Privacy Policy

1. Scope

This Privacy Policy describes how InterNeuron Labs Inc. ("InterNeuron Labs," "Recursite," "we," "our") collects, uses, discloses, retains, and otherwise processes personal data when we act as a data controller.

• This policy applies where we act as a data controller for individuals using Recursite directly, including our websites, applications, and consumer offerings.
• This policy does not apply where we process personal data solely on behalf of an enterprise customer as a processor. In those cases, the customer controls that data and their policies apply.
• This policy also does not replace third-party privacy notices for services you choose to connect to or access through Recursite.
• By accessing or using Recursite, you acknowledge the practices described in this policy, subject to rights available under applicable law.

2. Information We Collect

We collect the following categories of information.

• Identity and contact data, such as name, email address, account identifiers, profile information, authentication records, and indirect identifiers we generate for account administration.
• Account and authentication data, such as sign-in activity, session metadata, linked identity provider details, verification status, security events, and related fraud-prevention signals.
• Payment and transaction data, such as billing records, subscription plan details, invoices, payment status metadata, and limited payment information provided by payment processors.
• Inputs, outputs, files, and communications you provide while using Recursite features, including prompts, generated responses, uploaded files, project content, agent activity, and support messages.
• Feedback and quality signals, such as ratings, issue reports, comments, surveys, troubleshooting details, and other information you provide about your experience.
• Technical and device data collected automatically, such as IP address, approximate location derived from IP address, browser and OS details, device information, timestamps, log data, referral URLs, diagnostics, and performance events.
• Usage data, such as pages viewed, features used, interactions, search or navigation activity, session duration, and links clicked.
• Cookie and similar technology data, including strictly necessary cookies, local storage values, optional analytics tags, and optional personalization or marketing technologies depending on your settings.

3. Sources of Personal Data

• Directly from you when you register, configure your account, communicate with us, use features, or submit content.
• Automatically from your device or browser when you access our website or apps.
• From third-party services you connect or authenticate with, including identity providers and integrations where applicable.
• From service providers that support fraud prevention, security, payments, analytics, hosting, customer support, and communications.
• From business and operational partners where legally permitted.

4. How We Use Personal Data

• To provide, maintain, and operate our services and account features.
• To provide optional features, integrations, personalization, and product workflows that you request or enable.
• To authenticate users, secure accounts, detect abuse, and enforce our Terms and Usage Policy.
• To process purchases, billing, invoices, subscriptions, and payment administration.
• To provide customer support, respond to requests, send service notices, and communicate about product updates or events.
• To monitor reliability, debug errors, troubleshoot incidents, and repair functionality.
• To investigate and resolve disputes, suspected misuse, and security issues.
• To conduct research and product improvement, including feature evaluation, model and agent quality evaluation, safety work, and service analytics where permitted by law and contractual commitments.
• To comply with legal obligations and protect rights, safety, and security.

5. Cookies and Consent Choices

We use cookies and similar technologies for the purposes below.

• Strictly necessary cookies are required for essential site functionality, authentication, session management, security, fraud prevention, and account workflows.
• Preference technologies, including local storage, help us remember choices such as cookie consent settings and product preferences.
• Analytics cookies and tags are used to understand service usage, reliability, and product performance. They are loaded only after consent where required.
• Personalization and marketing technologies are used only where enabled and permitted, including to measure campaign effectiveness and tailor communications.
• You can update your preferences through Privacy choices in the footer. Current consent settings are stored in local storage and applied to analytics initialization.
• You may also control cookies through browser settings, though disabling essential cookies may prevent sign-in, saved preferences, and other functionality.

6. How We Disclose Personal Data

• Service providers and subprocessors supporting hosting, authentication, analytics, payments, customer support, communications, compliance, and security operations.
• Affiliates, advisors, auditors, insurers, and professional service providers on a need-to-know basis.
• Government authorities, regulators, courts, and law enforcement where required by law or where disclosure is necessary to protect rights, safety, and security.
• Relevant parties in connection with mergers, acquisitions, financings, bankruptcy, reorganization, or other corporate transactions.
• Third-party services you intentionally connect or access through integrations, which are governed by those third parties' terms and policies.
• Other parties with your direction, consent, or instruction, including when you choose to share content outside Recursite.

