Legal

Privacy Policy

Last updated: June 5, 2026

Who we are

Neruva is a product of Clouthier Simulation Labs (“we”, “us”). We can be reached at info@neruva.io.

What we collect

  • Account info — email, display name, and (for paid plans) billing details handled by our payment processor. We do not see your full card number.
  • Your documents — files you upload are processed for extraction. Extracted text and fields are stored in your secure account. Original files are stored temporarily for preview.
  • Operational metadata — timestamps, request counts, latency, error rates. Used to operate the service and keep it healthy.

What we do not collect

  • We only process documents you explicitly upload. We do not access files on your device or scan your system.
  • We do not track you across the web, do not run third-party advertising, and do not sell or share personal data with data brokers.
  • We do not train AI models on your data. Not now, not later.
  • We use proprietary AI models to extract data from your documents. Your documents are processed securely and are never used for AI model training.

How we use what we collect

  • To extract, store, and search your documents.
  • To bill you correctly and prevent abuse.
  • To debug failures and improve the service.
  • To contact you about your account (security, billing, outages). We do not send marketing email without opt-in.

Where your data lives

Records are stored encrypted at rest on Google Cloud (us-central1) and travel only over TLS 1.2+ in transit. Tenant isolation is the strictest invariant in our codebase — every query is scoped to your account, and no code path lets one account read another's data.

Uploaded files are stored in Google Cloud Storage with signed URLs for secure preview access. Files are isolated per account and never shared across tenants.

How long we keep it

Records persist until you delete them, or until any TTL you set expires. Operational logs (request metadata) are retained for up to 90 days for debugging and abuse prevention, then deleted. Billing records are retained for 7 years to satisfy tax law.

If you delete your account, we delete all of your records and personal data within 30 days, except where retention is required by law (billing receipts).

Your rights

You can, at any time, from the dashboard or via API:

  • Export every record we hold about you as a portable .neruva file.
  • Forget records by predicate — by tag, time range, kind, or id.
  • Delete your account, which forgets everything.
  • Object to processing, request correction, or file a complaint with your data protection authority.

To exercise these rights, use the in-app controls or email info@neruva.io. We respond within 30 days.

Subprocessors

We use these third parties to run the service:

  • Google Cloud Platform — hosting (Cloud Run, us-central1), object storage (GCS), TLS termination, default encryption at rest (AES-256).
  • Firebase Authentication — sign-in (Google OAuth + email/password).
  • Firestore — operational metadata (API keys, tenant config, op-log, billing-related counters).
  • PayPal — payment processing. Card details never reach our servers.
  • Resend — transactional email (security alerts, billing receipts, account notifications). No marketing email without opt-in.

AI processing: Neruva uses proprietary multi-model AI for document extraction. Documents are processed securely and are never used for AI training.

Children

Neruva is not directed to children under 13. If we learn we have collected data from a child under 13, we delete it.

Changes to this policy

If we materially change how we handle your data, we will notify you by email and update the “Last updated” date at the top of this page.

Contact

Privacy questions: info@neruva.io.
Security reports: info@neruva.io.