Privacy Policy

1. General Information

This privacy policy describes how Neurocrypto collects, uses and protects your personal data when using our artificial intelligence platform NEMESIS AI, accessible via the subdomain nemesis.neurocrypto.ai.

Data Protection Officer (DPO):
Neurocrypto has not appointed a Data Protection Officer (DPO). For any questions regarding the protection of your personal data, you can contact our support team

2. Data Collected

When using NEMESIS AI, we collect the following data:

• Authentication data: Email address (via Google OAuth for accounts created with Google Auth, or email provided during manual registration)
• Conversation data: Complete history of your interactions with the NEMESIS AI artificial intelligence
• Connection data: Session cookies necessary to maintain your authentication
• Technical data: IP address, browser type, connection timestamps (server logs)

3. Purpose of Processing

Your personal data is collected and processed for the following purposes:

• Service provision: Enable your authentication and access to NEMESIS AI
• Personalization: Maintain the history of your conversations for service continuity
• Security: Prevent abuse, fraud and violations of our terms of use
• Service improvement: Analysis of usage to optimize NEMESIS AI performance

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

• Consent: You consent to the processing of your data by using NEMESIS AI and accepting this policy
• Contract performance: Processing is necessary to perform the service you requested
• Legitimate interest: Improvement and security of our services

5. Retention Period

Your data is retained for the following periods:

• Conversations: Retained indefinitely as long as your account is active, unless deleted by you
• Authentication data: Retained as long as your account exists
• Session cookies: Automatically deleted upon logout
• Server logs: Retained for a maximum of 12 months for security reasons

6. Hosting and Data Location

All your data is hosted on servers located in France. Your conversations are stored in a secure MongoDB database, accessible only by our systems.

7. Cookies Used

NEMESIS AI uses only strictly necessary cookies for service operation:

• Session cookies: Maintain your authentication during your visit
• OAuth cookies: Manage authentication via Google (if you use Google Auth)

We do not use any third-party tracking, advertising or analytics cookies.

8. Your GDPR Rights

In accordance with GDPR, you have the following rights:

• Right of access: Obtain a copy of your personal data
• Right of rectification: Correct your inaccurate data
• Right to erasure: Delete your account and all your data (upon request via the contact page)
• Right to restriction: Restrict the processing of your data in certain cases
• Right to portability: Retrieve your data in a structured format
• Right to object: Object to the processing of your data
• Right to withdraw consent: Withdraw your consent at any time

To exercise these rights, contact us via the contact page. We will respond within a maximum of 30 days.

9. Account Deletion

You can request the deletion of your account at any time by contacting our team via the contact page. This action results in:

• Immediate deletion of all your conversations
• Deletion of your authentication data
• Permanent loss of access to your history

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for all communications
• DDoS protection and application firewall via Cloudflare
• Secure authentication via Google OAuth
• Secured database with restricted access
• Servers hosted in France with physical and logical protections
• Regular and encrypted backups
• Continuous monitoring of access and intrusion attempts

Cloudflare: Our infrastructure uses Cloudflare services to ensure protection against DDoS attacks, optimize performance and secure connections. Cloudflare may temporarily process your connection data (IP address, HTTP headers) in accordance with its own privacy policy.

11. Data Sharing

We never sell, rent or share your personal data with third parties, except in the following cases:

• Legal obligation: If required by a judicial or administrative authority
• Rights protection: To protect our rights, our security or that of others
• Google OAuth: If you use Google Auth, Google processes your authentication data according to its own privacy policy
• Cloudflare: For securing and optimizing our infrastructure (temporary processing of connection data)

12. Policy Changes

We reserve the right to modify this privacy policy at any time. In case of substantial modification, we will inform you by email or via a notification on NEMESIS AI.

The last update date is indicated at the top of this page.

13. Complaint

If you believe that your rights are not being respected, you can file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés):