Privacy Policy

NeuroMedia Software SA

Last updated: May 2026

1. Introduction and Scope

NeuroMedia Software SA ("NeuroMedia", "we", "us", or "our") is a Belgian technology company that develops AI-powered media intelligence, advertising monitoring, audience analytics, and related data analysis solutions.

This Privacy Policy describes how we collect, use, store, disclose, transfer, and protect Personal Data when you:

  • access or use the DeepMonitor Data Explorer platform or any related services (collectively, the "Service");
  • visit our websites, including neuromedia.io and related domains;
  • communicate or interact with us in a business, contractual, or professional context.

This Privacy Policy applies to:

  • Clients;
  • authorised end-users;
  • website visitors;
  • business contacts;
  • support contacts;
  • prospective customers; and
  • other individuals whose Personal Data we process as a Data Controller.

This Privacy Policy is drafted in accordance with:

  • Regulation (EU) 2016/679 ("GDPR");
  • the Belgian Data Protection Act of 30 July 2018;
  • applicable ePrivacy rules; and
  • Regulation (EU) 2024/1689 (the "EU AI Act"), where applicable.

Where NeuroMedia acts as a Data Processor on behalf of a Client, processing activities are governed by a separate Data Processing Agreement ("DPA") and Section 8 of this Privacy Policy.

For the purposes of this Privacy Policy:

  • "Personal Data" has the meaning set out in Article 4(1) GDPR.
  • "Customer Data" means any data, content, media, metadata, identifiers, or materials submitted to, uploaded to, imported into, generated through, or otherwise processed through the Service by or on behalf of a Client.
  • "Client" means the organisation subscribing to or using the Service.
  • "End-user" means any authorised individual accessing or using the Service on behalf of a Client.
  • "Publicly Available Media Content" means media, advertising, publication, broadcast, business, or publicly accessible online content lawfully accessible without circumvention of access restrictions, authentication controls, or technical protection measures.
  • "Service" means the DeepMonitor Data Explorer platform and any related products, applications, APIs, websites, analytics systems, or services operated by NeuroMedia Software SA.

Certain Personal Data is necessary for us to provide the Service, including authentication credentials, account identifiers, billing information, and security-related information. Failure to provide such information may prevent us from establishing or maintaining access to the Service or fulfilling contractual obligations.

2. Data Controller Identity

For Personal Data processed in connection with the Service, the Data Controller is:

NeuroMedia Software SA
Registered office: Rue de l'Avouerie 7
4000 Liège, Belgium
Phone: +32 2 315 84 65
Service Desk (preferred): support.deepmonitor.app
Privacy enquiries: privacy@neuromedia.io
Security enquiries: security@neuromedia.io
Website: neuromedia.io

NeuroMedia has designated an internal responsible contact for privacy and data protection matters. Where required by applicable law, NeuroMedia will appoint a Data Protection Officer and publish the relevant contact details.

3. Personal Data We Collect

NeuroMedia collects only Personal Data that is adequate, relevant, and limited to what is reasonably necessary for the purposes described in this Privacy Policy.

3.1 Data You Provide Directly

We may collect:

  • full name;
  • business email address;
  • username and authentication credentials;
  • company name;
  • professional title and department;
  • billing and invoicing information;
  • subscription and contractual records;
  • support requests and communications;
  • survey responses and product feedback; and
  • information voluntarily provided during demonstrations, onboarding, or commercial discussions.

Passwords are stored using industry-standard hashing and security protections and are not stored in plaintext form.

3.2 Data Collected Automatically

We may automatically collect:

  • IP addresses;
  • browser type and version;
  • operating system and device characteristics;
  • timestamps and session metadata;
  • authentication events;
  • pages, reports, features, and functions accessed;
  • API usage and operational telemetry;
  • search queries and interaction patterns;
  • error events, diagnostics, and performance metrics; and
  • security, audit, and operational logs.

Security and operational logs are maintained for authentication, auditability, fraud prevention, abuse prevention, incident response, platform integrity, and operational reliability purposes.

