Privacy Policy

    Neura Parent

    Last updated: July 6, 2026

    Previous version: May 30, 2026

    1. Summary (at a glance)

    This is a quick read of what matters most. The full policy follows.

    • Who we are. Neura Parent LLC, a Connecticut company. We make an app that helps parents of neurodivergent children reflect on and respond to what's happening with their kids.
    • What we collect. Your email and password, what you write in check-ins (about yourself or your child), basic device info, and product analytics.
    • Children are not users. Only parents have accounts. Information about a child is entered by the parent. We do not ask for diagnoses; if you choose to share medical or neurodivergence information in a check-in, we treat that with the higher protections required for sensitive data.
    • AI processing. We use OpenAI to generate responses. Under OpenAI's standard API terms, your check-in text is not used to train their models. OpenAI may retain API submissions for up to 30 days for abuse-monitoring and debugging, after which the data is deleted.
    • Voice input. When you use voice input, your audio is processed by your device or your browser's speech provider (Apple, Google, or another browser vendor, depending on your platform) — Neura never receives or stores the audio itself, only the resulting text.
    • We never sell your data. Not now, not ever.
    • Aggregate insights, never your words. We may use de-identified, aggregated patterns — never anything that could identify you or your child, and never verbatim quotes from your check-ins — to create research, educational, and marketing content. See section 5.5.
    • Your rights. Depending on where you live, you can access, correct, delete, port, restrict, or object to processing of your data. See section 12.

    2. Who we are and how to contact us

    Neura Parent LLC ("Neura," "we," "us," "our") is the data controller for your personal information.

    • Legal entity: Neura Parent LLC, a Connecticut limited liability company
    • Registered address: 1298 Hartford Tpke, Apt 2A, North Haven, CT 06473
    • Contact for all questions, including privacy and data rights: support@neuraparent.com

    2.1 Data protection lead

    Neura does not currently have a formal Data Protection Officer. Allison Dickin is the designated point of contact for all privacy matters and can be reached at support@neuraparent.com.

    3. Scope of this policy

    This policy applies to your use of the Neura app (web, iOS, Android) and the neuraparent.com website. It applies to users in the United States, United Kingdom, European Economic Area, Australia, and Canada.

    If you are accessing Neura from another country, your data will be transferred to and processed in the United States, where our hosting infrastructure is located.

    4. Information we collect

    4.1 Information you give us directly

    CategoryExamplesWhen collected
    Account infoEmail address, password (hashed)At signup
    Child entity infoYour child's first name or nickname, birth year, optionally birth monthDuring onboarding
    Check-in contentWhatever you type or speak when checking in about your child or yourselfEach time you use the app
    Subscription / billing infoPayment method handled by Stripe; we receive a Stripe customer ID and your subscription status onlyAt paid conversion

    4.2 Information we generate from your use

    CategoryWhat it is
    AI responsesText generated by our AI system in response to your check-ins
    Child profile (longitudinal memory)An evolving summary of your child built from your check-ins over time, used to make future AI responses more relevant
    Parent profile (longitudinal memory)An evolving summary of your parenting goals and support needs, built from your check-ins over time, used to make future AI responses more relevant
    InsightsAI-generated summaries of patterns across your check-ins

    4.3 Information collected automatically

    CategoryExamples
    Device and technical infoDevice type, operating system, browser type, app version, language, IP address
    Usage analyticsPages and screens viewed, buttons tapped, features used, session timestamps
    Push notification tokensIssued by Apple or Google to deliver notifications to your device, only if you enable them

    4.4 Sensitive / special-category information

    We do not solicit information about your child's diagnoses, neurodivergence, medical conditions, religion, sex life, or other categories that are treated as "special" under EU/UK GDPR or "sensitive" under US, AU, and CT laws.

    However, because Neura uses open-text check-ins, parents sometimes voluntarily share this information. When you do, we treat that information as special-category / sensitive data and process it only under your explicit consent collected at onboarding step 3 (see section 5.2).

    The kinds of voluntarily-shared information that may fall into this category include:

    • Mentions of diagnoses (autism, ADHD, PDA profile, anxiety, dyspraxia, etc.)
    • Mentions of medications or therapies
    • Mentions of your child's behavior in ways that could be considered health information
    • References to religion, ethnicity, or other protected characteristics

    You can avoid sharing this information by keeping it out of your check-in text. If you have already shared such information and want it removed, contact support@neuraparent.com.

    4.5 Voice input

    If you use the voice-input feature to dictate a check-in, your audio is processed by a speech-recognition service determined by your platform:

    • iOS app: Apple's on-device speech recognition (audio typically stays on your device for supported languages on iOS 13+)
    • Android app: Google's speech recognition service (audio is transmitted to Google for transcription)
    • Web browser (Chrome, Edge, and most Chromium browsers): the browser's Web Speech API, which transmits audio to Google's servers for transcription
    • Web browser (Safari): Apple's web speech recognition, which may transmit audio to Apple's services

    In all cases, the audio is never received by or stored by Neura. Only the resulting text — what your device or browser transcribes your speech into — is sent to Neura. Apple's and Google's handling of voice input is governed by their respective privacy policies and is independent of Neura.

    If you would prefer that your voice audio never leave your device, use typing instead of voice input, or use the iOS app where on-device processing is the default.

    5. How we use your information, and our lawful basis

    5.1 Lawful basis under GDPR (Article 6)

    For users in the UK and EU, we process your data under the following lawful bases:

    What we doLawful basis
    Create and maintain your account; authenticate youPerformance of a contract (Art. 6(1)(b))
    Process check-ins and generate AI responsesPerformance of a contract (Art. 6(1)(b))
    Build longitudinal child memory and generate insightsPerformance of a contract (Art. 6(1)(b))
    Charge subscriptions and process paymentsPerformance of a contract (Art. 6(1)(b))
    Send transactional emails (e.g., account, billing, security)Performance of a contract (Art. 6(1)(b))
    Improve the product through analyticsLegitimate interest (Art. 6(1)(f)) — balancing test documented internally
    Send marketing emails, if anyConsent (Art. 6(1)(a)); you can withdraw at any time
    Comply with law and protect our rightsLegal obligation (Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f))

    5.2 Lawful basis for special-category / sensitive data (Article 9)

    To the extent that check-ins contain information that qualifies as special-category data under Article 9 (health information, religious belief, etc.), we process that data only under your explicit consent, which we collect during onboarding step 3 with an unchecked-by-default checkbox. Without that consent, you cannot use the check-in features of the app.

    You can withdraw this consent at any time by contacting support@neuraparent.com or by deleting your account. Withdrawing consent will not affect processing that took place before withdrawal but will require us to stop further processing and, on request, delete the data.

    5.3 Lawful basis for California, Connecticut, and other US state law

    For users in US states with privacy laws, the equivalent legal bases are documented in section 12.

    5.4 Lawful basis for Australia

    For users in Australia, we collect and use your information in accordance with Australian Privacy Principles 3 and 5. We collect sensitive information only with your consent (see section 5.2).

    5.5 Secondary use of de-identified, aggregated data

    We want to share what we learn — in the aggregate — to help the wider community of parents raising neurodivergent children, and to explain what Neura does. To do that, we may use de-identified and aggregated data drawn from how the Service is used to produce research, educational, and marketing content (for example, articles, reports, blog posts, and summary statistics).

    The following are firm commitments, not aspirations:

    • Aggregate patterns and statistics only. Anything we publish describes groups, trends, and patterns across many families. It is produced from data that has been stripped of identifiers and combined so that it does not relate to any one person.
    • Never verbatim quotes — and never a single case. We do not publish the words you write in your check-ins, the AI response generated from them, or any reconstruction of one person's situation — not even "anonymized" or paraphrased excerpts. Free-text and the responses derived from it describe a real family moment that can re-identify a person even with names removed, so we exclude them entirely from any published content.
    • Outputs can never identify a child or a family. Published content cannot be used, on its own or combined with other information we hold, to single out, contact, or re-identify you or your child.
    • Big enough groups only. We publish statistics only where the underlying group is large enough that no individual can be singled out, and we do not combine narrow filters (for example, location plus diagnosis plus topic) in a way that shrinks a statistic down to a handful of people. Small-number results are suppressed.
    • Real quotes require your separate, explicit consent. If we ever want to use something you actually wrote, we will ask you first through a clear, optional opt-in. You are never opted in by default, and declining has no effect on your use of the Service.
    • How de-identification works. Before any data is used for this purpose, direct and indirect identifiers are removed and the data is aggregated so that individuals cannot be singled out or re-identified. We treat this de-identification standard as the safeguard that makes this use safe; truly anonymized, aggregated outputs are no longer personal data about you or your child.

