Privacy Policy

This Privacy Policy governs the manner in which NEON SEED STUDIOS INC ("we," "us," or "our") collects, uses, maintains, and discloses information collected from users of our website (neonseedstudios.com), bespoke software systems, and enterprise integrations (collectively, the "Services").

---

1. Information We Collect

Our business relies on technical integration and operational data flow. As such, we collect information across three primary vectors:

1.1 Information You Provide to Us

When you request a consultation, sign up for a service, or engage us for custom engineering, we collect:

• Identity Data: First name, last name, title, and firm name.
• Contact Data: Email address, telephone number, billing address, and headquarters location.
• Financial Data: Payment card details, corporate bank routing for ACH, and enterprise billing preferences (processed securely via our PCI-DSS compliant third-party payment processors like Stripe).
• Communication Data: Records of your correspondence with our support or engineering teams, including project scope descriptions, API keys (temporarily and securely handled for integration), and operational workflow diagrams.

1.2 Information Automatically Collected

When you navigate through and interact with our Services, we automatically collect specific technical data using cookies, server logs, and tracking pixels:

• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system, and hardware architecture.
• Usage Data: Information about how you use our website and platforms, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

1.3 Client Data Processing (B2B SaaS Context)

In our capacity as a B2B service provider, we frequently process data that our clients (e.g., consultancies, agencies) input into the platforms we build and manage for them. This may include their clients' data, internal metrics, and operational databases. We process this data strictly under the instructions of our clients, acting as a "Data Processor" under the GDPR or a "Service Provider" under the CCPA. The governance of this data is strictly dictated by specific Master Services Agreements (MSAs) and Data Processing Addendums (DPAs).

2. How We Use Your Information

We use the information we collect to operate our business and provide the enterprise-level engineering services you expect. Specifically, we use the data to:

• Provide and Maintain the Service: Including managing your account, engineering custom architectures, and deploying software instances.
• Process Payments: To manage invoicing, subscriptions, and custom project milestone billing.
• Customer Support: To resolve technical issues, respond to inquiries, and provide integration assistance.
• Improvement and Optimization: To analyze usage patterns to optimize API response times, improve UI/UX design, and harden our infrastructure against latency.
• Security and Compliance: To monitor for fraudulent activity, unauthorized access attempts, and to ensure compliance with our Terms of Service and SOC 2 requirements.
• Communications: To send administrative alerts, project updates, technical maintenance notices, and marketing communications (where you have opted in).

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share data with trusted third parties under strict confidentiality protocols to facilitate our business operations:

• Infrastructure and Subprocessors: We utilize top-tier infrastructure providers (e.g., AWS, Google Cloud, Vercel) and operational tools (e.g., Datadog, Sentry) to host and monitor our services.
• Payment Processors: For processing financial transactions securely.
• Business Transfers: In the event that NEON SEED STUDIOS INC is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations (for example, we are required to retain financial transaction records to comply with applicable tax laws), resolve disputes, and enforce our legal agreements and policies. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service.

5. Data Security Protocols

We take security as seriously as our engineering. We deploy a defense-in-depth strategy to protect your data:

• Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
• Access Control: We enforce the principle of least privilege (PoLP). Access to production environments is strictly limited to authorized engineers via secure VPNs and hardware MFA keys.
• Monitoring: Continuous network monitoring, intrusion detection systems, and automated vulnerability scanning are active across our infrastructure.

Despite these extensive measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Data Rights

Depending on your location (e.g., California, European Economic Area), you may have specific rights regarding your personal data:

• The right to access: You can request copies of your personal data.
• The right to rectification: You can request that we correct any information you believe is inaccurate.
• The right to erasure: You can request that we erase your personal data, under certain conditions.
• The right to restrict processing: You can request that we restrict the processing of your personal data, under certain conditions.
• The right to data portability: You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact our privacy team using the contact information provided below.

7. Third-Party Links

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our engineering practices, legal obligations, or service offerings. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this document. For material changes, we will provide an email notification to account holders.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our compliance officer: