Skip to content
NeoMind · Privacy

Privacy Policy

How we handle personal information at NeoMind — what we collect, how we store it, where it lives, and the rights you and your end-users have under the Australian Privacy Act 1988. Plain English. Australian-hosted.

Who we are

NeoMind is operated by Neomeric Pty Ltd, an Australian company. We are bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth). This policy explains how we handle personal information about three groups of people:

  • Customers — the businesses and account owners who sign up for NeoMind.
  • End-users — visitors to your website (Simon), staff in your business (Hugo), and callers to your phone number (Maeve).
  • Site visitors — people who simply browse our marketing site at neomeric.com/neomind.

What we collect

Account data

About you, the customer

Business name, account-owner email and name, billing details (handled by our payment processor — we don’t store full card numbers), the sources you upload, and your agent configuration.

Conversation data

What your agents handle

The text of conversations between Simon / Hugo / Maeve and end-users, plus metadata (timestamps, agent, session id, escalation events). Caller phone numbers are only stored if the caller has consented (see Maeve, below).

Visitor signals

About website visitors

For Simon, we record a truncated visitor IP (last octet zeroed), user-agent string, and referring URL — enough for abuse prevention and rough analytics, not enough to single anyone out. We do not run third-party trackers on the chat surface.

Marketing site

About people browsing this site

Standard server logs (truncated IP, user-agent) and Google Tag Manager / Google Analytics on the marketing pages only — not on the dashboard or chat surfaces. You can opt out of GA via the cookie banner or your browser’s Do Not Track signal.

Maeve voice and caller numbers

Every caller hears that they’re speaking with an AI agent.

At the very start of every call, before Maeve takes any input, the caller hears a short announcement saying the conversation is handled by an AI agent on behalf of the business they called. We also announce that their phone number will be stored only if they consent during the call. If they decline, Maeve still handles the call — we just don’t persist the number.

We do not record raw call audio for training purposes. We process audio in-memory through the Azure Communication Services + Azure Voice Live pipeline to produce text turns; the text turns are what we keep, governed by the retention rules below. Where audio is briefly persisted (for example, voicemail messages the caller has chosen to leave), it is encrypted at rest and bound to the same retention window.

Where data lives

All NeoMind data is hosted on Microsoft Azure in the australiaeast region (Sydney). That covers the brain database, the dashboard, the voice relay, and Azure Blob Storage for any persisted media. Content is encrypted at rest in Azure Blob Storage using Microsoft-managed keys, and encrypted in transit via TLS 1.2+.

We don’t copy your data to other regions. Backups are taken inside the same Azure region. If we ever need to expand to a second region for redundancy, we’ll update this section first and email customers.

Cookies and analytics

We keep cookies minimal:

  • Dashboard authentication cookie — this is essential. Without it, you can’t stay signed in. It is first-party, HttpOnly, SameSite=Lax, and short-lived. There is no opt-out for the auth cookie because there is no dashboard without it.
  • Marketing site analytics — the marketing site uses Google Tag Manager and Google Analytics 4 with IP anonymisation enabled. These run on neomeric.com/neomind only, never on the dashboard or chat surfaces.
  • No third-party trackers on agent surfaces. Simon’s chat widget, Hugo’s staff dashboard, and Maeve’s consent flows do not run advertising trackers, retargeting pixels, or social-media SDKs.

Third-party processors

We use a small set of trusted processors to deliver NeoMind. We share only what each processor needs to do its job, under contract.

  • Microsoft Azure (australiaeast) — hosting, database, blob storage, voice routing, language model inference (Azure OpenAI). All inference runs in-region.
  • Azure Communication Services — the PSTN bridge for Maeve calls.
  • Stripe — payments. Stripe stores card details; we don’t. Charges are billed in AUD.
  • Resend / Azure Communication Services Email — transactional and digest email delivery.
  • Google Analytics 4 — marketing-site analytics only, IP anonymised.

Retention

How long we keep transcripts depends on your plan: Solo 30 days, Duo 90 days, Squad 180 days. After the window, transcripts and escalation snapshots are hard-deleted. Aggregate metadata (counts, timestamps, costs) is kept indefinitely so reporting trends keep working over time. The full schedule lives in the Terms of Service.

Account data is kept while your account is active. If you cancel, your aggregate metadata is anonymised within 30 days. You can request full deletion at any time (see your rights, below).

Your rights

Under the Australian Privacy Act, you (and your end-users) have rights over personal information we hold. We honour these on request, free of charge, within a reasonable timeframe (typically 30 days).

Access

Ask us what personal information we hold about you, and get a copy in a portable format.

Correction

Ask us to correct anything that’s wrong or out of date. We’ll fix it or note your disagreement on the record.

Deletion

Ask us to delete your personal information. We’ll delete unless we’re legally required to keep it (e.g. tax records).

Requests can come from a customer about their own data, or from an end-user about data your agents have captured about them. Send the request to privacy@neomeric.com and include enough information for us to find the relevant record.

Data breaches

If a notifiable data breach occurs — one likely to result in serious harm under the Privacy Act’s Notifiable Data Breaches scheme — we will notify the Office of the Australian Information Commissioner (OAIC) and any affected individuals as soon as practicable, with a description of the breach, the kinds of information involved, and recommended steps to protect themselves.

Changes to this policy

We may update this policy from time to time. Material changes (anything that affects how your personal information is collected, used or shared) trigger an email to active customers at least 30 days before they take effect, mirroring the notice we give for terms of service changes. Minor edits (typos, clarifications) may be made without notice. The version you’re reading is dated at the bottom.

How to contact us

For privacy questions or requests under this policy, email privacy@neomeric.com. For anything else, the contact form reaches the right team.

If we haven’t resolved a complaint to your satisfaction, you can lodge it with the Office of the Australian Information Commissioner at www.oaic.gov.au.

This Privacy Policy forms part of your agreement with Neomeric Pty Ltd alongside the Terms of Service. Last updated 7 May 2026.