NeuraBayt AI Solutions - On-Device AI Assistant

This Privacy Policy describes how NeuraBayt AI Solutions ("NeuraBayt," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use our Chrome extension (the "Extension") and website at neurabayt.com (the "Website"). Together, the Extension and Website are referred to as the "Service."

We are committed to transparency and to handling your data responsibly. Please read this policy carefully. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for your personal information is:

NeuraBayt AI Solutions(operated by an individual based in India)

Email: support@neurabayt.com

2. On-Device Processing — Our Core Privacy Principle

NeuraBayt's AI features — including text rephrasing, summarization, translation, sentiment analysis, bias detection, and page-level TL;DR — run entirely on your device using Chrome's built-in AI APIs. This means:

✓Your text content is processed locally and never sent to any server.
✓We cannot access, read, or store the content you process through the Extension.
✓The Extension works offline — no internet connection is required for AI features.

The sections below describe only the limited data that we do collect outside of this on-device processing.

3. What Data We Collect

3.1 Account Information

When you create an account, we collect:

Name and email address (via Google Sign-In or email registration)
Account creation date

3.2 Subscription & Payment Data

When you purchase a Pro subscription, we collect:

Subscription plan (monthly or yearly) and status
Transaction identifiers provided by Dodo Payments

We do not collect or store your credit card number, CVV, or full payment instrument details. All payment processing is handled by Dodo Payments, our Merchant of Record. Refer to Dodo Payments' Privacy Policy for details on how they handle payment data.

3.3 Usage Data (Free-Tier Users Only)

A daily count of AI feature uses, stored locally in the Extension and synced to our server solely to enforce the free-tier limit (3 uses per day). Only the total daily usage count is synced, without storing or transmitting the content of your usage.
Pro subscribers have no usage tracking.

3.4 Device & Browser Information

Browser type and version (for compatibility checks)
Operating system

3.5 Extension Local Storage

The Extension stores the following locally on your device using Chrome's secure storage APIs. This data is not sent to our servers:

Authentication tokens (to verify your subscription)
User preferences and selected writing styles

3.6 Content Script Scope

The Extension runs a content script on web pages. This script is used only for:

Enabling the right-click context menu for AI features on selected text
Syncing your subscription token when you visit the NeuraBayt website

The content script does not read, collect, or transmit page content, browsing history, or personal information from the websites you visit.

3.7 Data We Do NOT Collect

❌ Text you process through the Extension
❌ Browsing history or page content from websites you visit
❌ Keystrokes, screenshots, or clipboard data
❌ Location data
❌ Advertising identifiers

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR and equivalent frameworks:

Data Category	Lawful Basis	Explanation
Account info (name, email)	Contract performance	Required to create your account and provide the Service
Subscription & payment data	Contract performance	Required to process your purchase and manage your subscription
Usage count (free tier)	Legitimate interest	To enforce fair-use limits and prevent abuse of the free tier
Device/browser info	Legitimate interest	To ensure compatibility and troubleshoot technical issues
Essential cookies	Legitimate interest	Strictly necessary for authentication and session management

5. How We Use Your Data

We use the collected information to:

Create and manage your user account
Provide, maintain, and improve the Service
Process subscription payments and manage billing
Enforce free-tier usage limits
Send transactional emails (e.g., payment confirmations, subscription changes)
Respond to your support requests
Detect and prevent fraud or abuse

We do not use your data for advertising, profiling, or selling to third parties.

6. Data Sharing & Third-Party Processors

We share personal data only with the following service providers who process data on our behalf or as independent controllers:

Provider	Purpose	Data Shared
Firebase (Google)	Used for authentication, database, and hosting. Google may act as a data processor or independent controller depending on the service.	Email, name, account data
Dodo Payments	Payment processing (Merchant of Record)	Email, name, payment information

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

7. International Data Transfers

Your account data is stored on Firebase (Google Cloud) infrastructure, which may be located outside your country of residence, including outside the European Economic Area (EEA). Google applies Standard Contractual Clauses (SCCs) and other safeguards approved by the European Commission to protect data transferred internationally. For more details, see Google's Data Processing Terms.

8. Data Retention

You can request deletion of your account at any time by contacting us. Upon deletion, your personal data will be permanently removed within 30 days, except where retention is required by law.

We retain your data for the following periods:

Data	Retention Period
Account information	Until you delete your account, plus 30 days for processing
Transaction records	7 years (as required by applicable tax and accounting laws)
Usage statistics (free tier)	Rolling 30-day window
Extension local data	Until you uninstall the Extension or clear browser data

9. Cookies & Tracking

Our Website uses only strictly necessary cookies for authentication and session management. These cookies are essential for the Website to function and cannot be switched off.

We do not use:

Advertising or retargeting cookies
Third-party analytics or tracking scripts (e.g., Google Analytics, Facebook Pixel)
Social media tracking widgets

10. Your Rights

Depending on your location, you may have certain rights regarding your personal data. We honour these rights for all users regardless of jurisdiction.

10.1 Rights Under GDPR (EU/EEA/UK)

If you are in the European Union, EEA, or UK, you have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Request correction of inaccurate or incomplete data
Erasure — Request deletion of your personal data ("right to be forgotten")
Restrict processing — Request that we limit how we process your data
Data portability — Receive your data in a structured, machine-readable format
Object — Object to processing based on legitimate interest
Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal

You also have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu.

We will respond to all rights requests within 30 days.

10.2 Rights Under CCPA (California, USA)

If you are a California resident, you have the right to:

Know what personal information we collect and how we use it
Request deletion of your personal information
Opt out of the sale of personal information — we do not sell personal data
Non-discrimination for exercising your privacy rights

10.3 Rights Under India's DPDP Act

If you are in India, under the Digital Personal Data Protection Act, 2023, you have the right to:

Access a summary of your personal data and processing activities
Request correction and erasure of your personal data
Nominate another person to exercise your rights in the event of your death or incapacity
Seek grievance redressal

10.4 How to Exercise Your Rights

To exercise any of these rights, email us at support@neurabayt.com with the subject line "Privacy Rights Request." We may ask you to verify your identity before fulfilling your request.

11. Security

We implement reasonable technical and organisational measures to protect your data, including:

Encrypted data transmission (HTTPS/TLS)
Firebase's industry-standard security measures
PCI-compliant payment processing through Dodo Payments
Secure local storage via Chrome's storage APIs within the Extension

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

12. Automated Decision-Making

Our Service does not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. The AI features in the Extension operate entirely on your device, and we have no visibility into or control over the output.

13. Children's Privacy

The Service is not intended for individuals under the age of 13 (or the minimum digital consent age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@neurabayt.com, and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a revised "Effective Date" and, where appropriate, through an email or in-app notification. Your continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.

15. Grievance Redressal (India)

In accordance with the Information Technology Act, 2000 and the Consumer Protection (E-Commerce) Rules, 2020:

Email: support@neurabayt.com

Complaints will be acknowledged within 48 hours and resolved within one month from the date of receipt.

16. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Email: support@neurabayt.com