    6. Artificial intelligence

    Neura is an AI-assisted product. The following applies:

    6.1 You are interacting with AI

    When you submit a check-in, the response is generated by an AI system, not by a human. This is intentional and is the core of the product. We disclose this transparently both in this policy and within the app itself, in line with Article 50 of the EU AI Act.

    6.2 The AI system we use

    We use OpenAI's GPT-5.1 model. OpenAI is a third-party processor (see section 7) that runs the model and returns responses to us. We do not host or train any AI model ourselves.

    6.3 No training on your data

    Under OpenAI's standard API terms (which apply to all API customers), OpenAI does not use API submissions, including your check-in text and your child's profile data, to train OpenAI's models.

    6.4 OpenAI's data retention

    Under OpenAI's standard API retention policy, OpenAI may retain API submissions for up to 30 days for the purposes of abuse-monitoring and debugging, after which the data is deleted from OpenAI's systems.

    6.5 Risk classification under the EU AI Act

    We have self-assessed Neura as a limited-risk AI system under the EU AI Act. The product:

    • Does not engage in any of the prohibited practices listed in Article 5
    • Is not classified as high-risk under Annex III
    • Includes the transparency disclosures required by Article 50

    6.6 Not medical advice

    Neura is not a medical device, not a diagnostic tool, and not a substitute for professional clinical care. AI-generated responses are educational and supportive; they are not medical, psychological, or therapeutic advice. Always consult qualified healthcare professionals for clinical concerns.

    7. Who we share data with

    We do not sell your personal information. We share data only with the third-party service providers ("processors") listed below, each under a written data processing agreement.

    ProcessorRoleData exposedLocation
    OpenAI, LLCAI model inference, embeddingsYour check-in text, child profile dataUnited States
    PostHog, Inc.Product analyticsEvent metadata about how the app is used; configured to exclude identifying informationUnited States (EU data residency available)
    Resend, Inc.Transactional email deliveryYour email address, content of transactional emailsUnited States
    Google LLC (Firebase Cloud Messaging)Push notification deliveryDevice push token, notification contentUnited States
    Stripe, Inc.Subscription billingEmail address, billing details (Stripe holds card data, not Neura)United States
    Replit, Inc.Application hosting and managed databaseAll data we store (at rest and in transit). Replit uses Neon as its sub-processor for the Postgres database.United States
    Anthropic, PBCAI-assisted analysis tooling used internally by Neura's founder for product-quality review and improvement (e.g., reviewing AI response quality). Not used in the normal product flow.Pseudonymized check-in text and AI response text, exported for analysis. No email, parent name (as a stored field), child name (as a stored field), date of birth, or payment information is sent. Check-in text may incidentally contain a child's first name written by the parent.United States
    Apple Inc. / Google LLCSpeech-to-text for voice input. iOS uses Apple's on-device speech recognition (audio typically stays on the device). Android uses Google's speech recognition (audio is transmitted to Google). Chrome and most Chromium web browsers use the Web Speech API, which transmits audio to Google. Safari may transmit audio to Apple. Neura does not invoke these services directly; they are platform features the user's device or browser provides.Voice audio handled by Apple or Google depending on platform; not received by Neura. Only the resulting text reaches Neura.On-device or US
    Functional Software, Inc. (Sentry)Application error monitoring and performance debuggingError messages and stack traces; device and browser context (OS, browser type, app version); pseudonymized internal user ID; IP address; trail of events leading to the error ("breadcrumbs"). Configured with scrubbing rules to redact check-in content, child profile data, and other sensitive fields before transmission.United States

    We may also disclose data:

    • To law enforcement or regulators if legally required (subpoena, court order, valid legal process)
    • To professional advisors (lawyers, auditors, insurers) under confidentiality obligations
    • In the event of a sale or restructuring of Neura, in which case we would notify you and offer you a chance to delete your data before transfer

    We will never share data with advertisers or data brokers, and we do not engage in advertising based on your data or your child's data.

    7.1 Parent-initiated sharing

    Within the app, you can choose to share specific in-product content — such as a check-in response, a weekly snapshot, or a profile summary of your child — outside Neura. You might do this to coordinate with a co-parent, a teacher, a clinician, or to share something supportive on social media. Sharing is initiated by you and is never automatic.

    Before sharing, you choose whether to include your child's name or to anonymize the content. We strongly recommend anonymizing whenever you are sharing publicly or with anyone outside your child's immediate care circle.

