Effective Date: April 21st, 2025 Last Updated: April 21st, 2025
At Neural Nanosphere, we recognize the sensitive nature of data entrusted to Neural Nanosphere, especially in the context of healthcare, biomedical research, and institutional data governance. This Data Usage Policy outlines how we manage, process, and protect the data submitted, accessed, generated, and analyzed within the Neural Nanosphere platform.
This policy is designed to ensure full transparency around how data is handled, consistent with our obligations under the Health Insurance Portability and Accountability Act (HIPAA) in the United States, the General Data Protection Regulation (GDPR) in the European Union, and other applicable data protection and research compliance frameworks.
By using Neural Nanosphere, you consent to the data usage practices described herein.
Neural Nanosphere collects and uses data solely for the purpose of delivering, securing, improving, and maintaining our AI-based research services. The types of data submitted to or generated by the platform may include sensitive scientific material, institutional content, and regulated health information.
We use data to perform core platform functions including processing complex research queries, generating explainable outputs, enabling sub-agent collaboration, and presenting structured research documents. Data is also used to maintain session continuity, user-specific preferences, workflow history, and reproducibility of outputs.
Additionally, we may use de-identified or anonymized data to refine performance metrics, address technical issues, develop new features, and improve the underlying AI agents—only when such usage complies with legal, contractual, and ethical standards.
Neural Nanosphere may use the following categories of data:
Personal and user profile data includes information such as name, organizational affiliation, email address, account credentials, role within your institution, and user preferences. This data is used to manage authentication, account security, and platform access control.
Uploaded or input data includes research questions, datasets, EMRs, study protocols, omics files, biomedical texts, notes, and other scientific content that you or your institution provide. Depending on your use case, this may contain personal data, Protected Health Information (PHI), or special category data under GDPR.
AI-generated content includes structured reports, hypothesis expansions, citations, visualizations, and sub-agent logs. These are stored and used to maintain output continuity, enable cross-referencing, and provide traceability for research outputs.
Technical and diagnostic data includes metadata about system usage such as device type, browser version, API activity, access logs, and error reports. This is collected to maintain platform performance, support troubleshooting, and enhance system security.
All data used by Neural Nanosphere within research workflows is treated with confidentiality and is only accessible to authorized users within your organization, unless explicitly shared. Research inputs are not used beyond the boundaries of your session or institutional license unless such use is authorized in writing.
We do not use your data to train public AI models, nor do we transfer it to external parties for data mining, marketing, or profiling purposes. Any use of your data for AI model refinement, error correction, or scientific insight generation is performed only in ways that are aligned with research ethics guidelines, consent requirements, and your institutional policies.
Generated outputs are retained for auditability and reproducibility unless you choose to delete them or configure auto-deletion within your deployment settings. You retain ownership of both the input and output data, and we act as a data processor and steward on your behalf.
For institutions operating under heightened data protection or regulatory requirements, Neural Nanosphere supports on-premise and private cloud deployments. In such configurations, all data remains within your infrastructure and is never accessed by our personnel unless explicitly authorized for support or compliance purposes.
When deployed on-premise, Neural Nanosphere does not transmit user or institutional data outside your environment. No data is used for product improvement or telemetry unless you opt into a secure, consented feedback program.
In both cloud and private deployments, customer environments are logically and cryptographically separated to ensure data integrity and eliminate cross-contamination between institutions.
By default, Neural Nanosphere does not use your data to improve or fine-tune shared AI models unless you opt in. In cloud-based deployments, we may offer users or institutions the ability to contribute de-identified, non-sensitive feedback or system telemetry to help refine the platform. This data is never used without your explicit permission and is always handled under strict access control and encryption protocols.
Institutions can also submit their own research data for local model fine-tuning or prompt template customization. In these cases, the data remains entirely within the institution’s control and is not accessible to other customers or to our own shared infrastructure.
Any consent-based data usage for platform learning is governed by signed agreements and processed in full compliance with HIPAA, GDPR, and institutional review board (IRB) protocols where applicable.
Access to data within Neural Nanosphere is strictly limited to:
All data access is logged and auditable. Role-based access control (RBAC), multi-factor authentication (MFA), and user-group policies are enforced to prevent unauthorized data exposure. In enterprise settings, administrators have access to user management tools, access logs, and activity reports to support institutional governance.
You may define custom policies for access expiration, user provisioning, and data deletion according to your internal policies and research protocols.
Neural Nanosphere is designed to support compliance with all relevant data regulations including HIPAA, GDPR, HITECH, and institutional research governance protocols.
In the United States, we support HIPAA-mandated safeguards for handling PHI and enter into Business Associate Agreements (BAAs) when required. All PHI is encrypted and access-controlled.
In the European Union, we comply with GDPR’s requirements for data minimization, lawful processing, data subject rights, and cross-border data transfer safeguards. We also support execution of Data Processing Agreements (DPAs) with institutional clients and maintain compliance with regional research ethics laws.
We offer data residency controls and maintain localized storage for institutions operating under national data sovereignty requirements, including for clinical trials, university research, or pharmaceutical innovation.
Data submitted to Neural Nanosphere is retained for as long as necessary to fulfill the purpose for which it was collected or as mandated by regulatory, contractual, or institutional policies.
User data may be retained after account termination if required for legal compliance, security investigations, reproducibility mandates, or archival research. However, you may request early deletion of input data, generated content, or user records by contacting our privacy team or through your institutional administrator.
In enterprise deployments, data retention periods can be customized to align with internal research guidelines, IRB protocols, or grant requirements.
You or your institution have full ownership and control over any data you submit to Neural Nanosphere. We act as a custodian or processor of your data, not as a controller or owner.
You have the right to:
Users covered by GDPR or HIPAA may exercise additional rights under those laws as described in our Privacy Policy.
We may update this Data Usage Policy to reflect changes in regulatory requirements, platform functionality, or our data governance framework. When material changes are made, we will notify users through the platform or by email and provide an opportunity to review and consent where applicable.
The “Last Updated” date at the top of this document will reflect the most recent version.
If you have questions about this Data Usage Policy, or if you wish to request further details about data practices, institutional integrations, or model isolation, you may contact: