Effective Date: 20 February 2026 | Last Updated: 20 February 2026
Neuravant AI Limited ("Neuravant", "we", "us") is the data controller for personal data processed through the NAIL platform and related services. We are committed to protecting your privacy and handling your data transparently and lawfully.
This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Neuravant AI Limited
Registered in England and Wales
Email: privacy@neuravant.ai
ICO Registration Number: [To be registered]
| Data | Purpose | Lawful Basis |
|---|---|---|
| Name, email address | Account creation and communication | Contract performance |
| Company name, role | Subscription management | Contract performance |
| Billing information | Payment processing (via Stripe) | Contract performance |
| Password (hashed) | Account authentication | Contract performance |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Agent endpoint URLs | Running adversarial audits | Contract performance |
| Agent system prompts | Security analysis and classification | Contract performance |
| Agent responses to audit scenarios | Generating NAIL Rating | Contract performance |
| Repository source code (Repo Analyser) | Static risk assessment | Contract performance |
| Behavioural telemetry (fingerprinting) | Anomaly detection and monitoring | Contract performance |
| Decision provenance chains | Tamper-evident audit trail | Contract performance |
| Data | Purpose | Lawful Basis |
|---|---|---|
| IP address, browser type | Security and fraud prevention | Legitimate interest |
| Pages visited, features used | Service improvement | Legitimate interest |
| API call logs | Rate limiting and abuse prevention | Legitimate interest |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Email address (newsletter signup) | Marketing communications | Consent |
| Event registration data | Webinar and conference invitations | Consent |
We do not sell your personal data. We share data only with:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Stripe, Inc. | Payment processing | PCI DSS Level 1 compliant |
| Cloud hosting provider (AWS/GCP) | Infrastructure | Data processing agreement; EU/UK adequacy |
| Insurance underwriting partners | Underwriting and claims (only with your consent) | Data processing agreement; FCA regulated |
| Professional advisors | Legal, accounting, audit | Professional duty of confidentiality |
We will never share your raw Agent source code, system prompts, or audit responses with any third party except at your explicit written request.
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 2 years |
| Audit reports and ratings | Duration of account + 3 years (regulatory retention) |
| Behavioural fingerprints | Duration of monitoring subscription + 1 year |
| Decision provenance chains | Duration of account + 5 years (insurance evidence) |
| Billing records | 6 years (HMRC requirement) |
| Marketing consent records | Until consent withdrawn + 1 year |
| Usage logs | 90 days |
Your data is primarily processed and stored within the United Kingdom. If data is transferred to a country outside the UK, we will ensure appropriate safeguards are in place, including:
Under the UK GDPR, you have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your data (subject to legal retention requirements) |
| Restriction | Request that we limit processing of your data |
| Data Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interest |
| Withdraw Consent | Withdraw marketing consent at any time |
To exercise any of these rights, email privacy@neuravant.ai. We will respond within 30 days.
We use the following cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| session_id | Essential | Authentication session | Session |
| csrf_token | Essential | Security (CSRF protection) | Session |
| preferences | Functional | User preferences (theme, language) | 1 year |
| analytics_id | Analytics | Anonymous usage statistics | 1 year |
Essential cookies are required for the Service to function. Analytics cookies are only set with your consent.
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The "Last Updated" date at the top of this page indicates the most recent revision.
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
Neuravant AI Limited — Data Protection
Email: privacy@neuravant.ai
Website: neuravant.ai