// privacy policy

Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for processing your personal data is the operator of the NeoGo service. Contact us at: [email protected].

2. Data We Collect

  • Email address — provided at signup, used for authentication and service communications.
  • Telegram ID — provided voluntarily for two-factor authentication.
  • Payment data — processed by Stripe. We do not store card numbers or bank details.
  • Third-party API keys — provided voluntarily for integration with external services (e.g. Google Ads, Meta Ads). Stored encrypted.
  • Usage data — access logs, IP address, and service interactions, collected automatically for security and diagnostics.

3. Purpose of Processing

  • Authentication and account access control
  • Delivery of the contracted service (AI agent automation)
  • Payment processing and subscription management
  • Transactional communications (confirmations, security alerts)
  • Security, fraud prevention, and technical diagnostics

4. Legal Basis

Your data is processed under the following legal bases under Brazil's LGPD (Law 13.709/2018):

  • Contract performance — to provide the service.
  • Consent — for marketing communications, where applicable.
  • Legitimate interest — for security, fraud prevention, and service improvement.

5. International Data Transfers

Data is processed and stored on servers located in the United States of America. This transfer is necessary for service delivery and is carried out with appropriate safeguards.

6. Data Sharing

Your data is never sold. We may share it with:

  • Stripe — payment processing.
  • Telegram — bot-based authentication.
  • Infrastructure providers — hosting and technical services required for operation.

All third parties are bound by contractual data protection obligations.

7. Data Retention

Data is retained while the account is active. Upon account closure, data is deleted within 90 days, unless a longer retention period is required by law.

8. Your Rights

You have the following rights regarding your personal data:

  • Confirmation of processing
  • Access to your data
  • Correction of incomplete or inaccurate data
  • Deletion of unnecessary data
  • Data portability
  • Withdrawal of consent
  • Objection to processing

To exercise your rights, contact: [email protected].

9. Cookies

We use strictly necessary session cookies for authentication. We do not use tracking or advertising cookies.

10. Security

We implement technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS), encryption of sensitive data at rest, and strict access controls.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated by email at least 15 days in advance.