NeuralTalk NeuralTalk
PTEN

Privacy Policy — NeuralTalk

Last updated: 17/06/2026

Privacy and the protection of personal data are priorities for NeuralTalk. This Privacy Policy explains how NeuralTalk collects, uses, stores, shares, and protects information in the context of our website, our multichannel customer service platform, and related services. NeuralTalk is operated by Jéssica Naiara dos Santos, registered under CNPJ No. 42.182.370/0001-37, headquartered in Londrina/PR, Brazil. We process personal data in accordance with the Brazilian General Data Protection Law (LGPD) – Law No. 13.709/2018. By using our services, you acknowledge that you have read and understood this Policy.

1. Scope

This Policy applies to the processing of personal data carried out in connection with:

  • Our institutional website and promotional pages;
  • The NeuralTalk platform, including the customer management panel;
  • Administrator users and agents who access the platform;
  • The clients’ end contacts (consumers, leads, students, patients, guardians, and other individuals who interact with our clients);
  • The messages and content processed by the platform;
  • Integrations with third-party channels and services;
  • Automations and artificial intelligence (AI) features;
  • The cookies and tracking technologies used;
  • Support and customer service channels.

2. Roles under the LGPD

The LGPD distinguishes between different roles in the processing of personal data. Depending on the situation, NeuralTalk may act in different roles:

When NeuralTalk acts as Controller

In relation to data of website visitors, leads, and direct customers (for example, registration, billing, and communication data), NeuralTalk may act as Controller, defining the purposes and means of processing.

When NeuralTalk acts as Processor

In relation to messages, contacts, conversation histories, and other end-client data processed on behalf of the contracting companies, NeuralTalk normally acts as Processor (Operator), processing data according to the Client’s instructions.

The contracting Client as Controller

The Client who contracts the platform is the Controller of the data of its own customers, leads, students, patients, guardians, consumers, and contacts. It is the Client’s responsibility to define the purposes of processing, ensure an appropriate legal basis, inform data subjects, and configure the platform in compliance with the LGPD.

3. Data Collected

We may collect and process the following categories of data:

Registration data

  • Name, company, CNPJ (corporate taxpayer ID);
  • Email, phone, address;
  • Billing data.

User data

  • Name, email, phone;
  • Role and permissions;
  • Access logs.

Channel data

  • WhatsApp numbers and connected accounts;
  • Tokens and page identifiers;
  • Integration data and connection status.

Conversation data

  • Contact name, phone, and email;
  • Messages, audio, images, videos, and documents;
  • Service history, tags, and internal notes;
  • Agent responsible for the service.

Technical data

  • IP address, browser, device, and operating system;
  • Date and time of access, logs, and usage events;
  • Cookies and similar identifiers.

Payment data

  • Contracted plan and billing status;
  • Financial history;
  • Data processed by payment gateways.

AI data

  • Prompts and knowledge bases;
  • Questions and answers;
  • Agent configurations and content used for automation.

4. Sensitive Data

NeuralTalk does not require sensitive personal data for the general operation of the platform. However, depending on how the Client uses it, sensitive data may pass through the platform, such as health data, data of minors, school information, financial data, or other data protected by law.

When this occurs, the Client, as Controller, is responsible for:

  • Adopting an appropriate legal basis for the processing;
  • Informing data subjects about the processing;
  • Configuring the platform in a manner compatible with the LGPD and other applicable rules.

5. Purposes of Processing

We process personal data for the following purposes:

  • To create and manage user accounts;
  • To provide the contracted services;
  • To centralize messages from different channels;
  • To operate integrations with third-party channels and services;
  • To enable service by teams of agents;
  • To execute automations configured by the Client;
  • To process artificial intelligence features;
  • To provide support to the Client;
  • To improve and enhance the platform;
  • To ensure the security of the services;
  • To prevent fraud and misuse;
  • To comply with legal and regulatory obligations;
  • To carry out billing and manage payments;
  • To send operational communications;
  • To send commercial communications, where permitted.

