neuroline
Create account

Privacy Policy

Last updated: March 24, 2026

This Privacy Policy explains how Neuroline processes personal data when you visit our website, create or use an account, manage phone numbers, use connected services, or interact with a Neuroline-powered AI phone receptionist.

It also explains when Neuroline acts as a controller or a processor, how to contact us at contact@neuroline.ai, and the rights and choices available to individuals.

1. Who we are and how to contact us

Neuroline is responsible for the personal data processing described in this Privacy Policy unless a different role is stated for a specific workflow.

You can contact Neuroline about privacy questions, requests, or complaints at contact@neuroline.ai.

If a specific service, agreement, or regulated workflow identifies a different controller, processor, representative, or privacy contact, that more specific notice will apply for that processing activity.

2. Scope and roles

This Privacy Policy covers personal data relating to website visitors, prospective customers, account users, company members, invitees, callers, booking participants, and other individuals whose data is processed through the Neuroline website and platform.

Neuroline generally acts as the controller for website, account, billing, security, vendor-management, and direct business communication data.

When a business customer uses Neuroline to handle calls, bookings, or other workflows for that customer's own organization, that customer will usually decide why the caller data is processed and will usually act as the primary controller for that workflow.

In those customer-configured workflows, Neuroline will often act as a processor or service provider on the customer's behalf, while still acting as a controller for limited operational data needed to secure the platform, prevent abuse, keep billing and audit records, and comply with law.

3. Personal data we process

The categories of personal data we process depend on how the service is used.

  • Identity and account data, such as name, email address, profile image, company role, login events, and authentication or session state.
  • Company and workspace data, such as company names, invitations, member access settings, billing profiles, pricing records, company addresses, and information needed to provision and manage phone numbers.
  • Assistant and configuration data, such as prompts, FAQs, uploaded knowledge content, supported languages, routing settings, scheduling preferences, and integration settings.
  • Communication data, such as password reset messages, verification emails, invitation emails, support interactions, and meeting-planning details.
  • Caller, call, and booking data, such as caller phone number, called number, timestamps, duration, call outcome, recordings, transcripts, summaries, extracted slot values, appointment details, time zone, notes, and calendar references when scheduling is enabled.
  • Technical and security data, such as device or browser metadata, IP-related security signals, audit logs, abuse-prevention data, and cookie or similar-storage identifiers needed to operate and secure the service.

4. How we obtain personal data

  • Directly from you, for example when you create an account, fill in forms, request a demo, contact us, manage your workspace, or connect a third-party service.
  • From your employer, company administrator, or another authorized workspace member, for example when they invite you, assign a role, or configure a workflow that includes your details.
  • From callers and booking participants who interact with a Neuroline-powered phone workflow.
  • From customers who configure prompts, FAQs, booking logic, contact details, and other content for their own use case.
  • From third-party providers and integrations, including telecom, voice AI, calendar, identity, email, hosting, database, and infrastructure providers that help us operate the service.
  • Automatically from your browser or device through cookies, local preferences, security logs, and similar technologies needed to operate, secure, and improve the service.

5. Why we process personal data

  • To provide the website and platform, create and secure accounts, sign users in, manage workspaces, and enforce access controls.
  • To provision and manage phone numbers, route calls, generate transcripts and summaries, and show call and booking outcomes in the dashboard.
  • To power scheduling features, including checking availability and creating, updating, looking up, or cancelling bookings through connected calendar providers.
  • To send essential service messages such as verification emails, password resets, invitations, billing notices, and operational communications.
  • To run customer support, procurement, and business communications.
  • To monitor abuse, detect fraud, investigate incidents, maintain logs, audit platform use, and protect the security, integrity, and reliability of the service.
  • To manage invoicing, taxes, accounting, contractual administration, and other legal or compliance records.
  • To support optional AI-assisted features, such as translation or other configured AI outputs, when a customer or user chooses to use them.

6. Legal bases

The legal basis depends on the specific processing activity and the role Neuroline plays in that context.

  • Performance of a contract or steps at your request before entering into a contract, for example when we create accounts, provide the platform, process bookings you request, or manage a paid workspace.
  • Legitimate interests, for example in securing the platform, preventing abuse, supporting customers, documenting operations, maintaining service reliability, managing vendors, and defending legal claims.
  • Compliance with legal obligations, for example where we must keep tax, accounting, telecom, fraud-prevention, or other mandatory records, or respond to lawful requests from authorities.
  • Consent, where consent is required under applicable law, for example for certain marketing activities, optional integrations, or call-recording or AI-notice scenarios controlled by a customer.
  • When Neuroline acts as a processor on behalf of a customer, the customer's legal basis governs the underlying customer workflow, while Neuroline relies on its own legal bases for limited controller-side processing such as platform security, billing, and compliance.

7. Required data and what happens if you do not provide it

  • Some personal data is required because without it we cannot create or secure an account, provision a number, process a booking, respond to a support request, or provide the requested service.
  • If you do not provide required account, billing, provisioning, or workflow data, we may be unable to create your account, complete the transaction, connect an integration, or deliver the relevant part of the service.
  • Where we ask for optional information, you can generally choose not to provide it, but some features may be less useful or unavailable.

