Privacy Policy

NeoMatX ("the Service") is a software platform that provides AI-powered customer communication tools.

1. Introduction

This Privacy Policy explains how NeoMatX (“we”, “our”, “us”) collects, uses, and protects personal data when you use our platform and related services.

NeoMatX is a modular business platform offering AI-powered applications such as marketing content generation, messaging tools, support chatbots, and contact form management.

We are committed to protecting personal data and processing it in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

This Privacy Policy applies to our website and the NeoMatX platform.

2. Data Controller

The controller responsible for data processing related to this website and the operation of the platform is:

Contact details are provided in the imprint of this website.

3. Nature of the Service (B2B Platform)

NeoMatX is designed primarily for business users (B2B).

Customers may use the platform to manage their own business data, communication, and customer inquiries.

When customers use NeoMatX to process data of their own clients or users, the following roles apply:

The customer acts as the Data Controller

NeoMatX acts as a Data Processor under Article 28 GDPR

In such cases, personal data is processed solely according to the instructions of the customer using the platform.

4. Categories of Data Processed

Depending on how the platform is used, we may process the following categories of data:

  • Account and registration data
    • name
    • email address
    • company name
    • account credentials
  • Technical data
  • IP address
  • browser type and version
  • device information
  • operating system
  • access timestamps
  • Communication data
  • messages sent through the platform
  • support inquiries
  • chatbot conversations
  • Contact form submissions
  • Information submitted through forms created by platform users.

5. Purpose of Processing

Personal data is processed for the following purposes:

  • providing and operating the NeoMatX platform
  • user authentication and account management
  • delivering AI-powered functionality
  • handling communication and support requests
  • ensuring system security and preventing misuse
  • improving platform functionality and performance
  • fulfilling legal obligations

6. Legal Basis for Processing

Processing of personal data is based on the following legal grounds under GDPR:

  • Art. 6(1)(b) GDPR
    Processing necessary for the performance of a contract.
  • Art. 6(1)(f) GDPR
    Legitimate interests such as platform security, fraud prevention, and system improvements.
  • Art. 6(1)(c) GDPR
    Compliance with legal obligations.
  • Art. 6(1)(a) GDPR
    Consent where required.

7. AI and Automated Processing

NeoMatX includes features powered by artificial intelligence that assist users with business tasks such as:

  • generating marketing content
  • automated chatbot responses
  • text suggestions
  • workflow automation

These features process data solely to provide the requested functionality.

NeoMatX does not use customer content to train external AI models unless explicitly agreed with the customer.

AI-generated responses are automatically produced and may require human review before being used for business communication.

Note on Privacy: NeoMatX uses professional API integrations for AI services. Under our agreements with these providers, the data you submit to the AI features is not used to train or improve the underlying AI models of third-party providers.

8. Hosting and Infrastructure

The NeoMatX platform is hosted on secure infrastructure within the European Union.

Appropriate technical and organizational measures are implemented to protect personal data against unauthorized access, alteration, or loss.

Security measures include:

  • encrypted data transmission (HTTPS)
  • access control systems
  • server monitoring
  • regular security updates

9. Sub-Processors

To operate the platform, NeoMatX may use carefully selected third-party service providers (sub-processors) for infrastructure or technical services.

These providers process data only under contractual agreements that ensure compliance with GDPR requirements.

Typical categories of service providers may include:

  • cloud infrastructure providers
  • email delivery services
  • AI service providers
  • monitoring and logging services
  • A current list of sub-processors may be provided upon request.

10. International Data Transfers

While our primary servers are located in the European Union, some of our sub-processors (particularly AI service providers) may process data in the United States or other countries outside the EEA.

To ensure a level of data protection equivalent to the GDPR, we rely on:

  • Adequacy Decisions: Such as the EU-U.S. Data Privacy Framework.
  • Standard Contractual Clauses (SCCs): Approved by the European Commission to protect data transferred outside the EEA.
  • Additional Safeguards: Such as data encryption and minimized data transfer protocols.

11. Contact Forms and Messaging Features

NeoMatX allows customers to create contact forms and messaging interfaces for their own users.

Information submitted through these tools is stored within the platform and processed according to the configuration defined by the respective account owner.

In this context:

  • the customer acts as Data Controller
  • NeoMatX acts as Data Processor

12. Data Retention

Personal data is retained only as long as necessary for the purposes described in this policy or as required by law.

Customers may delete their data within the platform at any time.

Account data may be removed upon request or after account termination, subject to applicable legal retention obligations.

13. Data Security

We implement appropriate technical and organizational measures to ensure a high level of data protection.

These measures include:

  • encrypted data transmission
  • secure hosting infrastructure
  • restricted internal access
  • regular security updates and monitoring
  • Despite these precautions, absolute security cannot be guaranteed.

14. Rights of Data Subjects

Individuals whose personal data is processed have the following rights under GDPR:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object to processing
  • Requests can be submitted using the contact details listed in the imprint.

Data subjects also have the right to lodge a complaint with a competent data protection supervisory authority if they believe that their personal data has been processed unlawfully.

Right to Object:

Where processing is based on legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then stop the processing unless we can demonstrate compelling legitimate grounds that override your interests.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or platform functionality.

The current version will always be available on this website.