NeuralTalk’s processing of personal data may be based on the following legal bases provided for in the LGPD:

  • Performance of a contract or preliminary procedures;
  • Compliance with a legal or regulatory obligation;
  • Legitimate interest;
  • Consent, where applicable;
  • Regular exercise of rights in judicial, administrative, or arbitration proceedings;
  • Credit protection, where applicable.

7. Sharing with Third Parties

In order to provide the services, NeuralTalk may share personal data with third parties, always to the extent necessary, including:

  • Hosting and cloud infrastructure providers;
  • Database providers;
  • Artificial intelligence services;
  • Payment gateways;
  • Email delivery services;
  • Authentication services;
  • Messaging platforms;
  • Meta, WhatsApp, Instagram, Facebook, TikTok, Telegram, and other connected channels;
  • Analytics and monitoring services;
  • Technical support providers;
  • Public authorities, when required by law or court order.

NeuralTalk does not sell personal data.

8. International Transfer

Some data may be processed outside Brazil, as part of our cloud, AI, infrastructure, payment, and messaging providers may operate in other countries. In these cases, we seek to adopt appropriate measures to protect the data, in accordance with the LGPD.

9. Security

We adopt reasonable security measures, both technical and administrative, to protect personal data against unauthorized access, loss, and misuse, such as:

  • Access control;
  • Encryption, where applicable;
  • Log recording;
  • Permission segregation;
  • Backups;
  • Monitoring;
  • Complementary administrative and technical measures.

Although we make ongoing efforts to protect data, no system is completely immune to incidents, and absolute security cannot be guaranteed.

10. Retention

Personal data is retained for as long as the account is active and for as long as necessary for the purposes described in this Policy. Data may be retained for an additional period to comply with legal obligations, audits, security, billing, or the regular exercise of rights.

Conversation data and files follow the storage limits of the contracted plan. After cancellation, there is a retention period before definitive deletion, and backups may retain data for an additional technical period. Further details may be set out in our Backup and Data Retention Policy.

11. Data Subject Rights

Under the LGPD, data subjects may exercise the following rights:

  • Confirmation of the existence of processing;
  • Access to the data;
  • Correction of incomplete, inaccurate, or outdated data;
  • Deletion of data, where applicable;
  • Portability;
  • Withdrawal of consent;
  • Information about data sharing;
  • Objection to processing carried out on a basis other than consent;
  • Review of automated decisions, where applicable.

When NeuralTalk acts as Processor, requests from end data subjects (customers, leads, students, patients, guardians, and contacts) must be directed to the contracting Client, who is the Controller of such data.

12. Cookies

We use cookies and similar technologies, which may be:

  • Essential cookies, necessary for the operation of the website and the platform;
  • Analytics cookies, which help us understand usage and improve the services;
  • Marketing cookies, where applicable, for promotional purposes.

You can disable or manage cookies in your browser settings, being aware that this may affect some features. Further information may be set out in our Cookie Policy.

13. Children and Adolescents

The platform may process data of guardians, students, or minors when used by educational institutions or organizations that serve this audience. In these cases, the contracting institution is responsible for ensuring an appropriate legal basis, obtaining the necessary authorizations, and complying with the Statute of the Child and Adolescent (ECA), the LGPD, and other applicable rules.

14. Clinics and Healthcare

When the platform is used by clinics, laboratories, or healthcare companies, health data and other sensitive data may pass through it. In these cases, the Client is responsible for ensuring an appropriate legal basis, observing professional confidentiality, obtaining the necessary authorizations, and complying with applicable rules.

15. AI and Privacy

The platform may process data through artificial intelligence features to generate responses, suggestions, classifications, automations, and conversation analysis. The Client is responsible for configuring AI with caution and for the content generated and sent to its contacts.

Data processed on the platform is not used for the public training of third-party models, except with authorization. When AI processing depends on external providers, it is subject to the conditions and practices of those providers.

16. Data Protection Officer / Privacy Contact

For questions about privacy and the LGPD, please contact us at: [email protected].

17. Updates to This Policy

This Privacy Policy may be updated periodically. Relevant changes will be communicated by email, notice in the platform panel, or publication on the website. We recommend that you review this document periodically.