1. Overview
neyostar ("we", "us", or "our") is operated by neyogrid. This Privacy Policy explains what data we collect when you use neyostar.com, how we use it, and your rights regarding that data.
We collect only what is necessary to provide the Service. We do not sell your personal data. We do not use your product context or conversations to train AI models.
2. Data We Collect
Account data
- Email address (used for authentication via one-time code)
- Name (optional, provided during onboarding)
- PM type (role you select during onboarding)
Product & workspace data
- Workspace names and descriptions you create
- Product context documents you upload
- Session messages and AI responses within your sessions
- AI-generated artifacts (PRDs, user stories, etc.) that you save
- AI-extracted product memories — facts, decisions, assumptions, and entities automatically derived from your sessions and stored per workspace
Usage data
- Credit usage and transaction history
- Session activity timestamps
- IP address (used temporarily for rate limiting; not stored long-term)
Communications
- Messages you send via the contact form
- Email correspondence with us
3. How We Use Your Data
- To authenticate your account and maintain your session
- To provide AI responses grounded in your product context (RAG)
- To inject product memory (extracted facts scoped to your workspace) into AI requests to provide contextually consistent responses across sessions
- To track credit usage and enforce plan limits
- To send transactional emails (welcome, OTP codes, billing receipts)
- To respond to support and contact form enquiries
- To monitor service health and debug errors (via Sentry error tracking)
- To understand how users interact with the product in aggregate (via Google Analytics)
- To enforce rate limits and prevent abuse
We do not use your data for advertising, profiling, or any purpose beyond what is listed above.
4. AI Processing
neyostar is powered by AI models provided by Anthropic (Claude). When you interact with any AI capability, your message and relevant product context are transmitted to Anthropic's API to generate a response.
Anthropic processes this data according to their own Privacy Policy. Anthropic's API usage policy does not allow them to use API inputs and outputs to train their models.
The Discover capability uses Tavily for live web search. Search queries derived from your session context may be sent to Tavily to retrieve results.
We do not use your product context, sessions, or AI conversations to train any AI model.
5. Third-Party Services
We use the following third-party services to operate neyostar:
| Service | Purpose | Data shared |
|---|---|---|
| Anthropic | AI response generation | Session messages, product context |
| Supabase | Database & authentication | All user and workspace data |
| Vercel | Application hosting | Web requests, IP addresses |
| Railway | AI agent hosting | Session messages, product context |
| Resend | Transactional email | Your email address, email content |
| Upstash (Redis) | Rate limiting | IP addresses (temporary, not persisted) |
| Tavily | Web search (Discover) | Search queries derived from your session |
| LangSmith | AI session tracing (debugging) | Session traces including message content |
| Sentry | Error monitoring | Error reports, stack traces, page URL at time of error |
| Google Analytics | Usage analytics | Anonymised page views, session counts, browser/device type |
| Razorpay | Payment processing (future) | Billing details when paying |
Each of these providers has their own privacy policy and data processing terms. We choose providers that offer strong data protection commitments.
6. Data Retention
We retain your account and workspace data for as long as your account is active. If you delete your account, we will delete your personal data and workspace content within 30 days, except where we are required to retain it for legal or compliance purposes.
Session data (messages and AI responses) is retained to support session continuity within the product. You can delete individual workspaces and their associated data from within the app at any time.
Rate-limiting data (IP-based counters in Redis) expires automatically within 1 hour.
7. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — request deletion of your account and associated data
- Portability — request your data in a portable format
- Objection — object to certain types of processing
To exercise any of these rights, contact us at hello@neyostar.com. We will respond within 30 days.
8. Cookies
neyostar uses cookies for the following purposes:
- Authentication — session cookies to keep you signed in. Removed when you sign out.
- Analytics — Google Analytics sets cookies to measure aggregate usage patterns (page views, session counts). No personally identifiable information is shared with Google. You can opt out via Google's opt-out tool.
We do not use advertising cookies or tracking pixels.
9. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, please contact us and we will delete it promptly.
10. Security
We use industry-standard security measures including encrypted connections (HTTPS), row-level security on the database, and access controls to protect your data. Authentication uses one-time email codes — there are no passwords to be compromised.
No system is completely secure. If you discover a security vulnerability, please disclose it responsibly to hello@neyostar.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice in the Service at least 14 days before they take effect. The effective date at the top of this page reflects the most recent update.
12. Contact
For privacy questions or to exercise your rights, contact us at hello@neyostar.com or via our contact form.