Legal
Effective date: May 2026 · Last updated: May 2026
NeuBrand is operated by Otegbade Emmanuel and Awesu Haminat, trading as NeuBrand, at Bookshop Building, University of Lagos Main Campus, Akoka Road, Yaba, Lagos 101017, Nigeria. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform at neubrandng.com. It is governed by the Nigeria Data Protection Regulation 2019 (NDPR) and, where applicable, the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
NeuBrand acts as the Data Controller in respect of all personal data collected through the Service, as defined under the Nigeria Data Protection Regulation 2019 (NDPR) issued by the National Information Technology Development Agency (NITDA). This means we determine the purposes and means of processing your personal data.
For all data protection enquiries, contact us at getbrandedng@gmail.com.
Account and Identity Data — your full name, email address, and password (stored as a bcrypt hash — never in plain text).
Profile and Career Data — LinkedIn profile text, CV content, career history, job titles, employer names, industry, professional achievements, skills, certifications, and answers to our guided interview questions. You choose what you share; the more you provide, the better the AI output.
AI-Generated Content — the headlines, About sections, experience bullets, cover letters, CV rewrites, LinkedIn posts, and Japa reports we generate for you. These are stored in your account so you can access them from your dashboard.
Usage and Technical Data — features accessed, audit scores, plan tier, dates of activity, IP address (used for rate limiting only, not stored long-term), and browser session information.
Payment Reference Data — Flutterwave transaction reference numbers and the plan associated with each payment. We never receive, store, or process your card number, expiry date, or CVV. All card data is handled exclusively by Flutterwave.
Communications Data — emails you send us, support requests, and any feedback you provide. We retain these to resolve your enquiry and improve the Service.
Directly from you — when you register, complete the guided interview, upload a CV, paste profile text, or contact support.
Automatically — session cookies, IP address for rate limiting, and usage events when you interact with the platform.
From payment processing — Flutterwave notifies us when a payment is completed, providing a transaction reference and the plan purchased. No card details are passed to us.
To provide the Service — processing your Profile Data through Anthropic's Claude AI to generate personalised LinkedIn content, CVs, posts, and Japa reports.
To manage your account — authentication, session management, plan access control, and subscription tracking.
To communicate with you — sending transactional emails (password reset, payment confirmation, plan expiry reminders) via Resend. We do not send marketing emails without your explicit consent.
To protect the platform — rate limiting by IP address to prevent abuse, fraud detection, and security monitoring.
To comply with legal obligations — retaining records as required by Nigerian law, and responding to lawful requests from regulatory authorities.
What we do not do — we do not use your individual Profile Data to train AI models. We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes. We do not display advertising on the platform.
Under the NDPR and GDPR (where applicable), we process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Generating AI content from your Profile Data | Performance of contract |
| Authenticating your account and managing sessions | Performance of contract |
| Sending transactional emails | Performance of contract |
| Rate limiting and fraud prevention | Legitimate interests |
| Responding to support and legal requests | Legal obligation / Legitimate interests |
| Marketing communications (if any) | Consent — you may opt out at any time |
To deliver the Service, NeuBrand shares your data with the following third-party sub-processors. Each is bound by appropriate data protection terms:
| Sub-Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Anthropic PBC | AI content generation | Profile Data and interview answers | United States |
| Flutterwave Technology Solutions Ltd | Payment processing | Transaction references (no card data) | Nigeria / United States |
| Neon Inc | PostgreSQL database hosting | All account and profile data | United States (AWS) |
| Vercel Inc | Application hosting and deployment | Application traffic and logs | United States |
| Resend Inc | Transactional email delivery | Your name and email address | United States |
| Upstash Inc | Rate limiting and caching (Redis) | Hashed IP addresses, cache keys | United States |
We do not authorise any sub-processor to use your personal data for their own purposes. All sub-processors are permitted to process your data only in accordance with our instructions and for the purpose of delivering the Service to you.
Important note on Anthropic: When your Profile Data is sent to Anthropic for AI generation, it is processed under Anthropic's API usage policies. Anthropic does not use API inputs to train their models by default. You can review Anthropic's privacy practices at anthropic.com.
