Privacy Policy — Neuron Byte

In plain language: Neuron Byte only collects the personal data we need to respond to your inquiries, provide our services and improve our website. We don't sell or rent your data, and we only share it with vendors who help us operate under strict confidentiality. You can exercise your rights at any time by emailing dfalcon@neuronbyte.xyz.

1. Identity of the controller

This Privacy Policy is issued in compliance with the EU General Data Protection Regulation (Regulation 2016/679) ("GDPR") where it applies to data subjects in the European Economic Area, Mexico's Federal Law on the Protection of Personal Data Held by Private Parties ("LFPDPPP") and its Regulations, California's Consumer Privacy Act ("CCPA") as amended by the CPRA, Brazil's Lei Geral de Proteção de Dados ("LGPD"), the UK GDPR, and any other applicable data protection legislation.

The controller of your personal data is:

Legal name: Neuron Byte (hereinafter "Neuron Byte", "we", "us" or "the controller").
Address: Mexico City, Mexico.
Email: dfalcon@neuronbyte.xyz
Phone / WhatsApp: +52 56 2043 9084
Website: neuronbyte.xyz

Neuron Byte is not currently required to designate a Data Protection Officer (DPO) under Art. 37 GDPR. The point of contact for all privacy matters is the controller indicated above.

2. Personal data we collect

We only collect the personal data we need for the purposes described in this policy. Depending on how you interact with us, we may process the following categories of data:

2.1 Data you provide directly

Identification and contact data: first name, last name, email address, phone or WhatsApp number.
Professional data: company, role, industry, country.
Content of your communications: the message, project description or query you send us through our contact form, email, WhatsApp or other channels.
Billing data (clients only): legal name, tax ID (RFC, VAT or equivalent), tax address and banking details required to issue invoices and process payments.

2.2 Data collected automatically

Browsing data: IP address, browser type and version, operating system, language, pages visited, time spent, referrer and visit timestamp.
Device and cookie identifiers (see Section 7).

2.3 Sensitive data

Neuron Byte does not request or process sensitive personal data (racial or ethnic origin, health information, genetic data, religious or philosophical beliefs, trade union membership, political opinions or sexual orientation) in the ordinary course of its activity. In the exceptional case that a specific project requires it, we will always do so with your explicit written consent.

3. Purposes of processing

We distinguish between primary purposes (necessary for our relationship with you) and secondary purposes (which you may opt out of without affecting the service).

3.1 Primary purposes

Respond to your information request, quote or contact.
Provide the professional services you have contracted (web development, custom software, AI integration and others).
Issue invoices and manage collections.
Comply with legal, tax, accounting and other regulatory obligations.
Maintain a communication channel with you during the professional relationship.
Ensure the security of our infrastructure and prevent fraud or abuse.

3.2 Secondary purposes

Send commercial communications about our services, news, use cases and educational content.
Conduct satisfaction surveys.
Produce aggregated statistics and improve our products and services.
Feature you in public testimonials or case studies (always with your prior written authorization).

Don't want commercial communications or to be featured in testimonials? You can object to any secondary purpose at any time by emailing dfalcon@neuronbyte.xyz with subject "Object to secondary purposes". This objection will not affect your relationship with us.

4. Legal basis for processing

We process your personal data based on at least one of the following legal grounds:

Consent (Art. 6(1)(a) GDPR; Arts. 8 and 9 LFPDPPP) — when you voluntarily complete our forms or accept non-essential cookies.
Performance of a contract (Art. 6(1)(b) GDPR) — to deliver the services you have contracted or to take pre-contractual steps you have requested.
Legal obligation (Art. 6(1)(c) GDPR) — to comply with tax, accounting or crime-prevention obligations.
Legitimate interest (Art. 6(1)(f) GDPR) — to secure our website, prevent fraud, evaluate campaign performance and send communications to active clients about services similar to those contracted. We always balance this interest against your rights and freedoms.

5. Recipients and processors

Neuron Byte does not sell, rent or trade your personal data. To operate, however, we may share your data with service providers ("processors" or "sub-processors") who act only on our documented instructions and under confidentiality and security obligations equivalent to those required by applicable law.

5.1 Categories of recipients

Category	Purpose	Examples
Cloud hosting and storage	Host the website, project databases and files	Vercel, AWS, Google Cloud, Supabase
Email and productivity	Internal and client communications	Google Workspace
Analytics and performance	Anonymous or pseudonymized usage metrics	Google Analytics 4, Plausible
AI platforms	Prompt processing in agents and assistants	Anthropic (Claude), OpenAI (GPT), Google (Gemini)
Payments and billing	Process charges and issue invoices	Stripe, Mercado Pago, Facturama
Messaging	Chat support and conversational agents	Meta (WhatsApp Business API)
Authorities	Respond to valid legal requests	Tax and judicial authorities

5.2 International transfers

Some of our providers process data outside of Mexico or the European Economic Area, mainly in the United States. In those cases we ensure the transfer is performed with appropriate safeguards under Art. 46 GDPR, using one of the following mechanisms:

Standard Contractual Clauses approved by the European Commission.
EU-U.S. Data Privacy Framework certification, when the provider participates.
The data subject's explicit consent when none of the above applies.

