Maintain secure sessions
• Analyze platform performance
• Improve user experience
• Support marketing and analytics (website only)

Users can manage cookie preferences through browser settings.

17. Children’s Privacy

CoreNeural services are intended for enterprise and professional use only.

We do not knowingly collect personal data from individuals under the age of 16.

18. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in laws or regulations
• Updates to our services or technology
• Improvements to privacy and security practices

Updated versions will be posted on this page with the revised effective date.

19. Contact Information

For privacy-related questions or requests, contact:

CoreNeural Privacy Team

Email: support@coreneural.ai

Address: 68, Akashneem Marg, Gurgaon, Haryana 122002

20. Governing Law

This Privacy Policy shall be governed by applicable data protection laws relevant to the jurisdictions in which CoreNeural operates and provides services.

21. Supplemental Notice for Enterprise Customers

Where CoreNeural processes personal data on behalf of enterprise customers, such processing is governed by:

• The applicable Commercial SaaS Agreement
• The Data Processing Addendum (DPA)
• Customer-defined governance and retention policies

In such cases, the enterprise customer remains the primary Data Controller responsible for determining lawful processing purposes.