1. Who We Are
OpsOracle AI is operated by Nanoneuron Services, a registered trade name based in Nashik, Maharashtra, India. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.
We are committed to protecting your privacy. We never sell your personal data. We never use your uploaded business data to train AI models.
2. Data We Collect
We collect the following categories of data:
Account data
Email address, company name, and password hash (never your plain password). Country code detected from your IP at registration for pricing purposes.
Uploaded content
Operations reports (CSV/Excel), tax notices, insurance certificates, freight carrier documents, and medical claim denial letters — uploaded by you for AI analysis.
AI-generated outputs
Risk scores, recommendations, appeal letters, and insights generated from your data. These are stored in your account so you can access them later.
Usage data
Pages visited, features used, and API calls made — used for product improvement and security monitoring. No cross-site tracking.
Payment data
For paid subscriptions: transaction reference numbers (UTR), payment method type, and plan tier. We do not store card numbers — payment processing is handled by Razorpay (India) or other payment processors who maintain their own PCI compliance.
3. How We Use Your Data
We use your data to:
- Provide, operate, and improve the Service
- Process your uploads through AI models and return results
- Send account-related emails (password resets, payment confirmations)
- Send optional operations briefing digests (you can opt out in Account Settings)
- Monitor for security threats and abuse
- Comply with legal obligations
- Generate aggregate, anonymized usage statistics (no individual identification)
4. AI Processing and Third-Party Models
To provide AI-powered analysis, your uploaded content and text is sent to third-party AI model providers:
- Anthropic (Claude) — primary AI analysis engine
- Groq — fallback inference provider
- OpenAI — frontend AI features
These providers process your data solely to return AI completions to us. We use zero-data-retention agreements where available. We do not permit these providers to use your data to train their models.
Do not upload documents containing sensitive personal data (such as Aadhaar numbers, Social Security numbers, medical records of individuals, or payment card details) unless required for the specific feature (e.g., ClaimRecovery denial analysis).
5. Data Storage and Security
Your data is stored on secure cloud infrastructure:
- Database: Supabase PostgreSQL — encrypted at rest and in transit
- Backend: Google Cloud Run (asia-south1 region, India)
- Frontend: Vercel (global CDN with HTTPS enforced)
We implement industry-standard security measures including:
- HMAC-SHA256 signed JWT authentication tokens
- HTTPS enforced on all endpoints (HSTS with preload)
- Rate limiting, CSRF protection, and injection attack prevention
- Magic byte file scanning for uploaded documents
- No plaintext passwords — bcrypt-hashed only
6. Data Retention
We retain your account data and uploaded content for as long as your account is active. When you delete your account, we permanently delete:
- Your profile (email, company name, password hash)
- All uploaded reports and their AI analysis
- All tax notices, certificates, carrier packets, and claim appeals
- Your subscription records
Deletion is immediate upon account termination. Financial transaction records may be retained for the period required by applicable law (typically 7 years for GST/tax compliance).
7. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only:
- With AI model providers to process your requests (as described in Section 4)
- With Razorpay or other payment processors to handle subscription payments
- With Resend to send transactional emails (password reset, account notifications)
- If required by law, court order, or to protect the rights and safety of our users
- In the event of a business acquisition — you will be notified in advance
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of data we hold about you
- Correction — update incorrect data via Account Settings
- Deletion — delete your account and all data from Account Settings at any time
- Portability — request an export of your data
- Objection — opt out of optional email digests in Account Settings
To exercise rights not available through Account Settings, contact us at privacy@nanoneuron.ai. We respond within 30 days.
9. Cookies and Tracking
OpsOracle AI uses minimal cookies:
- Authentication state is stored in your browser's localStorage (not cookies)
- No advertising trackers, Facebook Pixel, or Google Analytics
- No cross-site tracking
We may use anonymous analytics to understand aggregate usage patterns (e.g., which pages are visited most). This data contains no personal identifiers.
10. Children's Privacy
OpsOracle AI is a business tool intended for users aged 18 and above. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us immediately.
11. International Users
If you are accessing OpsOracle AI from outside India, your data will be processed and stored in India (Google Cloud asia-south1) and may be transferred to other regions where our cloud providers operate. By using the Service, you consent to this transfer in accordance with this Privacy Policy.
12. Changes to This Policy
We may update this Privacy Policy. We will notify you of material changes by email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated Policy.
13. Contact
For privacy questions or data requests:
Email: privacy@nanoneuron.ai
Nanoneuron Services · Nashik, Maharashtra, India