Privacy Policy
Coming Phase 1.5This Privacy Policy explains how Neumannic handles your data — what we collect, how we use it, who we share it with, and the rights you have over it. Last updated June 12, 2026 · v1.0. The detailed prose is being authored as part of the Phase 1.5 docs expansion; the structure below is the binding outline. The data-handling commitments named in the ZDR Posture and GDPR Rights sections are normative and final.
Information we collect
We collect information you provide directly (account profile, workspace settings, content you create through the Services), information generated by your use of the Services (usage logs, request metadata, error reports), and information from third-party integrations you authorize (sign-in providers, payment processor, optional connected services). The detailed inventory of data fields is part of this section.
How we use information
We use your information to provide and operate the Services, to route your requests to the model provider best suited to the integration point and your tier, to bill you for paid features, to communicate with you about your account, to detect and respond to security incidents, and to comply with our legal obligations. We do not use your content to train the models we route to.
Sub-processors
Neumannic uses a multi-provider model-routing architecture. The set of model providers we route to as of this Policy version is: Anthropic, OpenAI, Qwen (Alibaba Cloud), DeepSeek, Together AI, Fireworks AI, Google Gemini, fal, and Replicate. Each provider handles a distinct integration point (chat, embeddings, vision, image generation), and the routing decision per integration point is configurable. The detailed mapping of which provider serves which integration point per tier — together with the operational sub-processors that support the platform (authentication, billing, email, analytics, observability) — is maintained in a separate sub-processor registry that will be linked here when it ships in the Phase 1.5 docs expansion.
Data retention
We retain account data for the life of your account plus a defined wind-down window after account closure. We retain audit logs for ninety days at full payload, and an indefinite skeleton-row archive for compliance traceability. We retain billing records for the duration required by tax and accounting law. Prompts and outputs routed to sub-processors are NOT retained by those sub-processors beyond the in-flight request lifecycle — see the next section.
Zero-Data-Retention posture
Neumannic operates under Zero-Data-Retention contracts with all LLM providers; prompts and outputs are NOT retained by sub-processors beyond the in-flight request lifecycle, in compliance with INVARIANT-29.
This commitment is non-negotiable. No tier, no admin override, no opt-in opt-out flips a request into a non-ZDR routing path. For the technical detail on how this posture is enforced — including the CI lint, the admin-UI gate, and the runtime fail-safe — see our Security page.
Your GDPR rights
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable data-protection law, you have the following rights over your personal data:
- The right to access the personal data we hold about you.
- The right to rectification of inaccurate or incomplete data.
- The right to erasure (the right to be forgotten), subject to applicable retention obligations.
- The right to data portability — to receive your data in a structured, machine-readable format.
- The right to restriction of processing in defined circumstances.
- The right to object to processing based on legitimate interests or for direct-marketing purposes.
- The right to withdraw consent at any time, for processing based on consent.
- The right to lodge a complaint with the supervisory authority in your member state.
To exercise any of these rights, contact us at privacy at neumannic dot com. Workspace owners can initiate access, export, and erasure flows directly from the account settings surface; the full in-app self-serve flow ships as part of the Phase 1.5 account-controls expansion.
Children's privacy
Neumannic is not directed at children. We do not knowingly collect personal data from children under thirteen. If you become aware that a child has provided us with personal data, please contact us so we can delete it.
International data transfers
Some of our sub-processors are located outside your jurisdiction. Where personal data is transferred to a jurisdiction that has not been deemed adequate by the European Commission, we rely on Standard Contractual Clauses, sub-processor data-processing agreements, and the supplementary measures appropriate to the destination. The detail of these safeguards is part of this section.
Changes to this Policy
We may amend this Privacy Policy from time to time. Material changes are communicated by email to the address on file for your account and by an in-app notification at least thirty days before they take effect. The change log identifying each version's substantive amendments is preserved as part of this Policy.
Contact
Privacy questions can be directed to privacy at neumannic dot com. Where required by applicable law, a designated data protection officer can be reached at the same address; the DPO contact will be updated here when the appointment is finalized for the relevant jurisdictions.
Effective date and version
This Privacy Policy is version v1.0, last updated June 12, 2026. The full revision history is maintained internally and can be requested through the contact channel above.