    Shared content is delivered as a link to a private page. The link contains a long random token so that the page is not publicly discoverable, but anyone who has the link can view the page while it is active, and we cannot control what recipients do with the content after they receive it — including saving a screenshot or copy.

    Share links automatically expire 7 days after they are created. After that point, the page is no longer accessible. If a recipient saved a copy before the link expired, that copy remains with them; you should treat any shared content as potentially permanent once it has been viewed.

    8. Children's data — specific protections

    This section applies to information about children under the age of 13 (United States, COPPA), under 16 (most EU member states), and under 18 (UK Children's Code). The exact age cutoffs vary by law; we apply the protections of the strictest applicable framework.

    8.1 Children do not have accounts

    Only parents and legal guardians create accounts. Children do not log in to Neura, do not interact with Neura directly, and cannot create profiles of their own.

    8.2 Verifiable parental consent (COPPA)

    Because parents enter information about their own children, the COPPA verifiable parental consent requirement is satisfied through the account creation process: only the parent or guardian can create an account, agree to this policy, and add information about their child. By doing so, you affirm that you are the parent or legal guardian and that you consent to the processing of your child's information as described here.

    8.3 Information we collect about children

    The only information we ask for about a child is:

    • First name or nickname
    • Year of birth; month of birth optionally (used solely to compute age)

    We do not ask for the child's last name, address, photograph, email, phone number, school, or any other contact information.

    8.4 Information you may volunteer about your child

    If you share additional information about your child in open-text check-ins (e.g., diagnoses, behaviors, health information), we treat that information as special-category / sensitive data under the explicit consent collected at onboarding (see section 5.2).

    8.5 No advertising or behavioral profiling of children

    We never use information about your child for advertising, behavioral targeting, or profiling outside of the in-product features (longitudinal memory and insights) that are the core of the service you signed up for.

    Our own marketing activities — for example, running ads on third-party platforms to attract new parents to Neura — rely entirely on those platforms' own audience-targeting tools (such as interest-based targeting). We do not upload Neura user lists to advertising platforms, create custom or lookalike audiences from our user data, or otherwise use anything we collect about your child to inform advertising decisions on any platform.

    8.6 Parent-initiated sharing of child information

    You can choose, from within the Service, to share specific content (such as a check-in response or a weekly snapshot about your child) with people outside Neura — for example a co-parent, a clinician, or a family member. Before sharing, you choose whether to include your child's name or to anonymize the content first. See section 7.1 for the technical details of how sharing works and our recommendations about when to anonymize.

    8.7 Your rights as a parent (COPPA, UK Children's Code, CT child amendments)

    You have the right to:

    • Review the information we have collected from or about your child
    • Refuse further collection or use of that information
    • Delete the child's information (and the entire account) at any time, in-app or by contacting support@neuraparent.com

    8.8 Age-appropriate design (UK Children's Code)

    We design Neura with the UK Information Commissioner's Office's Age Appropriate Design Code in mind:

    • Data minimization: we collect only what is necessary
    • High-privacy default settings
    • No nudges toward weaker privacy choices
    • No profiling of children for purposes outside the service
    • No behavioral advertising
    • Clear, age-appropriate explanations of how data is used

    9. International data transfers

    We are based in the United States, and our infrastructure (Replit, Neon, OpenAI, PostHog, Resend, Stripe, FCM) is operated primarily in the United States.

    9.1 UK and EU users

    When we transfer your data from the UK or EEA to the United States, we rely on:

    • EU Standard Contractual Clauses (Module 2: Controller to Processor) and, for the UK, the UK International Data Transfer Addendum (IDTA), executed with each of our US-based processors
    • Supplementary measures including encryption in transit and at rest

    9.2 Australian users

    For users in Australia, transfers to the United States are made in accordance with Australian Privacy Principle 8 (Cross-border disclosure of personal information). We take reasonable steps to ensure overseas recipients do not breach the APPs.

    9.3 Canadian users

    For users in Canada, transfers to the United States are made in accordance with PIPEDA, with contractual safeguards in place with each processor.

    10. How long we keep your data

    We retain information only as long as necessary for the purposes described in this policy.

