Privacy Policy

This policy applies to all personal data collected through Neural Defend's websites, applications, services, Atlas APIs, and other interactions with individuals.

• Personal Data — information relating to an identified or identifiable individual.
• Processing — any operation on personal data (collection, storage, use, disclosure, deletion).
• Data Controller — entity determining purposes and means of processing.
• Data Processor — entity processing data on behalf of a controller.
• DPO — Data Protection Officer (held by the CDO/CISO).
• Biometric Data — facial images and embeddings processed by Atlas; treated as sensitive personal data.

• Identification: name, email, phone, address, date of birth.
• Account: username, hashed password, preferences.
• Financial: payment metadata, billing address (payment processing handled by a PCI-DSS compliant gateway).
• Technical: IP address, device identifiers, operating system, cookies, usage analytics.
• Biometric (Atlas): face images submitted by clients for deepfake detection. Processed in-memory only; not persisted (data-minimisation by design).
• Sensitive Personal Data: only with explicit consent or legal basis.

Neural Defend's Atlas service processes client-submitted content (images, video, audio, and any other media) strictly in-memory and on-the-fly for the sole purpose of generating a detection prediction. The submitted content is never written to persistent storage (no disk, no database, no object store, no backup, no log, no archive) and is discarded from memory immediately after the prediction is returned to the client.

We retain only the following non-content metadata for billing, audit, and service-improvement purposes:

• Request ID and timestamp.
• Authenticated client / tenant ID.
• Inference outcome (confidence score / classification label).
• Resource consumption metrics (request size in bytes, duration, HTTP status code).
• Source IP and User-Agent (security telemetry).

No content reconstruction is possible from the metadata. No client-submitted face images or media are transmitted to any external AI service or third-party generative AI provider.

• Directly from individuals (forms, accounts, support).
• Automatically via cookies, analytics, and logs.
• From clients (B2B integrations) where individuals are end-users of client services.

For details on cookies, see our Cookie Policy.

• Consent — explicit consent for marketing or biometric processing where applicable.
• Contractual Necessity — fulfilling a contract with the data subject or our client.
• Legal Obligation — compliance with laws and regulators.
• Legitimate Interests — fraud prevention, security, and service improvement.

• Provide and improve Atlas and related services.
• Process transactions and manage accounts.
• Communicate updates, offers, and support.
• Conduct analytics and research (using de-identified data where possible).
• Ensure security, detect fraud, and comply with legal obligations.

• Service providers and sub-processors under contractual privacy and security terms.
• Legal compliance — to respond to lawful requests, subpoenas, or court orders.
• Business transfers — in case of merger or acquisition (with continuity of protections).
• With consent — when the individual explicitly agrees.

Personal data is retained only as long as necessary for the purposes collected, unless a longer retention period is required by law.

• Encryption at rest (Azure Storage / SQL TDE) and in transit (TLS 1.2+).
• Identity and access controls via Microsoft Entra ID; MFA mandatory.
• Regular vulnerability scanning, audits, and security assessments.
• Logging and monitoring via Azure Monitor and Microsoft Sentinel.
• Data residency — production data resides in Azure Central India; DR in Azure South India.

Depending on jurisdiction, you may exercise the following rights by contacting our DPO at sumit@neuraldefend.com:

• Access — request access to data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data ("right to be forgotten").
• Data Portability — receive your data in a portable format.
• Restriction — limit processing.
• Objection — object to certain processing (e.g., direct marketing).
• Withdraw Consent — where processing is consent-based.

Cookies and similar technologies enhance your experience on our Site. Preferences are manageable via the cookie banner or browser settings. See our Cookie Policy for full details.

Neural Defend does not knowingly collect personal data from children under 18. If such data is identified, it is deleted promptly.

Our website may contain links to third-party sites. We are not responsible for their privacy practices.

Where personal data is transferred outside the country of collection, appropriate safeguards are applied (Standard Contractual Clauses, adequacy decisions, or explicit consent). On-premise / sovereign deployment is offered for clients with strict data-residency obligations (e.g., UAE PDPL).

This policy is reviewed annually or when laws, regulations, or business practices materially change. Material changes are notified to data subjects.

Neural Defend Private Limited
CIN: U63999DL2024PTC429114
Registered Office: 00/5 G/F Jai Bihar Block-F-2, Baprola, South West Delhi, Delhi 110043, India
Data Protection Officer: sumit@neuraldefend.com
General Support: support@neuraldefend.com