Privacy Policy

Last updated: May 25, 2026 · Version 2026-05-25

1. Introduction

Neural Marketer LLC, doing business as NeuralMarketer (“NeuralMarketer,” “we,” “our,” or “us”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use neuralmarketer.com, our dashboard, our APIs, and our connected services (collectively, the “Service”).

Data Controller: Neural Marketer LLC, 629 N High St, Columbus, OH 43215, United States. Contact: andy@neuralmarketer.com.

We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), and other applicable data protection laws. By using the Service you consent to the practices described here. If you do not agree, do not use the Service.

2. Information We Collect

2.1 Information you provide directly

  • Account data: email address, password (hashed by Firebase Authentication, never stored in plaintext by us), display name and profile photo if you sign in with Google.
  • Business profile: company name, website URL, business type, monthly marketing budget, mailing address, phone number, industry, services offered, average order value, default messaging tone, booking link.
  • CRM & contacts: contact name, email, phone, tags, notes, and segment that you import or capture through the Service.
  • FunnelVantage scan inputs: the website URL you submit, your business type, your monthly budget range, and infrastructure selections.
  • Uploaded files: business logos and other assets you upload, stored in Google Cloud Storage.
  • Payment information:name, billing address and card data — entered directly into Stripe’s hosted checkout. We never see, store, or transmit your card number.
  • Communications: messages you send us via contact form, support requests, and in-app feedback.

2.2 Voice calls (AI Receptionist)

If you activate the AI Receptionist service, calls placed to the Twilio phone number we provision for your business are answered by an automated voice agent operated by us. Such calls are recorded and transcribed. For each call we collect:

  • Caller phone number and (if provided by the carrier) caller name
  • Call duration and outcome (answered, booked, missed, transferred)
  • Audio recording of the call (retained up to 90 days, then permanently deleted)
  • Text transcript of the conversation (retained for the life of your account)
  • Any structured data the AI agent collected during the call (name, intent, etc.)

Recording disclosure to your callers. By default the AI Receptionist plays a notice at the start of each call advising the caller that the call may be recorded for quality and service purposes. Several US states require all-party consent for call recording (currently California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, and Washington). You are responsible for ensuring that the recording-disclosure greeting configured for your business satisfies the consent laws of the jurisdictions where your callers are located.

2.3 Messaging data (DM Bot)

If you connect Instagram, Facebook Messenger, or WhatsApp through DM Bot, we receive and store conversation transcripts between the AI agent and people who message your business. We also store the OAuth tokens and page identifiers required to send and receive messages on your behalf.

2.4 Third-party platform data

When you connect external accounts (Meta Business / Facebook / Instagram / WhatsApp, Google Ads, Google Business Profile), we receive only the data the platform exposes under the scopes you authorize. Typically this includes page or ad-account identifiers, page-access tokens, ad performance metrics, message logs, review data, and appointment details. We do not access content you have not chosen to share.

2.5 Information collected automatically

  • Usage & device data: pages visited, features used, click patterns, IP address, browser and OS, time zone, approximate location (derived from IP).
  • Cookies and similar technologies: see Section 11 below.
  • Log data: request timestamps, error events, security events.

3. How We Use Your Information

We process your personal data for the following purposes, on the lawful bases indicated.

3.1 Service delivery (legal basis: contract performance)

  • Run the FunnelVantage scan and generate visibility scores
  • Operate the AI Receptionist, DM Bot, Database Goldmine, Ads AI, and Review Manager services
  • Process payments, manage subscriptions, and issue receipts
  • Send transactional emails (sign-in, password reset, billing, account events)
  • Provide support and respond to inquiries

3.2 Service improvement & security (legal basis: legitimate interest)

  • Analyze usage patterns to improve features and performance
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Test new features and capacity-plan our infrastructure

3.3 Marketing (legal basis: consent)

  • Send newsletter, product updates, and educational content when you opt in
  • You may unsubscribe at any time using the link in every marketing email

