Privacy Policy

NCS — Neural Compute Systems ("NCS", "we", "us", or "our") is committed to protecting the privacy and personal data of every individual who interacts with our platforms, websites, and services. This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information. This policy applies to all NCS products and services, including IPS, SynAIptix, and Orbis AI product families, as well as all associated websites and APIs.

The data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws is: **NCS — Neural Compute Systems** Operated by Easy Drift AS Norway For any privacy-related inquiries, please contact us at privacy@ncsengine.com.

We may collect the following categories of personal data: **Information you provide directly:** - Contact details (name, email address, phone number, company name) submitted through our forms. - Account registration information when creating an NCS platform account. - Communication records when you contact our support or sales teams. **Information collected automatically:** - Device and browser information (IP address, browser type, operating system). - Usage data (pages visited, features used, session duration) collected via analytics. - Cookies and similar technologies as described in our Cookie section below. **Information from third parties:** - Business contact details from publicly available professional directories for B2B outreach.

We process personal data for the following purposes: - **Service delivery:** To provide, operate, and maintain our AI infrastructure and products. - **Communication:** To respond to inquiries, send service-related notifications, and provide customer support. - **Improvement:** To analyze usage patterns and improve our platforms, features, and documentation. - **Security:** To detect, prevent, and respond to security incidents, fraud, or technical issues. - **Legal compliance:** To comply with applicable laws, regulations, and legal processes. - **Marketing:** With your consent, to send relevant updates about NCS products and services. You can opt out at any time.

Under the GDPR, we rely on the following legal bases: - **Contractual necessity:** Processing required to deliver services you have requested or contracted. - **Legitimate interests:** Improving our services, ensuring security, and conducting B2B marketing, provided these interests do not override your fundamental rights. - **Consent:** Where you have given clear consent for specific processing activities (e.g., marketing emails). - **Legal obligation:** Where processing is required to comply with applicable laws.

We do not sell personal data. We may share data with: - **Infrastructure providers:** Cloud and hosting providers that operate under strict data processing agreements (see our DPA). - **Service providers:** Third parties that assist with analytics, customer support, or email delivery, bound by contractual confidentiality obligations. - **Legal authorities:** When required by law, court order, or to protect our legal rights. When data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. - **Account data** is retained for the duration of the business relationship and up to 5 years after termination for legal and audit purposes. - **Communication records** are retained for up to 3 years. - **Analytics data** is aggregated and anonymized within 26 months. You may request deletion of your data at any time, subject to legal retention obligations.

Under the GDPR and applicable data protection laws, you have the right to: - **Access** your personal data and obtain a copy. - **Rectify** inaccurate or incomplete data. - **Erase** your data ("right to be forgotten") where applicable. - **Restrict** processing in certain circumstances. - **Data portability** — receive your data in a structured, machine-readable format. - **Object** to processing based on legitimate interest or for direct marketing purposes. - **Withdraw consent** at any time where processing is based on consent. To exercise any of these rights, contact us at privacy@ncsengine.com. We will respond within 30 days.

Our websites use cookies and similar technologies to: - **Essential cookies:** Ensure the website functions correctly (session management, security tokens). - **Analytics cookies:** Understand how visitors interact with our websites to improve usability. These are only activated with your consent. We do not use advertising or cross-site tracking cookies. You can manage your cookie preferences through your browser settings or our cookie banner.

We implement industry-standard technical and organizational measures to protect your data, including: - Encryption in transit (TLS 1.3) and at rest (AES-256). - Role-based access controls and the principle of least privilege. - Regular security assessments and penetration testing. - Incident response and breach notification procedures compliant with GDPR Article 33/34. For details on our full security posture, see our Security page.

Our services are designed for business use and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately so we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a revised effective date.

If you have questions about this Privacy Policy or our data practices, please contact: **NCS Privacy Team** Email: privacy@ncsengine.com You also have the right to lodge a complaint with your local data protection authority if you believe your data has been processed in violation of applicable law.