Privacy Policy

Neruva is a product of Clouthier Simulation Labs (“we”, “us”). We can be reached at info@neruva.io.

• Account info — email, display name, and (for paid plans) billing details handled by our payment processor. We do not see your full card number.
• Records your agents push — typed events (kind + tags + ts + meta + text) sent to /v1/records/ingest. Auto-embedded once on write, stored in your namespace, retrievable only with your API key.
• Operational metadata — timestamps, request counts, latency, error rates. Used to operate the service and keep it healthy.

• We do not read files on your computer outside what the agent is actively working on for you.
• We do not track you across the web, do not run third-party advertising, and do not sell or share personal data with data brokers.
• We do not train AI models on your data. Not now, not later.

• To run the agents and remember context for your tasks.
• To bill you correctly and prevent abuse.
• To debug failures and improve reliability.
• To contact you about your account (security, billing, outages). We do not send marketing email without opt-in.

Records are stored encrypted at rest on Google Cloud (us-central1) and travel only over TLS 1.2+ in transit. Tenant isolation is the strictest invariant in our codebase — every query is scoped to your account, and no code path lets one account read another's data.

Neruva Cockpit's daemon runs on your computer and binds to loopback only — it does not open a port on your network. Files on your machine stay on your machine unless you explicitly ask the agent to act on them.

Records persist until you delete them, or until any TTL you set expires. Operational logs (request metadata) are retained for up to 90 days for debugging and abuse prevention, then deleted. Billing records are retained for 7 years to satisfy tax law.

If you delete your account, we delete all of your records and personal data within 30 days, except where retention is required by law (billing receipts).

You can, at any time, from the Cockpit or via API:

• Export every record we hold about you as a portable .neruva file.
• Forget records by predicate — by tag, time range, kind, or id.
• Delete your account, which forgets everything.
• Object to processing, request correction, or file a complaint with your data protection authority.

To exercise these rights, use the in-app controls or email privacy@neruva.io. We respond within 30 days.

We use these third parties to run the service:

• Google Cloud Platform — hosting, storage, TLS termination (us-central1).
• Firebase Authentication — sign-in.
• PayPal — payment processing. Card details never reach our servers.
• AI model providers — we send the agent's reasoning prompts to underlying language and vision models we operate via API. Those providers process requests under contract and do not train on the data.

Neruva is not directed to children under 13. If we learn we have collected data from a child under 13, we delete it.

If we materially change how we handle your data, we will notify you by email and update the “Last updated” date at the top of this page.

Privacy questions: privacy@neruva.io.
Security reports: security@neruva.io.