7. Data Retention and Lifecycle

• We retain personal data for as long as reasonably necessary for the purposes described in this policy, including account administration, service delivery, security, legal compliance, and dispute handling.
• Retention periods vary by data type, product context, account status, user settings, legal obligations, and operational needs.
• When data is no longer needed, we delete, anonymize, or de-identify it according to applicable law and technical feasibility.
• We may process aggregated or de-identified information to understand service usage, evaluate product quality, conduct research, and improve reliability.
• We may retain limited records where needed for security, fraud prevention, legal claims, compliance, accounting, or audit purposes.

8. Security Controls

• We implement technical and organizational safeguards designed to protect confidentiality, integrity, and availability of personal data.
• Safeguards include access controls, monitoring, encryption in transit where appropriate, incident response procedures, logging, and vendor risk management.
• We limit access to personal data to personnel and service providers with a business need and appropriate confidentiality obligations.
• No method of transmission or storage is completely secure. If you suspect unauthorized access, contact us promptly.

9. Rights and Choices

Depending on your location and applicable law, you may have one or more of the rights listed below.

• Right to know or access personal data we process about you, including categories of data, sources, purposes, and recipients.
• Right to receive a copy of personal data or request portability where applicable.
• Right to correction of inaccurate or incomplete personal data, subject to technical feasibility and legal limits.
• Right to deletion, subject to legal, security, fraud-prevention, accounting, and operational exceptions.
• Right to object to or restrict certain processing where applicable.
• Right to withdraw consent where consent is the legal basis, without affecting processing that occurred before withdrawal.
• Right to appeal certain request denials where applicable.
• Right to non-discrimination for exercising privacy rights.
• Right to opt out of certain targeted advertising, sale, or sharing activities where those concepts apply under local law.

10. Exercising Rights

• To submit a request, email privacy@interneuronlabs.com with enough information for us to verify your identity and process your request.
• You may designate an authorized agent where permitted by law. We may request evidence of authorization.
• We may deny or limit a request where an exemption applies, such as legal obligations, security, fraud prevention, confidential information, trade secrets, or rights of others.
• If your request is denied, you may appeal by replying to our decision communication or contacting privacy@interneuronlabs.com.
• You can manage optional cookie choices through Privacy choices in the footer and can unsubscribe from marketing communications through instructions in those messages.

11. International Data Transfers

• We may process personal data in countries other than your country of residence, including the United States and other locations where we or our service providers operate.
• Where required by law, we rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, and equivalent safeguards.
• We assess transfer risks and apply additional protections as appropriate.

12. Children's Privacy

• Our services are not directed to children under 13, or a higher age threshold where required by local law.
• If we learn we collected personal information from a child without appropriate consent, we will take steps to delete it.

13. Automated Decision-Making

• We do not make decisions based solely on automated processing that produce legal or similarly significant effects about individuals unless we disclose that practice and provide rights required by applicable law.
• Recursite may use automated systems to operate features, detect abuse, enforce policies, prioritize support, and improve reliability, subject to applicable law.

14. Changes to This Policy

• We may update this Privacy Policy from time to time.
• If we make material changes, we will update the effective date and provide notice where required.

15. Contact Information

• InterNeuron Labs Inc.
• Email: privacy@interneuronlabs.com
• General support: hello@interneuronlabs.com
• If you are located in a jurisdiction with a supervisory authority or privacy regulator, you may have the right to contact that authority about privacy concerns.

16. Regional Supplemental Disclosures

Residents of specific regions may receive additional rights and disclosures. In case of conflict, applicable local law governs.

• EEA/UK/Switzerland: You may have GDPR-equivalent rights, including access, correction, deletion, portability, objection, restriction, consent withdrawal, and complaint rights with supervisory authorities.
• California and other U.S. states with privacy laws: You may have rights to know, access, delete, correct, portability, appeal, and opt out of certain sale, sharing, targeted advertising, or profiling activities as defined by local law.
• Canada: We process personal data with consent or another basis permitted by law. You may withdraw consent subject to legal or contractual restrictions and reasonable notice.
• Brazil: You may have LGPD rights including confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about sharing, consent withdrawal, and review of certain automated decisions.
• Republic of Korea and other regions: Additional local disclosures, representatives, transfer mechanisms, retention notices, or request procedures may apply based on regional legal requirements.