Access to such logs is restricted to authorised personnel and systems with a legitimate operational or security-related need.

Where feasible and appropriate, NeuroMedia may reduce, truncate, pseudonymise, aggregate, or otherwise minimise identifiable elements contained within operational logs.

3.3 Data Received from Third Parties

We may receive Personal Data from:

  • Client organisations;
  • authorised resellers or implementation partners;
  • publicly available business registries;
  • commercial business information providers;
  • authentication or identity providers; and
  • lawful third-party data integrations authorised by Clients.

NeuroMedia processes Publicly Available Media Content for legitimate business purposes including media monitoring, indexing, analytics, audience intelligence, reporting, searchability, and operational analysis, subject to proportionality safeguards and applicable law.

3.4 Special Categories of Personal Data

NeuroMedia does not intentionally request or require special categories of Personal Data for ordinary use of the Service.

However, Customer Data or Publicly Available Media Content processed through the Service may incidentally contain information revealing:

  • racial or ethnic origin;
  • political opinions;
  • trade union membership;
  • religious or philosophical beliefs;
  • health-related information; or
  • other categories of sensitive information as defined under Article 9 GDPR.

Where such data is processed, NeuroMedia may rely on Article 9(2)(e) GDPR relating to Personal Data manifestly made public by the data subject, where applicable.

Where NeuroMedia processes special-category data solely on behalf of a Client, the relevant Client remains responsible for establishing an appropriate lawful basis under Article 9 GDPR.

NeuroMedia does not knowingly use special-category data for independent advertising, discriminatory profiling, biometric identification, or unrelated commercial purposes.

Unless explicitly agreed otherwise in writing, NeuroMedia does not use the Service for biometric identification, facial recognition, emotion recognition, or the creation of biometric templates intended to uniquely identify natural persons.

4. Legal Basis for Processing

NeuroMedia relies on the following lawful bases under Article 6 GDPR:

Purpose Legal Basis
Account management and authenticationContract performance
Service delivery and platform operationsContract performance
Billing and financial administrationContract + legal obligation
Security monitoring and fraud preventionLegitimate interests
Customer supportContract + legitimate interests
Product improvement and operational analyticsLegitimate interests
Legal compliance and regulatory obligationsLegal obligation
Marketing communicationsConsent or legitimate interests where permitted by law

Where processing is based on legitimate interests, NeuroMedia performs and maintains appropriate balancing assessments taking into account:

  • the nature and sensitivity of the data;
  • the reasonable expectations of affected individuals;
  • the necessity and proportionality of the processing; and
  • safeguards designed to minimise privacy impact.

Where consent is required, individuals may withdraw consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.

5. Purposes of Processing

NeuroMedia processes Personal Data solely for legitimate business and operational purposes including:

  • providing and maintaining the Service;
  • authenticating users and managing accounts;
  • hosting, infrastructure management, and system administration;
  • cybersecurity, fraud prevention, and incident response;
  • audit logging and operational integrity;
  • customer support and technical troubleshooting;
  • subscription and contractual administration;
  • compliance with legal and regulatory obligations;
  • communicating service-related notices and security alerts;
  • improving functionality, performance, usability, and operational reliability;
  • generating aggregated, statistical, de-identified, anonymised, or pseudonymised operational insights; and
  • optional marketing and product communications where permitted by law.

NeuroMedia may generate aggregated, statistical, de-identified, anonymised, or pseudonymised information derived from use of the Service for legitimate operational and business purposes, provided such information does not reasonably identify individual persons or Clients.

6. AI-Assisted Analytics and Automated Processing

The Service may use machine learning, statistical analysis, automated classification, natural language processing, and AI-assisted technologies to organise, analyse, categorise, index, enrich, or generate insights from Customer Data and Publicly Available Media Content.

Such processing is intended to support operational analysis, media intelligence, reporting, and human review processes.

Unless explicitly authorised in writing by the relevant Client, NeuroMedia does not use Customer Data to train shared, customer-external, generalised, or foundation machine learning models.

Customer Data processed within one Client environment is logically segregated from Customer Data processed on behalf of other Clients, except where reasonably necessary for infrastructure management, security, maintenance, legal compliance, or service delivery purposes.

