Privacy Policy

NeoSDK ("NeoSDK", "we", "us", or "our") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you use our website, platform, API services, compliance tools, and related services (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

We may collect different categories of personal and business information depending on how you interact with NeoSDK.

1.1 Account Information

When you create an account, subscribe to a plan, or use our Services, we may collect:

• First and last name
• Email address
• Password credentials
• Phone number
• Business name
• Mailing address
• Billing address
• Company ownership details
• VAT or tax identification numbers

1.2 API & Technical Usage Data

When you access our APIs or use our platform, we automatically collect:

• API request logs including endpoint, timestamp, and response codes
• IP address and geolocation data
• Browser type, operating system, and device identifiers
• Pages visited, session duration, and clickstream data
• API keys and authentication tokens
• Error logs and performance metrics

1.3 Payment Information

We use third-party payment processors (such as Stripe) to handle transactions. We do not store full payment card numbers. We may retain billing information including the last four digits of your card, expiry date, and billing name for reconciliation purposes.

1.4 Communications

If you contact us by email, support ticket, or chat, we collect the content of those communications, your contact details, and associated metadata to respond and improve our support services.

1.5 Affiliate Program Data

If you participate in the NeoSDK Affiliate Program, we additionally collect referral links, conversion data, payout preferences, and commission history associated with your account.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Services
• Process transactions and send billing communications
• Authenticate users and maintain account security
• Respond to customer support requests
• Send product updates, security notices, and service announcements
• Detect, investigate, and prevent fraudulent or illegal activity
• Comply with legal obligations and regulatory requirements
• Analyse usage patterns to improve performance and user experience
• Manage and pay affiliate programme commissions

We do not sell your personal data to third parties or use it for advertising without your explicit consent.

3. Legal Basis for Processing

Where applicable under the GDPR or similar data protection laws, we process your personal data on the following legal bases:

• Contract performance — to provide the Services you have subscribed to
• Legitimate interests — to improve our products, prevent fraud, and operate our business
• Legal obligation — to comply with applicable laws and regulations
• Consent — where you have given us specific permission (e.g., marketing communications)

4. Sharing of Information

We may share your information with:

4.1 Service Providers

Trusted third-party vendors who help us operate our Services, including cloud infrastructure providers (AWS, GCP), payment processors, email delivery services, and analytics tools. These providers are contractually bound to protect your data and may not use it for their own purposes.

4.2 Compliance & Legal Requirements

We may disclose your information if required by law, court order, or regulatory authority, or if we believe in good faith that disclosure is necessary to protect our legal rights, prevent fraud, or ensure the safety of users.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide reasonable notice and, where required by law, obtain your consent.

4.4 With Your Consent

We may share data with third parties in other circumstances where you have given your explicit consent.

5. Data Retention

We retain your personal data for as long as necessary to provide the Services and comply with our legal obligations. Specifically:

• Account data is retained for the duration of your account plus up to 7 years after closure for regulatory purposes
• API logs are retained for 90 days by default, with extended retention available on request
• Billing and transaction records are retained for 7 years in line with financial regulations
• Support communications are retained for 3 years

You may request deletion of your data at any time, subject to any legal retention obligations that apply to us.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Role-based access controls and least-privilege principles
• SOC 2 Type II certification and PCI-DSS compliance
• Regular penetration testing and vulnerability assessments
• Multi-factor authentication for all internal systems

While we take all reasonable steps to protect your data, no security system is impenetrable. We will notify you in accordance with applicable law if a breach occurs that affects your personal information.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Restriction — request that we limit processing of your data
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at the address below. We will respond within 30 days as required by applicable law.

8. Cookies and Tracking

We use cookies and similar technologies on our website to:

• Maintain session state and authentication
• Remember user preferences and settings
• Analyse traffic and measure feature engagement
• Detect and prevent security threats

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website and platform. We do not use cookies for targeted advertising.

9. International Data Transfers

NeoSDK operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States and the European Economic Area. Where such transfers occur, we use appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission, and we ensure all recipients meet equivalent data protection standards.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify you of material changes by email or by posting a prominent notice on our website. The date at the top of this policy indicates when it was last revised. Continued use of the Services following notification constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer: