LEGAL
Privacy Policy
On this page
The 60-second summary
- We collect the minimum needed to run the site and the AI School app — mostly your email, what you study, and basic analytics.
- We do not sell your personal data. Ever.
- We use Google Analytics 4 (anonymized IP) for traffic stats and Cloudflare for security and performance.
- Some product links are affiliate links — buying through them may earn us a commission at no extra cost to you.
- You can request a copy or deletion of your data anytime by emailing [email protected].
Who we are
NeuralMindMastery ("NMM," "we," "us," or "our") operates this site at neuralmindmastery.com and the application at app.neuralmindmastery.com. We are the data controller for personal information you provide to us through either property. You can reach our privacy team at [email protected].
What we collect
Information you give us
- Account info — name and email when you sign up for the app, a course, or a newsletter.
- Payment info — handled by our payment processor (Stripe). We receive the last 4 digits, brand, and country of the card. We never see full card numbers.
- Content you submit — survey answers, prompt library submissions, comments, and any other information you choose to share.
- Communications — email or chat conversations with our team.
Information collected automatically
- Usage data — pages viewed, time on page, referrer, and basic device info.
- Log data — IP address (truncated by Cloudflare and anonymized in GA4), user agent, and request timestamps.
- Cookies — see the Cookies section below.
Information from third parties
- If you log in via Google or another provider, we receive your name, email, and profile picture.
- If you click an affiliate link and complete a purchase, the partner may share aggregate conversion data with us.
Why we collect it
We use your data to:
- Operate the site and the AI School app — accounts, courses, progress tracking, and customer support.
- Process payments and send transactional emails (receipts, confirmations, security alerts).
- Improve the product — what content works, what doesn't, where users get stuck.
- Send marketing emails only if you opted in. Every marketing email has a one-click unsubscribe.
- Comply with legal obligations, prevent fraud, and enforce our Terms.
Our legal bases under the GDPR are: (a) contract — to deliver what you signed up for; (b) legitimate interest — to run the business and improve the product; (c) consent — for marketing emails and non-essential cookies; and (d) legal obligation — to comply with tax and regulatory law.
Who else sees your data
We work with a small, vetted set of service providers:
- Cloudflare — CDN, DDoS protection, SSL. They process IP addresses and request metadata. Privacy policy.
- Google Analytics 4 — anonymized traffic analytics. IP anonymization is on. Privacy policy.
- Stripe — payment processing. Privacy policy.
- A2 Hosting — website hosting. Privacy policy.
- Email service providers — used to send transactional and (with consent) marketing email.
- Affiliate networks — when you click a labeled affiliate link, the destination partner (e.g., a tool vendor) sets its own cookies under its own policy.
We do not sell or rent personal information. We may disclose data if legally required (e.g., a valid subpoena) or to protect rights and safety.
How long we keep it
- Account data — for as long as your account exists, plus up to 12 months after deletion for backup retention.
- Transactional records — 7 years, as required by tax law.
- Analytics data — 14 months in GA4 (user-level), then automatically purged.
- Support emails — up to 3 years for quality and reference, then deleted.
Your rights
Depending on where you live, you have some or all of these rights:
- Access — get a copy of the data we hold about you.
- Correction — fix anything that's wrong.
- Deletion — ask us to remove your data (with some legal exceptions).
- Portability — get your data in a machine-readable format.
- Restriction / objection — limit how we process your data.
- Withdraw consent — for anything based on consent (mainly marketing email).
- CCPA / CPRA (California) — right to know, delete, correct, and opt out of "sale" or "sharing." We do not sell or share personal information in the CCPA sense.
- Complaint — file a complaint with your local data protection authority. We hope you'll talk to us first.
To exercise any right, email [email protected] from the address on your account. We respond within 30 days (or sooner where required by law).
Children's privacy
The site and app are not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please email us and we will delete it promptly.
Security
We use HTTPS everywhere (TLS 1.2+), Cloudflare for DDoS protection, encrypted database backups, and least-privilege access controls. No system is 100% secure, but we take it seriously. If you spot a security issue, please email [email protected].
International data transfers
We are based in the United States, and our service providers are primarily in the US and the EU. When personal data is transferred outside your country, we rely on Standard Contractual Clauses approved by the European Commission and, where applicable, the EU-US Data Privacy Framework to protect your information.
Changes to this policy
We may update this policy as the product evolves or laws change. When we do, we'll update the "Last updated" date at the top of this page. For material changes that affect your rights, we'll notify you by email or a prominent banner before they take effect.
How to contact us
Privacy questions, requests, and complaints:
- Email: [email protected]
- Security issues: [email protected]
- General contact: /contact