Data handling & security
What data Neuralift accepts, how it is protected and isolated, what is retained, and the certifications behind the platform.
Neuralift segments your customers without ever holding their identities. This page summarizes how data is handled across the platform: what Neuralift accepts, how it is protected in transit and at rest, what is retained after a run, and the certifications that stand behind those commitments.
Note. Current certifications, policies, and audit reports are available in the Neuralift Trust Center.
At a glance
| Area | Commitment |
|---|---|
| PII | Neuralift does not accept any data with PII |
| Encryption | In transit and at rest |
| Processing | Transient; intermediate working data is ephemeral |
| Retention | Outputs kept only as needed for the engagement, under contract |
| Isolation | One client’s data never trains another client’s model |
| LLM step | Receives aggregated, segment-level signals only |
| Region | AWS US West (Oregon), United States |
| Certifications | ISO/IEC 42001 (AIMS) and SOC 2 Type II |
No PII
Neuralift does not accept any data with PII. Input is first-party tabular data (behavioral, transactional, and derived attributes) with no direct identifiers; you retain any direct identifiers on your side. The data is normalized, and the model operates on de-identified, derived numerical features.
What a ready table looks like is covered in data requirements.
Encryption
Data is encrypted in transit and at rest, and handled under Neuralift’s Data Management and Cryptography Policies. The policies are available through the Trust Center.
Transient processing
Segmentation processing is transient. Your raw data is processed in the pipeline and is not durably retained beyond what is needed to produce the results, and intermediate working data is ephemeral.
What is retained
Generated outputs, the resulting segments and model, are retained only as needed to deliver the engagement and under the applicable contract.
Strict per-client isolation
Each client model is trained on that client’s data alone. Neuralift never uses one client’s data to train another client’s model, or any model outside that client’s engagement.
The narrative step and LLMs
The plain-English narratives you see on segments are generated by a downstream step that sits outside the segmenter. It receives only aggregated, segment-level signals: no raw records and no PII are sent to it. This step uses large language models, which may include internal, self-hosted models and third-party providers (such as OpenAI and Anthropic), operated under enterprise or API terms that do not use Neuralift or client data to train the providers. How this step fits the overall method is described in How the segmenter works.
Where processing runs
Production runs in the United States, in AWS US West (Oregon).
Certifications and governance
The Neuralift Segmentation Engine is developed and operated under Neuralift’s ISO/IEC 42001-certified AI Management System (AIMS), which covers AI risk management, system impact assessment, performance monitoring, and continual improvement. Security is independently attested by SOC 2 Type II. Reports and current certification status are available in the Trust Center.
Questions?
Write to support@neuralift.ai. If your security, privacy, or data-science team needs detail beyond this page, Neuralift can arrange a deeper technical walkthrough under NDA.