Privacy Policy

Neev (“Neev,” “we,” “our,” or “us”) is a parent-governed voice AI guide for children built by Truss Studios Pvt. Ltd., registered in Bengaluru, Karnataka, India. This Privacy Policy explains what personal data we collect through the Neev device and companion app, how we use it, how long we keep it, and the rights parents and legal guardians have under the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

Because Neev is designed for children, we apply the DPDP Act’s heightened protections for the personal data of children (defined as users under 18, with special handling for users under 13). We do not knowingly process children’s data without verifiable parental consent, we do not behaviourally target or profile children for advertising, and we do not sell children’s data to any third party — ever.

1. What we collect

• Voice audio. Short utterances captured by the Neev device after the on-device wake word fires. Audio is streamed to our servers only for the duration of the active turn.
• Transcripts. The text transcription of the child’s utterance and the assistant’s reply, stored so parents can review conversations from the parental dashboard.
• Device telemetry. Firmware version, wake-word event counts, microphone health, Wi-Fi signal quality, battery state, and crash logs — used to keep the device working reliably.
• Account data. Parent email, hashed password, child first name and age band, and preference settings (persona allow-list, quiet hours, language).
• Safety signals. Anonymised flags for content classified as distressing, unsafe, or outside age-appropriate scope, surfaced to the parent in the dashboard.

We do not collect precise location, contact lists, photos, browsing history, or any data from third-party advertising networks. Neev contains no third-party analytics or ad SDKs.

2. How we use it

• To answer the child’s questions and produce the spoken reply.
• To run safety filtering (four-tier guardrails) on every input and output.
• To render the parental dashboard: transcripts, alerts, weekly reports.
• To diagnose device or service faults the family reports to us.
• To improve safety classifiers and persona quality. Where data is used for model improvement, it is de-identified first (child name, parent email, and any spoken personally identifying information are stripped), and parents may opt out at any time from Settings → Data & Privacy.

We will never use a child’s voice or transcript to train a publicly released voice model, to generate deepfakes, or for any advertising purpose.

3. Retention

Default retention is 90 days. After 90 days, voice audio is automatically and irreversibly deleted from our servers and backups. Transcripts remain available in the parental dashboard for the same 90-day window unless the parent chooses a shorter retention period (7, 30, or 60 days) in Settings → Data & Privacy.

Parents can delete a single conversation, an entire day, or the child’s full history at any time, and the deletion is propagated to backups within 30 days. Device telemetry is retained for 180 days for diagnostics, with personal identifiers removed after 30 days.

4. Special handling for child data

• Verifiable parental consent is required before any child under 13 can use Neev. We verify the parent through a one-time payment authorisation (₹1, refunded), email confirmation, and a signed in-app declaration of guardianship.
• Parental dashboard gives full access to all child data with one-tap export and deletion controls.
• No behavioural profiling. We do not build advertising profiles, infer personality, or score children for any commercial purpose.
• No third-party data brokers. Child data never leaves the Neev / Truss Studios infrastructure except to the named service providers in Section 5.

5. Who we share data with

We use a small set of vetted service providers, each bound by a data-processing agreement:

• Amazon Web Services (Polly TTS, S3, EC2) — text-to-speech synthesis and encrypted storage, hosted in the AWS Mumbai (ap-south-1) region.
• Chat-model providers for the assistant’s reasoning layer, used with automatic failover: NVIDIA NIM, Microsoft Azure OpenAI, OpenAI, Anthropic, and Groq. Requests are stripped of child name and account identifiers before being sent.
• Cloudflare — TLS termination, DDoS protection, and edge caching of static assets.
• Fly.io — application hosting for the Neev sidecar service (Mumbai region).

We do not share data with advertisers, data brokers, or social-media platforms. We will disclose data to law enforcement only when compelled by a valid Indian court order, and we will notify the parent unless legally prohibited.

6. Security

• TLS 1.3 in transit for every connection between device, app, and our servers.
• AES-256 encryption at rest for stored audio, transcripts, and database backups.
• Strict role-based access; production data access is logged and audited.
• Device firmware is signed and verified at boot; OTA updates require a signed manifest.
• No third-party tracking pixels, advertising SDKs, or analytics beacons.

7. Parental rights

Under the DPDP Act, the parent or legal guardian of the child may at any time:

• Access all data we hold about the child, in a human-readable format.
• Rectify incorrect information (name, age band, preferences).
• Delete any or all conversations and the child’s account.
• Port the data to another service via a downloadable JSON export.
• Withdraw consent for processing, which deactivates the device and triggers deletion of all stored data within 30 days.
• File a grievance with our Grievance Officer (see Section 9), and, if unresolved, with the Data Protection Board of India.

Rights can be exercised from Parent Dashboard → Settings → Data & Privacy or by emailing hello@truss.biz. We respond within 7 working days and fulfil within 30 days.

8. Changes to this policy

We will notify the parent by email and in-app banner at least 14 days before any material change to this policy. Continued use after the effective date constitutes acceptance of the updated policy; the parent may always withdraw consent under Section 7.

9. Contact & Grievance Officer

If you are not satisfied with our response, you may escalate to the Data Protection Board of India under Section 27 of the DPDP Act, 2023.