NEPTUNE TECHNOLOGIES INC.
Effective Date: January 1, 2025
Last Updated: March 2026
This Privacy Policy explains how Neptune Technologies Inc. ("Neptune," "we," "our," or "us") collects, uses, discloses, and safeguards your personal data when you use our websites, services, or platforms (collectively, the "Services"). This includes Neptune Forge, Neptune Odyssey, and any AI services we host, deploy, or integrate commercially.
This policy applies when Neptune is the data controller. Where we act solely as a data processor for a commercial customer (e.g., if your employer provides you with access), their privacy policy will govern.
1. Information We Collect
1.1 Data You Provide Directly
Identity: Name, email, phone, company, title
Account credentials
Payment and billing data
Inputs into AI systems (e.g., prompts)
Feedback, support tickets, or surveys
1.2 Data We Collect Automatically
Device, IP, and browser metadata
Usage data (pages visited, features used)
Logs and diagnostic information
Cookies and tracking data (see Cookie Policy)
1.3 Data from Third Parties
Business partners or integrations
Public sources or authorized providers
1.4 Model Training Data Neptune does not use customer data for model training or fine-tuning unless explicitly requested by the customer and governed by a separate written Data Use Agreement. There is no default opt-in for training through account settings or platform use. See our AI Model and Data Use Notice for full details on how training engagements are structured and governed.
2. How We Use Your Data
To provide, secure, and improve the Services
To support your account and usage
For communication, research, and analytics
To comply with legal obligations
To develop new products and features
We do not sell, share, or rent your data for marketing purposes. AI-generated outputs are produced by AI models and do not represent Neptune's views or advice.
3. Sharing and Disclosure
We may share your data with:
Our affiliates and service providers under strict confidentiality and security obligations, contractually bound by Data Protection Agreements (DPAs) or equivalent legal instruments
Third-party model providers where your deployment uses a third-party foundation model (e.g., Anthropic Claude, OpenAI). In these cases, data submitted through your deployment is transmitted to the relevant provider as a sub-processor, in accordance with their data handling terms. Neptune maintains a list of active sub-processors and will make it available upon request
Partners, only with your consent
Authorities, if legally required
Acquirers, in M&A or corporate transitions, with appropriate protections
For third-party model deployments, Neptune will disclose which providers are in use for your specific deployment configuration. You are responsible for reviewing the applicable upstream provider's privacy and data terms before submitting sensitive or personal data through such deployments.
4. Data Rights and Choices
Depending on your location, you may have rights to:
Access or correct your data
Delete your data
Object to or restrict processing
Port your data elsewhere
Withdraw consent
The specific rights available to you, and applicable response timeframes, depend on your jurisdiction. Key frameworks include:
EU residents have rights under the General Data Protection Regulation (GDPR), with responses required within 30 days
California residents have rights under the California Consumer Privacy Act (CCPA)
Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD)
You may exercise any of these rights by contacting us at privacy@neptunetechnologies.com. Neptune will respond within the timeframe required by applicable law, and in no event later than 30 days from receipt of a verified request.
5. Data Security
We implement physical, administrative, and technical safeguards to protect your data, including adherence to industry standards such as SOC 2 and ISO 27001 where applicable. However, no system is entirely immune to breaches. If a breach occurs, we will notify you within 72 hours, or as required by applicable law, and provide relevant details and steps we are taking to mitigate any risks.
6. Data Retention
We retain data as long as necessary for the purposes listed in this policy or to comply with legal requirements. For example, account-related data is typically retained for up to 7 years after termination for audit and legal compliance, while AI input data is retained for a maximum of 90 days unless otherwise contractually agreed. Upon request or account deletion, data is securely deleted or anonymized.
7. International Data Transfers
Data may be stored in the U.S. or other jurisdictions. Where required, we use Standard Contractual Clauses (SCCs) or other transfer mechanisms approved under relevant data protection laws to ensure your data is protected regardless of where it is processed.
Where your deployment uses a third-party model provider (e.g., Anthropic, OpenAI), data transferred to those providers for processing is covered by those providers' own approved transfer mechanisms. Neptune will provide information about the transfer mechanisms applicable to your deployment upon request.
8. Children's Data
Our Services are not intended for children under 18. We do not knowingly collect children's data. If we become aware of such data, we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. For material changes, we will notify you at least 30 days before changes take effect via email or account notification. Continued use of the Services after that period constitutes acceptance of the updated policy.
10. Contact Us
Neptune Technologies Inc. privacy@neptunetechnologies.com
If you have questions or wish to exercise data rights, please contact our Privacy Officer at the address above.
Last Updated: March 2026