3.4 Legal & compliance (legal basis: legal obligation)

  • Comply with tax, accounting, and other statutory record-keeping obligations
  • Respond to lawful requests from public authorities (see Section 6)

4. AI and Data Processing

The Service relies on large language models (LLMs) and other AI services to generate recommendations, write ad copy, compose messages, transcribe and respond to calls, and produce business analyses. To do this, the following data is sent to third-party AI providers (primarily OpenRouter, which routes requests to upstream models such as GPT-class, Claude-class, and Gemini-class models):

  • Website content fetched during FunnelVantage scans
  • Call transcripts (in real time during a call, for response generation)
  • DM Bot conversation messages
  • Your business profile fields when used as prompt context
  • Anything you type into AI-enabled features (e.g., ad copy generator)

We do not authorize our AI providers to train their models on your data. All AI providers we use are bound by terms that prohibit training on customer inputs. Generated outputs are stored in your account for your use.

AI output is provided as-is and for informational purposes only. It is not legal, medical, financial, or other professional advice. You are responsible for reviewing AI output before relying on, publishing, or sending it.

5. Automated Decision-Making and Profiling

FunnelVantage assigns your website a numeric score and an A–F grade based on 78+ signals (SEO, AEO, GEO, CRO, design, performance). This scoring is automated. It is advisory: it does not restrict your access to any feature of the Service and does not produce legal or similarly significant effects on you.

Under GDPR Article 22, EU/EEA/UK residents have the right to (a) obtain an explanation of how a given score was calculated, (b) express their point of view, and (c) request human review of the score. Email andy@neuralmarketer.com to exercise these rights.

6. Data Sharing and Disclosure

We do not sell or rent your personal information. We share it only with the categories of recipients listed below, each bound by a data-processing agreement (or its equivalent) that restricts use to providing services to us.

6.1 Sub-processors

  • Google LLC(United States) — infrastructure (Cloud Run, Cloud SQL, Cloud Storage), authentication (Firebase Authentication / Identity Platform), analytics (Google Analytics 4), Google Ads connector, PageSpeed Insights data.
  • Stripe, Inc.(United States) — subscription billing, payment processing, refunds.
  • Twilio, Inc.(United States) — AI Receptionist telephony, recording storage, SMS delivery.
  • Meta Platforms, Inc.(United States) — DM Bot OAuth, Instagram / Facebook / WhatsApp messaging, Meta Ads connector.
  • OpenRouter, Inc.(United States) — AI model routing for text generation, transcription, and response generation.
  • Tavily AI, Inc.(United States) — web search and crawl during FunnelVantage scans.
  • DataForSEO, UAB(Lithuania, EU) — SEO data (keyword rank, backlinks, domain metrics).
  • SendGrid (Twilio)(United States) — transactional email delivery, drip sequences, campaign sending.

An up-to-date list of sub-processors is maintained on this page. We will provide prior notice of material changes via email or in-app notice.

6.2 Legal & safety requests

We may disclose information when required by law, valid legal process, or a government request. Our internal procedure for handling such requests requires legal review, data minimization, and user notification where permitted — see our Government Data Request Policy.

6.3 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (and where applicable, obtain your consent) before any personal data becomes subject to a different privacy policy.

6.4 With your consent

For any other purpose, with your explicit consent.

7. Your Rights and Choices

Depending on your location, you have the following rights:

  • Access — obtain a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — ask us to delete your data (“right to be forgotten”)
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — for any processing based on consent
  • Opt-out of sale or share — we do not sell or share personal data for cross-context behavioral advertising, but California residents may submit a verifiable request
  • Non-discrimination — we will not penalize you for exercising your rights

EU / EEA / UK residents may lodge a complaint with the data-protection supervisory authority of your habitual residence, workplace, or where the alleged infringement occurred. A list of EU DPAs is available at edpb.europa.eu.

