Browse documentation

Data handling & security

What data Neuralift accepts, how it is protected and isolated, what is retained, and the certifications behind the platform.

Neuralift segments your customers without ever holding their identities. This page summarizes how data is handled across the platform: what Neuralift accepts, how it is protected in transit and at rest, what is retained after a run, and the certifications that stand behind those commitments.

Note. Current certifications, policies, and audit reports are available in the Neuralift Trust Center.

At a glance

AreaCommitment
PIINeuralift does not accept any data with PII
EncryptionIn transit and at rest
ProcessingTransient; intermediate working data is ephemeral
RetentionOutputs kept only as needed for the engagement, under contract
IsolationOne client’s data never trains another client’s model
LLM stepReceives aggregated, segment-level signals only
RegionAWS US West (Oregon), United States
CertificationsISO/IEC 42001 (AIMS) and SOC 2 Type II

No PII

Neuralift does not accept any data with PII. Input is first-party tabular data (behavioral, transactional, and derived attributes) with no direct identifiers; you retain any direct identifiers on your side. The data is normalized, and the model operates on de-identified, derived numerical features.

What a ready table looks like is covered in data requirements.

Encryption

Data is encrypted in transit and at rest, and handled under Neuralift’s Data Management and Cryptography Policies. The policies are available through the Trust Center.

Transient processing

Segmentation processing is transient. Your raw data is processed in the pipeline and is not durably retained beyond what is needed to produce the results, and intermediate working data is ephemeral.

What is retained

Generated outputs, the resulting segments and model, are retained only as needed to deliver the engagement and under the applicable contract.

Strict per-client isolation

Each client model is trained on that client’s data alone. Neuralift never uses one client’s data to train another client’s model, or any model outside that client’s engagement.

The narrative step and LLMs

The plain-English narratives you see on segments are generated by a downstream step that sits outside the segmenter. It receives only aggregated, segment-level signals: no raw records and no PII are sent to it. This step uses large language models, which may include internal, self-hosted models and third-party providers (such as OpenAI and Anthropic), operated under enterprise or API terms that do not use Neuralift or client data to train the providers. How this step fits the overall method is described in How the segmenter works.

Where processing runs

Production runs in the United States, in AWS US West (Oregon).

Certifications and governance

The Neuralift Segmentation Engine is developed and operated under Neuralift’s ISO/IEC 42001-certified AI Management System (AIMS), which covers AI risk management, system impact assessment, performance monitoring, and continual improvement. Security is independently attested by SOC 2 Type II. Reports and current certification status are available in the Trust Center.

Questions?

Write to support@neuralift.ai. If your security, privacy, or data-science team needs detail beyond this page, Neuralift can arrange a deeper technical walkthrough under NDA.