8. How data is shared

We share personal data only where reasonably necessary to operate the service, follow the law, or protect our rights.

  • Telecom and voice providers, including providers such as Twilio and Retell, to provision numbers, route calls, and process voice interactions.
  • Calendar and identity providers, including providers such as Cal.com and Google, when a user or customer chooses to connect those services.
  • Infrastructure, hosting, database, and email providers, including providers such as Convex and Resend, that help us run the application and send essential account communications.
  • Optional AI providers, such as OpenRouter or another configured provider, when a customer or user enables a feature that sends content to that provider.
  • Professional advisers, auditors, insurers, financing or acquisition counterparties, and competent authorities where disclosure is reasonably necessary or legally required.
  • Customers, workspace admins, and authorized users within a customer environment, who may access data generated through their configured workflows.
  • We do not sell personal data as part of Neuroline's core business model.
  • If you want the current vendor or subprocessor information relevant to your use of the service, contact us at contact@neuroline.ai.

9. International transfers

Some service providers and connected services may process or access personal data outside the European Economic Area, even if core application hosting is operated from the Netherlands.

Where that happens, Neuroline will use a lawful transfer mechanism appropriate to the transfer, such as an adequacy decision, Standard Contractual Clauses, or another transfer mechanism recognized under applicable data protection law.

You can contact contact@neuroline.ai to ask which transfer mechanism is relevant to a specific provider relationship or to request more information about the safeguards we rely on.

10. Retention

We keep personal data for no longer than necessary for the purposes described in this policy, subject to legal, contractual, security, and operational requirements.

  • Account, company, and configuration data are usually kept while the workspace remains active and for a limited period afterward if needed for reactivation, dispute handling, or compliance.
  • Verification artifacts, password reset records, and similar authentication data are retained only for the period needed to complete the security flow and are then deleted, expired, or rotated in the ordinary course.
  • Call, transcript, summary, recording, and booking data are usually kept according to the customer's configuration, instructions, or contract, plus any limited period needed for support, security, backup, or legal compliance.
  • Billing, tax, accounting, audit, and fraud-prevention records may be kept for longer where the law or legitimate business controls require it.
  • Backups and system logs may continue to exist for a limited period before they are overwritten or deleted in the normal course of operations.

11. Cookies and similar technologies

Neuroline currently uses cookies and similar technologies primarily for core website and product functions.

  • Authentication and session cookies used to sign users in, keep sessions secure, and manage connected auth flows.
  • Preference storage used to remember language or similar user settings.
  • OAuth and integration state storage used when a user connects third-party services.
  • Short-lived browser or server-side storage used to complete verification, password reset, anti-abuse, or other security-related flows.
  • If we introduce non-essential analytics, advertising, or personalization technologies later, we will update this policy and any related consent flows before using them where the law requires that step.

12. AI-assisted features and automated decisions

Neuroline may use AI-assisted tools to generate call responses, transcripts, summaries, translations, extracted booking details, or other configured outputs.

Neuroline does not market the service as making solely automated decisions about individuals that produce legal effects or similarly significant effects within the meaning of Article 22 GDPR without appropriate human or customer oversight.

If a customer configures a workflow that could materially affect an individual, that customer remains responsible for ensuring an appropriate legal basis, notice, and review process for that workflow.

13. Special category data

Depending on how customers use the service, personal data processed through Neuroline may include health data or other special category data.

Customers are responsible for deciding whether they have a valid legal basis and, where required, an Article 9 condition, to use the service for those types of data and for giving any notices or obtaining any consents required by law.

Neuroline processes special category data only as needed to provide, secure, and support the service and subject to the contractual, technical, and organizational controls applicable to the relevant workflow.

14. Security

We use technical and organizational measures intended to protect personal data against unauthorized access, misuse, loss, alteration, or disclosure.

These measures include access controls, authentication safeguards, logging, vendor controls, and security practices appropriate to the nature of the service and the data involved.

No online system can guarantee absolute security.

15. Your rights and how to exercise them

Depending on your location and the role Neuroline plays in the processing, you may have rights to access, correct, delete, restrict, object to, or port your personal data, and to withdraw consent where processing relies on consent.

You can exercise rights relating to data controlled by Neuroline by contacting contact@neuroline.ai. We may ask for information necessary to verify your identity and understand your request.

If your data was processed because you called or booked with a Neuroline customer, you should usually contact that customer first, because that customer usually decides how that workflow is configured and why the data is processed.

If we receive a request relating to data that a customer controls, we may refer the request to that customer or assist them in responding in accordance with our legal and contractual obligations.

If you are in the EU or the Netherlands, you may also lodge a complaint with your local supervisory authority, including the Dutch Data Protection Authority where applicable.

16. Children

Neuroline is built for business use and is not directed to children. Do not use the service to knowingly collect personal data from children in a way that is unlawful or inappropriate for your use case.

17. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, our vendors, or our processing practices.

If we make a material change, we will publish the updated version on this page and may also provide an additional notice through the service or another appropriate channel.