Privacy Policy

    Effective date: 5 May 2026

    Service: Neoria, available at www.neoria.io.

    Controller: NEORIA IO LIMITED, a company registered in England and Wales (company number 17146849), registered office at 167–169 Great Portland Street, 5th Floor, London, England W1W 5PF.

    Privacy contact: privacy@neoria.io

    1. About this policy

    This Privacy Policy explains how Neoria collects, uses, stores, shares, and protects personal data when you use our website, account features, advisory tools, simulations, residency-related workflows, billing flows, and related services.

    Neoria is an advisory platform that may process sensitive commercial, relocation, tax-planning, residency, and case-management context. We treat user-linked runtime records such as simulations, chosen setups, residency cases, checklist items, profiles, and customer/advisor relationships as high-sensitivity data.

    2. Personal data we collect

    Depending on how you use Neoria, we may collect the following categories of personal data.

    Account and authentication data

    • Name, email address, login identifiers, authentication status, and account metadata.
    • OAuth details if you sign in using Google.
    • Email-delivery metadata needed to send authentication and account emails.

    Profile, preference, and advisory data

    • Profile information you provide in the product.
    • Inputs used to generate simulations, residency-pathway analysis, advisory recommendations, or country comparisons.
    • Chosen setups, saved simulations, user selections, and scenario assumptions.
    • Residency cases, residency checklist items, case status, and related workflow information.
    • Partner, advisor, customer, or enterprise-linked context where those features are used.

    Billing and subscription data

    • Subscription tier, plan, billing status, current billing period, cancellation status, trial status, and payment-provider customer/subscription identifiers.
    • Payment card details are processed by our payment provider and should not be stored directly by Neoria.
    • Invoice, tax/VAT, renewal, cancellation, and payment status data received from the billing provider.

    Communications and support data

    • Messages, support requests, feedback, and operational communications you send to us.
    • Records of account, authentication, billing, and service-related emails.

    Technical and usage data

    • Device, browser, log, diagnostic, and security data.
    • Session, request, and event data needed to operate, secure, debug, and improve the service.
    • Admin and audit logs where needed for security, governance, or operational integrity.

    3. How we use personal data

    We use personal data to:

    • Provide and operate the Neoria service.
    • Create and manage accounts and authentication.
    • Generate simulations, advisory outputs, residency workflows, and saved results.
    • Manage subscriptions, plan access, billing status, trials, cancellation, and customer support.
    • Communicate with you about your account, security, billing, and service updates.
    • Maintain product reliability, security, fraud prevention, abuse prevention, and auditability.
    • Improve the service, including data quality, governance, and product functionality.
    • Comply with legal obligations and enforce our terms.

    4. Legal bases for processing

    Where GDPR or similar laws apply, we rely on the following legal bases:

    • Contract: to provide the service, account features, simulations, subscriptions, billing, and support you request.
    • Legitimate interests: to secure, maintain, debug, improve, and protect the service, including fraud prevention, audit logging, and internal governance.
    • Consent: where required, such as optional marketing communications or certain cookies/analytics if enabled.
    • Legal obligation: where we must retain or process data for tax, accounting, regulatory, legal, or dispute-resolution purposes.

    5. Sensitive advisory context

    Neoria may process information that reveals or implies relocation intent, tax-planning intent, entity-setup intent, residency strategy, case-management activity, advisor/customer relationships, or operational history.

    We do not intentionally collect special-category personal data unless you provide it or it is necessary for a feature you choose to use. You should avoid submitting unnecessary sensitive personal information unless it is relevant to the advisory workflow.

    6. AI and external-provider boundaries

    Neoria may use external providers to support selected workflows, such as email delivery, billing, infrastructure, and AI-assisted data processing.

    Sensitive user, customer, or case data should not be sent to third-party AI providers by default unless that use is approved, minimized, documented, and appropriate for the relevant feature or user request.

    Where AI or automated processing is used, outputs may be generated from your inputs and from Neoria's business/reference data. You should review advisory outputs carefully before relying on them for legal, tax, immigration, accounting, investment, or business decisions.

    7. How we share personal data

    We may share personal data with:

    • Infrastructure providers that host the frontend, database, authentication, edge functions, storage, logging, and security systems.
    • Authentication and email providers used to sign users in and deliver account/security emails.
    • Billing providers used to process subscriptions, invoices, tax/VAT, payment status, renewals, cancellations, and customer billing portals.
    • AI or data-processing providers where required for approved product workflows and subject to minimization controls.
    • Advisors, partners, enterprise customers, or team members where you use features that intentionally involve those parties.
    • Professional advisers, legal authorities, or regulators where required to protect rights, comply with law, resolve disputes, or enforce agreements.

    Current subprocessors

    Our core subprocessors today are:

    • Amazon Web Services (AWS) — frontend hosting (S3 + CloudFront), supporting infrastructure, and content delivery. Provider: Amazon Web Services EMEA SARL / Amazon.com, Inc.
    • Supabase — managed Postgres database, authentication, row-level security, edge functions, and storage. Provider: Supabase, Inc.

    We update this list as our subprocessors change. If you would like the current full list (including any billing, email-delivery, or AI provider used for approved workflows), contact privacy@neoria.io.

    We do not sell personal data.

    8. International transfers

    Neoria may use service providers located in different countries. Where personal data is transferred internationally, we use appropriate safeguards where required, such as standard contractual clauses or equivalent transfer mechanisms.

    For details about hosting regions, provider regions, and the specific transfer mechanisms in use for your data, contact privacy@neoria.io.

    9. Security

    Neoria uses technical and organizational measures designed to protect personal data, including company-controlled infrastructure, Supabase authentication, database row-level security, edge-function boundaries, role-based / admin controls, signed webhook verification where applicable, and operational security reviews.

    No service can guarantee absolute security. You are responsible for keeping your login credentials secure and for using the service only through trusted devices and networks.

    10. Data retention

    We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including providing the service, maintaining account records, supporting billing and tax obligations, complying with legal requirements, resolving disputes, and protecting the service.

    Retention periods may differ by category, including:

    • account and profile data,
    • simulations and chosen setups,
    • residency cases and checklist items,
    • subscription and billing records,
    • support communications,
    • technical logs,
    • staging, backup, and rollback data.

    For the specific retention period that applies to your data, or to request deletion under your rights below, contact privacy@neoria.io.

    11. Your rights

    Depending on where you live, you may have rights to:

    • access your personal data,
    • correct inaccurate data,
    • delete your data,
    • restrict or object to processing,
    • request portability of your data,
    • withdraw consent where processing is based on consent,
    • complain to a data-protection authority.

    To exercise your rights, contact us at privacy@neoria.io. We may need to verify your identity before responding.

    12. Marketing communications

    If we send marketing communications, you may opt out using the unsubscribe link in those messages or by contacting us. We may still send transactional or service-related messages, such as account, security, billing, or legal notices.

    13. Cookies and similar technologies

    Neoria may use cookies or similar technologies for authentication, security, preferences, analytics, and product operation.

    For details about the specific cookies and analytics tools currently in use and their categories, contact privacy@neoria.io.

    14. Children's privacy

    Neoria is not intended for children. We do not knowingly collect personal data from children under the applicable threshold (13 or 16 depending on jurisdiction). If you believe a child has provided personal data, contact us so we can take appropriate action.

    15. Changes to this policy

    We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as by posting an updated policy, updating the effective date, or sending a notice where appropriate.

    16. Contact

    For privacy questions or requests, contact:

    NEORIA IO LIMITED (company number 17146849)

    167–169 Great Portland Street, 5th Floor, London, England W1W 5PF, United Kingdom

    privacy@neoria.io