Privacy Policy

Last updated: June 2, 2026

NeuroSphere (“we”, “us”) operates a multi-tenant AI voice calling platform that helps businesses follow up with leads and book appointments. This Privacy Policy explains what data we collect, how we use it, and the rights you have over it.

1. Data We Collect

2. How We Use Data

3. Google User Data & Limited Use

When you connect Google Calendar, you grant NeuroSphere access to your primary calendar’s free/busy information and the ability to create, update, and delete the appointment events our AI books on your behalf. We request only the calendar.events and calendar.freebusy scopes, plus your account email (openid and userinfo.email) so we can show which Google account is linked. We do not read events we did not create, and we never touch any calendar other than your primary one.

NeuroSphere’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Google user data is used only to provide and improve the appointment-booking features you have requested; it is never used for advertising, never sold, never transferred to third parties except the subprocessors named in Section 5 as required to operate the service, and never used to train generalized AI/ML models. No human at NeuroSphere reads your Google user data except where you give affirmative consent for specific support, where required for security or to comply with applicable law, or in aggregate and anonymized form.

You can revoke NeuroSphere’s access to your Google data at any time from Settings → Disconnect Calendar, or from your Google Account permissions page.

4. Meta Platform Data

When you connect a Facebook Page, we receive leads submitted to that page’s Lead Ad forms via Meta’s webhook system. We only retrieve the specific lead you authorize us to access, store it against your organization, and use it solely to initiate the callback you requested. You can disconnect the page at any time from Settings, which revokes our access and stops further lead ingestion.

5. Data Sharing

We do not sell your data. We share data only with subprocessors required to deliver the service: Supabase (database), Twilio (telephony), ElevenLabs (voice AI), Anthropic (LLM), and Railway (hosting). All subprocessors are bound by data protection agreements.

6. Data Retention

We retain lead and call data for as long as your account is active. On account deletion, we remove all personal data within 30 days, except where retention is required by law.

7. Your Rights

You may access, correct, export, or delete your data at any time by emailing ziad.elalfy@yahoo.com. Egyptian users are protected under Law 151/2020. EU users have rights under the GDPR.

8. Security

All access tokens are encrypted at rest. Webhooks are verified via HMAC-SHA256 signatures. Database access is scoped per organization via row-level security policies.

9. Contact

Questions about this policy? Email ziad.elalfy@yahoo.com.