Privacy Policy

1. Our Commitment

At Neuroactor, we understand that privacy is sacred — especially when it comes to a topic as intimate as mental health. This Privacy Policy describes how we collect, use, store, and protect your personal information, in compliance with the General Data Protection Law (LGPD - Law No. 13.709/2018) and international best practices.

Every byte of information you entrust to us is treated as a vote of confidence. And trust, as we know, is the foundation of any therapeutic relationship — even simulated ones.

2. Data We Collect

2.1 Registration Data

When you create an account, we collect:

• Email address (for authentication and essential communications)
• Name (when provided via social authentication)
• Profile photo (when provided via Google OAuth)

2.2 Usage Data

During your learning journey, we record:

• Personas created and their settings (diagnoses, personality, history)
• Conversation history with simulated personas
• Duration and frequency of study sessions
• Educational reports generated

2.3 Technical Data

To ensure proper platform operation:

• IP address (anonymized for analysis)
• Browser and device type
• Language preferences
• Error logs (for technical improvements)

3. Purpose of Processing

We use your data to:

• Provide the service: allow persona creation, simulations, and reports
• Personalization: adapt the learning experience to your preferences
• Security: protect your account and prevent misuse
• Continuous improvement: enhance our simulations and methodologies
• Communication: send important updates about the service

Your data are tools for your own learning. We do not use them to create commercial profiles, we do not sell them, we do not trade them for any currency other than that of shared knowledge.

4. Storage and Security

Your data is stored on secure servers provided by Supabase, using encryption in transit (TLS/SSL) and at rest. We implement:

• Row Level Security (RLS): each user accesses only their own data
• OAuth 2.0 authentication with trusted providers
• Session tokens with automatic expiration
• Regular backups with limited retention

Digital security is like therapeutic confidentiality: it is not just a legal obligation, but an ethical imperative. We treat your data with the same secrecy that a psychologist treats their patient's words.

5. Data Sharing

Your data may be shared only under the following circumstances:

• Service providers: Supabase (database), Google (authentication and AI), Vercel (hosting)
• Legal obligation: when required by law or court order
• Protection of rights: to defend our legal rights or investigate violations

We never sell, rent, or commercialize your personal data. Your learning is not merchandise.

6. Your Rights

In compliance with LGPD, you have the following rights:

• Access: know what data we have about you
• Correction: correct incomplete or inaccurate data
• Anonymization: request that data be anonymized
• Elimination: delete your personal data
• Portability: receive your data in structured format
• Revocation: withdraw previously provided consents
• Information: know with whom we share your data

To exercise any of these rights, simply contact us. Autonomy over your data is as important as autonomy over your mind.

7. Cookies and Similar Technologies

We use essential cookies for:

• Maintaining your authenticated session
• Remembering your language preferences
• Ensuring application security

We do not use advertising tracking cookies or invasive analytics. The only traces that interest us are those of knowledge — and those you take with you.

8. Data Retention

We retain your data for as long as necessary to:

• Provide the service while your account is active
• Comply with legal obligations (up to 5 years after account closure)
• Resolve disputes and enforce our agreements

After account deletion, your data is removed within 30 days, except when retention is legally necessary. What you learned, however, remains forever.

9. Minors

Neuroactor is intended for users 18 years of age or older. We do not intentionally collect data from minors without parental consent. If we become aware that we have collected data from a minor without adequate authorization, we will take measures to delete such information promptly.

10. Changes

This policy may be updated periodically to reflect changes in our practices or applicable legislation. Significant changes will be communicated through platform notification or email. We recommend regular review of this document — self-knowledge includes knowing how your data is treated.

11. Contact

To exercise your rights, clarify doubts, or report privacy concerns, we are available:

12. Legal Basis

The processing of your personal data is based on the following legal bases of LGPD:

• Consent (Art. 7, I): for optional data and communications
• Contract execution (Art. 7, V): to provide the contracted service
• Legitimate interest (Art. 7, IX): for improvements and security
• Compliance with legal obligation (Art. 7, II): for mandatory retention