AI-assisted outputs generated through the Service are intended to support human review and operational workflows and are not intended to independently determine legal, employment, financial, reputational, compliance, or similarly significant outcomes relating to individuals or organisations.

AI-assisted classifications, summaries, recommendations, categorizations, analytical outputs, and generated insights may contain inaccuracies, incomplete information, probabilistic inferences, or false positives and should not be relied upon as the sole basis for materially significant decisions.

Clients remain responsible for exercising appropriate human review, professional judgment, and independent verification of outputs generated through the Service.

The Service and AI-assisted outputs are provided for informational and operational support purposes only and are not intended to constitute legal, regulatory, financial, employment, compliance, or professional advice.

6.1 Article 22 GDPR — Automated Decision-Making

NeuroMedia has assessed its processing activities against Article 22 GDPR relating to solely automated decision-making producing legal or similarly significant effects.

AI-assisted outputs generated through the Service are designed to support human review by Client personnel and are not configured to independently produce legally binding, employment-related, financial, reputational, or similarly significant decisions regarding individuals.

NeuroMedia does not market or configure the Service as a system for fully automated high-risk or high-stakes individual decision-making.

Clients are responsible for ensuring appropriate human oversight and for determining whether their own use of the Service triggers obligations under Article 22 GDPR or other applicable laws.

Where applicable and reasonably possible, NeuroMedia will assist Clients in fulfilling relevant legal obligations pursuant to the applicable DPA.

6.2 EU Artificial Intelligence Act

NeuroMedia monitors evolving obligations under Regulation (EU) 2024/1689 (the EU AI Act) and intends to implement compliance measures applicable to its role, systems, and deployment contexts as required by law.

Clients deploying the Service in use cases that may independently constitute high-risk AI systems or regulated AI deployments under the EU AI Act remain responsible for fulfilling their obligations as deployers under applicable law.

7. Data Retention

NeuroMedia retains Personal Data only for as long as reasonably necessary for the purposes described in this Privacy Policy or as required by applicable law.

Category Retention Period
Active account dataThroughout the active subscription period
Post-termination account dataUp to 12 months following termination
Platform usage and security logsGenerally up to 24 months
Support communicationsUp to 3 years following case closure
Contractual and financial recordsUp to 7 years or longer where legally required
Backup dataGenerally purged within 90 days following deletion of the live record

Certain information may be retained for longer periods where reasonably necessary for:

  • legal compliance;
  • dispute resolution;
  • fraud prevention;
  • security investigations;
  • protection of NeuroMedia's legal rights; or
  • enforcement of contractual obligations.

At the end of the applicable retention period, Personal Data is securely deleted, anonymised, or irreversibly de-identified where appropriate.

8. When NeuroMedia Acts as a Data Processor

For Customer Data processed on behalf of Clients, NeuroMedia acts solely as a Data Processor under Article 28 GDPR.

Such processing activities are governed by a separate Data Processing Agreement ("DPA").

The relevant Client remains solely responsible for:

  • determining the lawful basis for processing Customer Data;
  • ensuring Customer Data is collected, disclosed, transferred, and processed lawfully;
  • providing required notices to affected individuals;
  • responding to data subject requests unless otherwise agreed;
  • configuring the Service, user permissions, retention settings, exports, integrations, and operational controls appropriately for their legal obligations and intended use cases;
  • ensuring uploaded materials do not unlawfully infringe privacy, confidentiality, intellectual property, or other third-party rights; and
  • ensuring that it possesses all necessary permissions, authorisations, licences, and legal rights relating to Customer Data.

NeuroMedia:

  • processes Customer Data only on documented instructions from Clients unless otherwise required by law;
  • ensures authorised personnel are subject to confidentiality obligations;
  • implements appropriate technical and organisational security measures;
  • assists Clients with GDPR obligations where reasonably possible; and
  • imposes contractual data protection obligations on authorised sub-processors.

NeuroMedia does not claim ownership of Customer Data processed on behalf of Clients.

