Legal
Privacy Policy
How NeuralScope collects, uses, discloses, and protects personal information.
Last updated: 7 July 2026
1. Introduction and Scope
NeuralScope ("we", "us", "our") is committed to protecting the privacy and security of personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard personal information when you visit neuralscope.life (the "Website"), use our AI observability platform, participate in our training programmes, engage our professional services, or otherwise interact with us.
This policy applies to all personal information collected by NeuralScope in the course of our commercial activities. It does not apply to information collected by third parties through links on our Website or to anonymised, aggregated data that cannot reasonably identify an individual.
By using our Website or services, you acknowledge that you have read and understood this Privacy Policy. Where we require your consent to collect, use, or disclose personal information, we will obtain it through clear and meaningful means — such as an unchecked consent checkbox on our contact form — before processing your data.
2. Accountability
NeuralScope is responsible for personal information under our control. We have designated a privacy contact responsible for compliance with this policy and PIPEDA's ten fair information principles. For privacy-related enquiries, complaints, or requests to exercise your rights, contact:
Privacy Officer
NeuralScope
296 Richmond Street West, Suite 402
Toronto, ON M5V 1X2, Canada
Email: [email protected]
3. Information We Collect
3.1 Information You Provide Directly
We collect personal information that you voluntarily provide, including:
- Contact form submissions: name, email address, subject selection, message content, and PIPEDA consent confirmation.
- Programme and service enquiries: professional details, organisation name, technical requirements, and correspondence.
- Contractual engagements: billing information, authorised signatory details, and project-related communications.
- Studio visits and events: registration information and attendance records.
3.2 Information Collected Automatically
When you visit our Website, we may automatically collect:
- IP address and approximate geographic location derived from IP
- Browser type, operating system, and device characteristics
- Pages visited, time spent, navigation paths, and referring URLs
- Cookie and local storage data as described in our Cookie Policy
Automatic collection via analytics cookies occurs only with your consent. Strictly necessary cookies for site operation and consent storage function regardless of analytics consent.
3.3 Platform and Service Data
When you use the NeuralScope observability platform or engage our professional services, we may process technical data from your inference estate as directed by your organisation. This may include model metadata, telemetry metrics, trace spans, log entries, and configuration data. Such data is governed by separate data processing agreements with client organisations. Individual end-user personal information within client telemetry is processed solely on behalf of and under the instructions of our clients.
4. Purposes for Collection and Use
We collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances. These purposes include:
- Responding to enquiries submitted through our contact form or email
- Delivering training programmes, professional services, and platform access
- Processing transactions and managing contractual relationships
- Improving our Website, platform, and service offerings through analytics (with consent)
- Complying with legal obligations, including tax reporting and regulatory requirements
- Protecting the security and integrity of our systems and preventing fraud
- Communicating service updates, security notices, and policy changes
We will not use your personal information for purposes other than those identified at the time of collection without obtaining your additional consent, except where permitted or required by law.
5. Consent
PIPEDA requires meaningful consent for the collection, use, and disclosure of personal information. We obtain consent through:
- Explicit opt-in checkboxes on forms (consent is never pre-checked)
- Cookie banner choices (accept all, reject all, or customise)
- Written agreements for service engagements and platform deployments
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide certain services. To withdraw consent, contact [email protected].
6. Disclosure of Personal Information
We do not sell, rent, or trade personal information. We may disclose personal information to:
- Service providers: hosting providers, email delivery services, and analytics tools that assist in operating our Website and business, bound by confidentiality obligations and data processing terms.
- Professional advisors: lawyers, accountants, and auditors as required for legitimate business purposes.
- Legal authorities: when required by law, court order, or governmental regulation, or to protect the rights, property, or safety of NeuralScope, our clients, or others.
- Business transactions: in connection with a merger, acquisition, or sale of assets, with notice to affected individuals where required.
Any third-party service provider that processes personal information on our behalf must provide a comparable level of protection and use the information only for the purposes we specify.
7. Cross-Border Data Transfers
NeuralScope's primary data residency is in Canada. Some service providers may process data in the United States or other jurisdictions. When personal information is transferred outside Canada, we ensure appropriate safeguards are in place — including contractual clauses requiring protection equivalent to PIPEDA standards — and we inform you of the transfer and associated risks where required.
8. Retention
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods include:
- Contact form submissions: 24 months from last interaction, unless a business relationship develops
- Client contractual records: duration of engagement plus 7 years for tax and legal compliance
- Analytics data: 12 months from collection
- Cookie consent records: until cleared by user or 24 months of inactivity
When personal information is no longer required, we securely delete or anonymise it.
9. Security Safeguards
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold. These measures include:
- Encryption of data in transit (TLS 1.2 or higher) and at rest for platform telemetry
- Access controls limiting personal information to authorised personnel on a need-to-know basis
- Regular security assessments of our platform infrastructure
- Employee privacy and security training
- Incident response procedures for suspected data breaches
While we take reasonable precautions, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but will notify affected individuals and the Office of the Privacy Commissioner of Canada of breaches posing a real risk of significant harm, as required by PIPEDA.
10. Individual Access and Rights
Under PIPEDA, you have the right to:
- Request access to personal information we hold about you
- Request correction of inaccurate or incomplete information
- Withdraw consent for future processing (subject to legal and contractual limits)
- File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not handled your information appropriately
To exercise these rights, submit a written request to [email protected]. We will respond within 30 days, as required by PIPEDA. We may request verification of your identity before processing access requests.
11. Children's Privacy
Our Website and services are directed at business and technical professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected information from a minor, we will take steps to delete it promptly.
12. Openness
We make information about our privacy practices readily available through this policy, our Cookie Policy, and our Legal Imprint. Our privacy officer is available to answer questions about our information handling practices.
13. Challenging Compliance
If you have concerns about our compliance with this policy or PIPEDA, contact our privacy officer at [email protected]. We will investigate all complaints and respond within a reasonable timeframe. If you are not satisfied with our response, you may contact:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, QC K1A 1H3
Toll-free: 1-800-282-1376
www.priv.gc.ca
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top indicates the most recent revision. Material changes will be communicated through our Website or direct notification where appropriate. Continued use of our services after changes constitutes acceptance of the updated policy.
15. Contact
For all privacy enquiries:
[email protected]
NeuralScope, 296 Richmond Street West, Suite 402, Toronto, ON M5V 1X2, Canada
Phone: +1 (289) 555-6184