Neura’s Cloud-based AI Platform utilizes the Neura SDK, which customers’ users (“users”) integrate with their apps and IoT products. Through the SDK, Neura collects raw sensory data from the user’s mobile device. Then, Neura’s algorithms analyze this raw data and create insights about the users. Those insights enable our customers’ products to adapt to each user based on the users’ habits, lifestyle and behavior, and to deliver a more user aware experience, which leads to higher engagement, acquisition and lower churn.
The purpose of this document is to outline Neura’s Privacy view and practices regarding the collection, use and disclosure of data (which in certain occasions may consist personal data). Neura is committed to ensuring that data that is shared over its Services is protected and kept confidential.
The Data Collected
Neura collects raw sensory data through mobile devices from the physical environment around it. The data is collected in a dynamic way to minimize the impact on memory and battery. It is collected in real time only when it is needed, based on decisions made by Neura’s machine learning algorithms and our customers’ instructions.
The data that is collected through the device is as follows:
- Android ID
- Vendor ID (iOS)
- Device model
- Operating system version
- Wi-Fi routers in proximity
- Bluetooth – connections and devices
- GPS and geolocation data (location changes, Visits, Geofencing)
- Activity – based on the operating system’s API
- Surrounding devices’ data – Mac address, IP address, ID
- Device States – Power (on / off), Airplane Mode, Battery Saver/Optimization, Idle Mode, Interactive Mode, charger (connected / disconnected), Headphones (connected / disconnected) (Android), Screen (on / off) (Android)
- Application state (foreground / background) (Android)
- Engagement Data of the user in the hosted mobile application
Neura does not collect or hold any medical or healthcare related data and therefore does not handle any “sensitive data” or “protected health information” (PHI).
The Authentication Process
Neura uses an anonymous authentication message using the user’s Device ID (Android ID in Android and Vendor ID in iOS). Authentication is done automatically once the Neura SDK is activated in the user’s application.
User’s authentication tokens are created based on Oauth 2 standard and they are unique. Tokens are refreshed periodically in order protect users’ privacy and data security.
For what purpose is data used and how is it shared?
Data is collected and processed for the purpose of optimizing Neura’s Customers’ engagement campaigns and user’s communications, and reducing notification fatigue. Neura shares with its Customers the User Insights; segments and moments, generated for their users. Raw data is never shared with Neura’s customers.
Neura may also use aggregated data over several end users to improve its algorithms, measure service usage, publish summaries online or offline, and develop new features.
Neura uses a hybrid analysis solution, prioritizing some of the analysis to Neura’s mobile engine located in its SDK, while offloading other data for processing to its machine learning personalization engine located on Amazon’s S3 infrastructure.
Neura uses Amazon’s Virtual Cloud and segmented network to prevent external access and is hosted by AWS – US and Amazon – EU regions, depending on customer’s needs.
The data is distributed over multiple databases and each database holds only fragments of the data. Additionally, sensitive data is hashed or encrypted in order to protect the data itself.
The data is kept for a limited time in databases in order to reduce any large-scale risks. All databases are protected by Amazon security countermeasures.
A user may choose to stop data collection by Neura at any time by asking the application it uses to disable his Neura account. Opting out from the collection of real-time location data is also possible through the OS settings.
A user may also request to delete his Neura account and the data attached to it through contacting the application it uses. Neura will delete an end-user’s token, access, and information upon deletion of the account. Neura may retain data it may need due to its contractual obligations and/or to comply with any legal requirements to which it is subject after which Neura will delete any such data. Anonymized raw data (sensor signals) may be retained for an indefinite period of time.
Neura is committed to ensuring users’ privacy while providing them with transparency and control of their data. Neura has taken into consideration privacy and security aspects from day one and therefore our technology is built in a way that supports privacy by design and by default. Neura is fully compliant with GDPR and adheres all relevant regulations.
Neura provides services as a Data Processor meaning that it only processes the data on its customers’ behalf who are defined as the Data Controllers according to the terms set in the Data Processing Agreement (DPA).
Under GDPR, the Controller should provide the data subject information and mechanisms in order to meet the transparency requirement. Neura, like most Data Processors, works with the Data Controller behind the scenes and provides all necessary information to support the controller’s transparency requirements.