9. Data Sharing and Disclosure

9.1 Sub-processors and Service Providers

NeuroMedia engages trusted third-party providers for hosting, infrastructure, communications, analytics, monitoring, security, and technical support functions.

Sub-processors are subject to written contractual obligations and are required to implement appropriate security and confidentiality protections.

NeuroMedia performs proportionate due diligence and security assessments of sub-processors appropriate to the nature of the services provided and the sensitivity of the data processed.

NeuroMedia maintains a list of authorised sub-processors which is available upon written request, through applicable contractual documentation, or through a dedicated sub-processor page where made available.

Where required under applicable contractual obligations, Clients may be notified of material changes to authorised sub-processors.

9.2 Client Organisations

Where End-users access the Service through a Client organisation, that organisation may independently process Personal Data as a separate Data Controller.

The respective responsibilities of NeuroMedia and the relevant Client are governed by applicable contractual arrangements.

9.3 Legal and Regulatory Disclosures

NeuroMedia may disclose Personal Data where required by applicable law, court order, regulatory obligation, or legally binding governmental request.

Where legally permitted, NeuroMedia may challenge, narrow, seek clarification regarding, or object to requests that NeuroMedia reasonably considers unlawful, disproportionate, overbroad, or lacking appropriate jurisdictional basis.

Where reasonably practicable and legally permitted, NeuroMedia may notify affected Clients or individuals before disclosure.

9.4 Corporate Transactions

Personal Data may be transferred in connection with a merger, acquisition, financing transaction, restructuring, insolvency proceeding, or sale of assets.

Where required by law, NeuroMedia will provide appropriate notice and implement required safeguards.

9.5 No Sale of Personal Data

NeuroMedia does not sell, rent, trade, or monetise Personal Data for third-party advertising or unrelated commercial marketing purposes.

10. International Data Transfers

Personal Data is primarily stored and processed within the European Economic Area ("EEA").

Where Personal Data is transferred outside the EEA, NeuroMedia implements safeguards consistent with Chapter V GDPR, which may include:

  • Standard Contractual Clauses approved by the European Commission;
  • adequacy decisions;
  • Binding Corporate Rules;
  • approved certification frameworks; or
  • supplementary technical, organisational, or contractual safeguards.

Where appropriate, NeuroMedia may conduct transfer impact assessments taking into account applicable legal, technical, and operational risks associated with international transfers.

11. Your Rights Under GDPR

Subject to applicable law, individuals may have the following rights:

  • Right of access (Article 15 GDPR);
  • Right to rectification (Article 16 GDPR);
  • Right to erasure (Article 17 GDPR);
  • Right to restriction of processing (Article 18 GDPR);
  • Right to object to processing (Article 21 GDPR);
  • Right to withdraw consent (Article 7(3) GDPR);
  • Right to data portability (Article 20 GDPR); and
  • Rights relating to automated decision-making under Article 22 GDPR.

Requests may be submitted via:

Service Desk: support.deepmonitor.app
Email: privacy@neuromedia.io

NeuroMedia aims to acknowledge requests within 5 business days and respond substantively within the timeframes required under applicable law.

NeuroMedia may request reasonable information necessary to verify identity and process requests securely.

Where permitted by law, NeuroMedia may decline or charge a reasonable fee for manifestly unfounded, excessive, repetitive, technically disproportionate, or abusive requests.

12. Security Measures

NeuroMedia implements technical and organisational measures appropriate to the risks associated with processing activities, taking into account:

  • the state of the art;
  • implementation costs; and
  • the nature, scope, context, and purposes of processing.

Security measures may include:

  • encryption in transit and at rest;
  • role-based access controls;
  • least-privilege access management;
  • privileged-access protections;
  • multi-factor authentication for administrative access where appropriate;
  • security monitoring and threat detection;
  • vulnerability assessments and periodic security reviews;
  • incident response procedures;
  • backup, resilience, and recovery procedures; and
  • personnel confidentiality obligations and security awareness measures.

Access to Personal Data is periodically reviewed and restricted to authorised personnel with a legitimate operational or business need.