How to exercise your rights: email andy@neuralmarketer.com from the address on file, or use the self-service Delete Account flow in your account settings. We respond to verified requests within 30 days (extendable to 90 days for complex requests, with notice).

8. Data Retention

  • Account data: kept while your account is active; permanently deleted within 30 days of account deletion.
  • Call recordings: up to 90 days, then permanently deleted.
  • Call transcripts & DM conversation logs: kept while your account is active; subject to deletion on request.
  • FunnelVantage scan results: kept while your account is active; subject to deletion on request.
  • Billing & tax records: retained 7 years to comply with US tax law, even after account deletion.
  • Backups: rolling 30-day backup window; data is purged from backups within 30 days of source deletion.
  • Email engagement logs: 24 months for deliverability optimization, then aggregated or deleted.

9. Data Security

We follow industry-standard security practices, including:

  • TLS 1.2+ for all data in transit
  • Encryption at rest on Cloud SQL and Cloud Storage (Google-managed keys), plus AES-256-GCM application-layer encryption for sensitive tokens and credentials
  • Firebase Authentication with optional Google sign-in; passwords are never stored in plaintext
  • IAM-scoped Cloud SQL access — the API authenticates to the database as a dedicated service account, not a long-lived password
  • HMAC signature verification on every inbound webhook (Stripe, Meta, Twilio)
  • Continuous monitoring and audit logging for administrative actions

No system can guarantee absolute security. If you believe your account has been compromised, contact us immediately at andy@neuralmarketer.com.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours where required by GDPR Article 33
  • Notify affected individuals without undue delay when the risk is high
  • Comply with applicable US state breach-notification laws
  • Describe the nature of the breach, the data affected, likely consequences, and the steps we have taken

11. Cookies and Tracking

The Service uses the following cookies and similar technologies:

  • Essential cookies— required for authentication and core functionality (e.g., the __session cookie set by Firebase Authentication). Always active, no consent required.
  • Analytics cookies (non-EU/UK visitors) — Google Analytics 4 cookies (_ga, _ga_*) load automatically under legitimate interest to measure traffic and improve the product.
  • Analytics cookies (EU / EEA / UK visitors) — Google Consent Mode v2 starts in denied state. Analytics cookies are only set after you accept on the cookie banner.
  • Preference storage— your cookie choice is saved in browser localStorage under cookie_consent for 12 months.

You can change browser cookie settings at any time. EU/EEA/UK visitors can clear the cookie_consent entry in localStorage to be re-prompted by the banner.

12. International Data Transfers

The Service is hosted on Google Cloud Platform in the us-central1 region (United States). Several of our sub-processors are based in the United States or other third countries.

For personal data transferred from the EU / EEA / UK to the United States, we rely on (a) the EU-U.S. Data Privacy Framework (and its UK extension) where the recipient is certified, and (b) the European Commission’s Standard Contractual Clauses (SCCs) where the recipient is not. A list of certified sub-processors is available at dataprivacyframework.gov.

You may request a copy of the SCCs covering a given sub-processor by emailing andy@neuralmarketer.com.

13. Children’s Privacy

The Service is not directed to children under 18, and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal data to us, please contact us and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email and an in-app notice at least 30 days before they take effect. Non-material changes (clarifications, contact updates, etc.) take effect when published. The “Last updated” date at the top of this page tracks each revision.

15. Contact Information

Neural Marketer LLC (d/b/a NeuralMarketer)

629 N High St, Columbus, OH 43215, United States

Privacy contact: andy@neuralmarketer.com

Self-service options

  • Delete your account: Profile → Danger Zone
  • Unsubscribe from emails: link at the bottom of every marketing email
  • EU/UK cookie preferences: clear the cookie_consent entry in localStorage to be re-prompted
  • Data access / portability requests: email the privacy contact above

By using NeuralMarketer you acknowledge that you have read and understood this Privacy Policy. See also our Terms of Service.