NeuBrand uses the following cookies and browser storage:
| Name | Type | Purpose | Expiry |
|---|---|---|---|
| gb_session | HTTP-only cookie | Authentication — keeps you logged in | 30 days |
| gb_guest_audit | HTTP-only cookie | Links a guest audit to your account on signup | 24 hours |
| nb_user (sessionStorage) | Browser session storage | Caches your name and plan in the nav bar to reduce API calls | Browser session (5 min TTL) |
We do not use advertising cookies, third-party tracking cookies, analytics cookies, or any cookies that share your data with advertisers. The cookies we set are strictly necessary for the Service to function.
You can block cookies in your browser settings, but doing so will prevent you from logging in to the Service.
Active accounts — we retain your personal data for as long as your account remains active. This includes all Profile Data, AI-Generated Content, audit history, and payment references.
Account deletion — when you request account deletion, your personal data will be permanently deleted from our systems within 30 days. Payment references may be retained for up to 7 years where required by Nigerian financial record-keeping law.
Session data — expired sessions are automatically purged from our database on a regular basis.
Support communications — emails and support correspondence are retained for 2 years to allow us to reference prior interactions and resolve recurring issues.
We implement appropriate technical and organisational security measures to protect your personal data, including:
All passwords hashed using bcrypt before storage — plain-text passwords are never stored or accessible
Session cookies set as HTTP-only and Secure — inaccessible to JavaScript, transmitted only over HTTPS
SSL/TLS encryption for all data in transit between your browser and our servers
Database access controls restricting data access to authorised processes only
API key environment variables — never exposed in client-side code
Security headers including X-Frame-Options, X-Content-Type-Options, HSTS, and Referrer-Policy
No data transmission over the internet is entirely secure. While we take all reasonable precautions, we cannot guarantee absolute security. If you suspect your account has been compromised, contact us immediately at getbrandedng@gmail.com.
In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and NITDA in accordance with NDPR requirements. Where required under GDPR, we will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Notification to affected individuals will be made without undue delay.
Under the NDPR, and where applicable the GDPR, you have the following rights regarding your personal data:
Right of access — request a copy of all personal data we hold about you
Right to rectification — request correction of inaccurate or incomplete personal data
Right to erasure — request deletion of your personal data (“right to be forgotten”)
Right to restrict processing — request that we limit how we use your data in certain circumstances
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, email getbrandedng@gmail.com with the subject line “Data Rights Request.” We will respond within 30 days. We may need to verify your identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with NITDA (Nigeria) or your local data protection supervisory authority (EU/UK users).
NeuBrand is based in Nigeria. Our sub-processors (Anthropic, Vercel, Neon, Resend, Upstash) are located in the United States. By using the Service, you acknowledge that your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.
EU and UK users: Where we transfer your personal data from the EEA or UK to the United States, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) and equivalent transfer mechanisms as required by GDPR Chapter V and the UK GDPR.
Nigerian law: Transfers of Nigerian personal data outside Nigeria are made in accordance with Section 2.11 of the NDPR, ensuring that recipient countries or organisations provide an adequate level of data protection.
EU and UK users (GDPR): In addition to the rights in Section 11, you have the right not to be subject to solely automated decision-making that produces significant legal effects. You may also lodge a complaint with your local supervisory authority — for example, the ICO (UK), CNIL (France), or the relevant authority in your EU member state.
California residents (CCPA): You have the right to know what personal information we collect and how it is used, the right to delete it, and the right to opt out of the sale of personal information. NeuBrand does not sell personal information. We do not discriminate against you for exercising your CCPA rights. To submit a CCPA request, email getbrandedng@gmail.com.
NeuBrand is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has registered an account or provided us with personal data, contact us immediately at getbrandedng@gmail.com and we will delete the data promptly.
AI-Generated Content may include links or references to third-party websites, platforms, course providers, or companies. NeuBrand is not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data to them.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email to your registered address or by a prominent notice on the platform at least 14 days before the changes take effect. The “Last updated” date at the top of this page will always reflect the most recent revision. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.
For all privacy questions, data rights requests, and complaints:
NeuBrand — Data Controller
Bookshop Building, University of Lagos Main Campus
Akoka Road, Yaba, Lagos 101017, Nigeria
Email: getbrandedng@gmail.com
We aim to respond to all privacy enquiries within 5 business days and to resolve data rights requests within 30 days.