6. Retention period

We keep your data only for as long as necessary for the purposes for which it was collected and to comply with applicable legal obligations:

Prospect contact data: up to 24 months from the last contact, unless you request earlier deletion.
Client data: for the duration of the contract and up to 5 years after termination, in line with tax and accounting obligations.
Browsing and analytics data: up to 14 months (default Google Analytics 4 setting).
Records of data-subject requests: 5 years, to evidence compliance.

Once these periods expire, we securely delete, anonymize or block the data.

7. Cookies and similar technologies

Our site uses cookies and similar technologies (pixels, local storage) for three purposes:

Strictly necessary cookies: ensure the site works properly (language preferences, security). No consent required.
Analytics cookies: let us understand how many people visit the site and how they use it, in aggregate and anonymous form.
Marketing cookies (only if we enable them in the future): to measure the effectiveness of advertising campaigns.

You can manage or disable non-essential cookies at any time from your browser settings. Disabling them may affect your experience on the site.

8. Security measures

We implement reasonable administrative, technical and physical security measures, proportional to the risk, in accordance with Art. 19 LFPDPPP and Art. 32 GDPR, including:

Encryption of data in transit using TLS 1.2 or higher.
Encryption at rest for sensitive databases.
Role-based access control and multi-factor authentication on internal systems.
Confidentiality agreements with all staff and vendors.
Periodic encrypted backups and incident continuity plans.
Documented breach-response procedure with notification to data subjects and authorities within legal deadlines (72 hours under GDPR).

9. Your rights

As a data subject, you have the following rights:

Access: know what data we process about you and how.
Rectification: request correction of inaccurate or incomplete data.
Erasure / Deletion: request the deletion of your data when it is no longer needed or the processing is unlawful.
Object: object to the processing of your data on legitimate grounds, including profiling and direct marketing.
Restriction of processing (GDPR): request that we temporarily suspend the use of your data while a dispute is resolved.
Data portability (GDPR): receive your data in a structured, commonly used, machine-readable format, or have it transmitted to another controller.
Withdraw consent: withdraw the consent you have given, without affecting the lawfulness of prior processing.
Not be subject to fully automated decisions that produce legal effects on you or significantly affect you, except in cases provided by law.

If you reside in California (CCPA/CPRA), Brazil (LGPD), the United Kingdom (UK GDPR) or another jurisdiction with specific data-protection rules, the equivalent rights apply to you under the same terms.

California residents (CCPA/CPRA): you also have the right to know the categories of personal information collected, to opt out of the sale or sharing of personal information (we do neither) and to non-discrimination for exercising your rights.

10. How to exercise your rights

To exercise any of the rights described, send a request by email to dfalcon@neuronbyte.xyz with subject "Privacy rights request – Neuron Byte". Your request must contain:

Full name of the data subject and a means to receive a response.
A copy of an official identification document (or, if acting through a representative, a simple power of attorney and copy of ID of both the data subject and the representative).
A clear and precise description of the right you wish to exercise and the personal data involved.
Any item or document that helps us locate the data.

We will respond to your request within a maximum of 20 business days (LFPDPPP) or 30 calendar days (GDPR), which may be extended once for the same period when complexity justifies it. Exercising these rights is free of charge; we may only pass through shipping or reproduction costs when applicable.

11. Minors' data

Our services are aimed at professionals, businesses and adults. We do not knowingly collect personal data from minors under 16 (the GDPR threshold for consent in information-society services). If you become aware that a minor has provided us with personal data without the authorization of a parent or legal guardian, please contact us immediately so we can delete it.

12. Changes to this privacy policy

We may update this policy to reflect legal, operational or technological changes. The current version will always be published at neuronbyte.xyz/privacy-policy.html with its update date. When changes are material, we will notify you through the contact channels you have registered with us.

13. Supervisory authorities

If you believe that the processing of your data does not comply with applicable law, you can file a complaint with the relevant authority in your jurisdiction:

Mexico: National Institute for Transparency, Access to Information and Personal Data Protection (INAI). inai.org.mx
European Union: the supervisory authority of your country of residence or workplace (list at edpb.europa.eu).
United Kingdom: Information Commissioner's Office (ICO). ico.org.uk
California (USA): California Privacy Protection Agency (CPPA). cppa.ca.gov
Brazil: Autoridade Nacional de Proteção de Dados (ANPD).

We would, however, appreciate the opportunity to address your concern directly before you approach a supervisory authority. You can reach us at the email indicated in this policy.

14. Contact

For any inquiry related to this policy, the processing of your data, or the exercise of your rights, please reach out to:

Email: dfalcon@neuronbyte.xyz
WhatsApp: +52 56 2043 9084
Attention to: David Falcón, in his capacity as controller and point of contact for data-protection matters.

Consent: by using our website, getting in touch with us or contracting our services, you confirm that you have read, understood and accepted the terms of this Privacy Policy, and you provide your informed consent for the processing of your personal data as described herein.