    CategoryRetention period
    Account email and passwordWhile account is active; deleted within 30 days of account deletion
    Child entity (name, age)While the child is associated with an active account; deleted within 30 days of child or account deletion
    Check-in text contentWhile account is active; deleted within 30 days of account deletion
    AI responses, generated child profiles, insightsSame as check-in content
    Subscription / billing recordsRetained per applicable tax and accounting law (typically 7 years) following the last transaction. Card data is held by Stripe, not by Neura.
    Usage analyticsPer PostHog's retention configuration (up to 7 years).
    Push notification tokensUntil you uninstall the app, disable notifications, or delete your account
    Application monitoring data30 days

    10.1 Locked-account retention

    If your free trial ends without you providing payment information, or if you cancel a paid subscription, your account is locked but your data is preserved for 365 days. During that window:

    • You retain read-only access to your existing check-ins, AI responses, child profile, and insights — you can return at any time to see what's there
    • You cannot create new check-ins, receive new AI responses, or use other features that require an active subscription
    • We will send deletion warning emails at day 305 and day 335
    • You can restore full access at any time by entering payment information
    • After day 365, your data is permanently deleted

    11. Data breach notification

    If we experience a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

    • Notify the relevant supervisory authority (e.g., the UK ICO, your EU member-state DPA, the Australian OAIC) within 72 hours of becoming aware of the breach where required by law
    • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms
    • Maintain internal records of all breaches, regardless of notifiability

    12. Your rights

    Your rights depend on where you live. Below are the rights available in each jurisdiction. To exercise any right, contact support@neuraparent.com. We will respond within the timeframe required by law (generally one month under GDPR; 45 days under most US state laws).

    12.1 UK and EU residents (GDPR / UK GDPR)

    • Access: request a copy of your personal data
    • Rectification: correct inaccurate or incomplete data
    • Erasure: request deletion ("right to be forgotten")
    • Restriction: limit how we use your data in certain circumstances
    • Portability: receive your data in a structured, machine-readable format
    • Object: object to processing based on legitimate interests
    • Withdraw consent: where processing is based on consent (including the special-category consent for check-ins)
    • Lodge a complaint with the UK ICO (ico.org.uk) or your EU member-state DPA

    12.2 California residents (CCPA/CPRA)

    • Right to know what personal information we have collected
    • Right to delete personal information
    • Right to correct inaccurate personal information
    • Right to limit the use of sensitive personal information
    • Right to opt out of "sale" or "sharing" of personal information — Neura does not sell or share for cross-context behavioral advertising
    • Right to non-discrimination for exercising these rights

    12.3 Connecticut residents (CTDPA)

    • Right to access, correct, delete, and obtain a portable copy of your data
    • Right to opt out of targeted advertising, sale, and certain profiling
    • Right to appeal a denial of any of the above
    • Universal opt-out signal (e.g., Global Privacy Control): we honor this signal as required by CTDPA

    12.4 Other US state residents (CO, VA, TX, OR, IA, IN, TN, MT, FL, NH, NJ, DE, MD)

    If you live in another US state with a comprehensive privacy law, you have similar rights to those listed above for Connecticut. Contact support@neuraparent.com to exercise them.

    12.5 Australian residents

    Under the Australian Privacy Act and the Australian Privacy Principles, you have the right to:

    • Access your personal information (APP 12)
    • Correct personal information (APP 13)
    • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

    12.6 How to exercise your rights

    Email support@neuraparent.com from the email address associated with your account. We may need to verify your identity. There is no charge for these requests except where they are manifestly unfounded or excessive.

    13. Cookies and similar technologies

    Neura uses a small number of cookies and similar technologies for:

    • Strictly necessary functions (authentication, security, session management)
    • Analytics (PostHog) — to understand how the product is used

    We do not use cookies for advertising or cross-site tracking.

    We honor the Global Privacy Control (GPC) signal: if you enable GPC in your browser or a privacy extension, we automatically turn off analytics for you — no banner click needed. You can verify this by enabling GPC and reloading the page.

    14. Security

    We protect your data with industry-standard safeguards including:

    • Encryption in transit (HTTPS/TLS) and at rest
    • Access controls and authentication
    • Periodic security review of our infrastructure and processors

    No system is perfectly secure. If you suspect your account has been compromised, contact us immediately at support@neuraparent.com.

    15. Changes to this policy

    We may update this policy from time to time. If we make material changes, we will notify you at least 14 days before the changes take effect, by email and via in-app notice. The current version, effective date, and prior version date will always be shown at the top of this page.

    16. Contact us

    • Privacy questions or rights requests: support@neuraparent.com
    • General support: support@neuraparent.com