Security measures are periodically reviewed and updated in light of evolving threats, operational requirements, technological developments, and regulatory expectations.

No system, network, transmission method, or storage environment can be guaranteed fully secure or free from vulnerabilities.

Users are responsible for maintaining appropriate password security and safeguarding account credentials.

12.1 Personal Data Breach Notification

Where NeuroMedia acts as Data Controller, NeuroMedia will comply with applicable breach notification obligations under Articles 33 and 34 GDPR.

Where NeuroMedia acts as Data Processor, NeuroMedia will notify the relevant Client without undue delay upon becoming aware of a breach affecting Customer Data, in accordance with the applicable DPA and GDPR requirements.

NeuroMedia maintains incident response procedures and internal breach management processes for this purpose.

13. Children's Privacy

The Service is intended exclusively for business and professional use and is not directed to individuals under 16 years of age.

NeuroMedia does not knowingly collect Personal Data from children.

If NeuroMedia becomes aware that Personal Data relating to a child has been collected inadvertently, NeuroMedia will take reasonable steps to delete such information.

14. Cookies and Tracking Technologies

14.1 Strictly Necessary Technologies

NeuroMedia uses strictly necessary cookies and similar technologies required for authentication, security, fraud prevention, session continuity, and core Service functionality.

Such technologies do not require consent where exempt under applicable law.

14.2 Optional Technologies

Where optional analytics, preference, or functional technologies are used, NeuroMedia will obtain consent where legally required.

Users may accept, reject, or customise optional technologies through applicable consent management mechanisms.

Cookie consent preferences may be retained to demonstrate compliance with applicable consent requirements. Where applicable, NeuroMedia may provide additional cookie details, including cookie names, providers, purposes, and retention periods, through a dedicated cookie notice, cookie banner, or consent management mechanism.

14.3 What We Do Not Use

NeuroMedia does not use third-party advertising cookies, cross-site behavioural advertising technologies, or social-media tracking pixels for unrelated advertising purposes.

15. Third-Party Services and Integrations

The Service may integrate with third-party services, APIs, websites, plug-ins, authentication providers, or external platforms.

Such third-party services are governed by the privacy practices and terms of the relevant third party.

NeuroMedia does not control and is not responsible for the availability, security, functionality, content, or independent data handling practices of third-party services except where required by law.

Certain third-party providers may independently act as separate Data Controllers.

16. Changes to This Privacy Policy

NeuroMedia may update this Privacy Policy periodically to reflect:

  • operational changes;
  • legal or regulatory developments;
  • evolving security practices; or
  • Service functionality updates.

Where changes are material, NeuroMedia may provide notice through the Service, by email, or through other reasonable communication channels where practicable.

Continued use of the Service following publication of an updated Privacy Policy constitutes acknowledgement of the updated terms to the extent permitted by applicable law. Where required by applicable law, NeuroMedia will provide appropriate additional notice or seek consent before material changes take effect.

17. Client-Specific Terms

Separate contractual agreements, enterprise arrangements, service terms, DPAs, or negotiated privacy provisions may apply to certain Clients.

Where such agreements conflict directly with this Privacy Policy, the relevant contractual provisions prevail solely to the extent of the conflict.

18. Right to Lodge a Complaint

Individuals may lodge complaints with a competent supervisory authority.

The lead supervisory authority for NeuroMedia is:

Autorité de protection des données / Gegevensbeschermingsautoriteit
Rue de la Presse 35
1000 Brussels, Belgium
Website: autoriteprotectiondonnees.be

This right is without prejudice to other legal remedies available under applicable law.

19. Contact Us

For privacy, security, or data protection enquiries:

NeuroMedia Software SA
Registered office: Rue de l'Avouerie 7
4000 Liège, Belgium
Phone: +32 2 315 84 65
Service Desk: support.deepmonitor.app
Email: privacy@neuromedia.io
Security enquiries: security@neuromedia.io
Website: neuromedia.io

NeuroMedia aims to respond to privacy-related enquiries within reasonable timeframes and in accordance with applicable legal obligations.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