Security - neep

At neep, we understand the importance of safeguarding your organization’s data. Here’s what you need to know:

1. We Don’t Access or Store Audio Data: neep never touches the audio from your microphones or speakers. It’s processed entirely on your devices, meaning we cannot access or keep it.

2. Your Conversations Stay Private: neep doesn’t listen in on your conversations. The content of your interactions with others remains confidential and is never shared with us.

3. Your Voice Profile Belongs to You: When you register your voice with neep, it creates a profile stored solely on your device. This profile helps distinguish your voice from others, and neep cannot access, collect, or use it for any other purpose, including training AI or sharing it with anyone.

4. Deleting Your Information is Simple: Simply send an email to info@neep.com to request your user information deletion.

5. Security is Our Priority: While no online method is guaranteed to be 100% secure, neep utilizes industry-standard measures to safeguard your information.

We appreciate your trust in neep and remain committed to protecting your data privacy.

Information We Collect

neep processes your audio and your registered voice locally. Your audio is private to you and we do not have access to your registered voice nor do we send your audio and voice out of your device.

To track usage time, neep collects:

App version
Current settings
Email address
Operating system
Usage start times
Usage end times
Apps used neep virtual speaker or microphone

Paid users can turn off usage tracking in the app’s settings.

When users report issues via the app’s settings, two log files of the app will be sent to our backend for troubleshooting. These files include, along with the app’s operational logs, the names of audio devices you have used, your email address, and app’s settings.

neep website and backend are deployed on Vercel and we use the following Google’s Firebase services for database, storage, cloud functions, and authentication:

Cloud Firestore
Cloud Functions for Firebase
Cloud Storage for Firebase
Firebase Authentication

These Firebase services and Vercel are certified under major privacy and security standards such as ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3. In particular, for authentication purposes, Google’s Firebase may store and use some or all of the following information:

Email addresses
Passwords
Phone numbers
User agents
IP addresses

User agents and IP addresses are employed by Google to provide added security and prevent abuse during sign-up and authentication. IP addresses will be logged temporarily by Google’s Firebase Authentication for a few weeks and will be removed automatically. Other information is retained in neep database.

Log Data

We want to inform you that whenever you use our Service, in the case of an error in the app we collect data and information (through third-party products) on your PC called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.

This Service does not use these “cookies” explicitly. However, the app may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

Types of Cookies We Use:

Third-Party Cookies: We use cookies from Google Analytics, a web analytics service provided by Google, Inc. These cookies help us analyze website traffic and usage patterns to improve our services and enhance your experience on our website. The information collected through these cookies is anonymous and does not personally identify you.
Referral Tracking Cookies: We also use cookies to track referrals in our invite friend feature. These cookies help us determine if you have been referred by a friend to our website. The referral information collected through these cookies is used solely for the purpose of tracking and rewarding referrals and is not shared with any third parties.

Managing Cookies:

Most web browsers allow you to control and manage cookies through their settings. You can usually choose to accept or reject cookies, delete existing cookies, or set your browser to alert you when cookies are being sent. However, please note that disabling cookies may affect the functionality and user experience of our website.

Your Consent:

By using our website, you consent to the use of cookies as described in this Privacy Policy. If you do not agree with the use of cookies, please refrain from using our website or adjust your browser settings accordingly.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

To facilitate our Service;
To provide the Service on our behalf;
To perform Service-related services; or
To assist us in analyzing how our Service is used.

We would like to notify users of this Service that certain third parties may have access to their Personal Information. The purpose of this access is to carry out tasks on our behalf. However, these third parties are required to uphold confidentiality and not disclose or utilize the information for any other purposes beyond those assigned to them.

FAQ

Does neep require access to sensitive data? If yes, what sensitive data are required?

Email addresses for authentication.

How is data collected, stored, and processed by the software?

Emails are used for logging via Google Firebase Authentication. All audio data are process locally and neither sent to any cloud server for processing nor for storage. Real-time audio when users use the app are processed in memory and feed into virtual devices. Voice registration snippets and VoiceID are extracted locally and stored on users’ PC at C:\Users\\AppData\Local\neep. The VoiceID helps neep differentiate user’s voice from background noise better.

App logs and runtime cache are stored locally at: C:\Users\\AppData\Roaming\neep

Usage time will be logged to our database on Google FireStore.When users report issues, app logs will be upload to FireStore records associate with the user’s account.

Does neep provide options for anonymizing or masking sensitive data?

No specific anonymization or masking options are available because the only sensitive data is email addresses.

What security measures are in place for user authentication and authorization?

We use Firebase Authentication for login with magic links (see https://firebase.google.com/docs/auth/web/email-link-auth) or login with existing Gmail accounts, existing Google Workspace account (https://firebase.google.com/docs/auth/web/google-signin), existing Microsoft Outlook accounts (https://firebase.google.com/docs/auth/web/microsoft-oauth)

Does neep support Multi-Factor Authentication (MFA)?

MFA is availabled for existing Gmail, Google Workspace, Microsoft accounts via their respective login providers. For login via magic links, MFA is not activated yet but we can upgrade our software to support it.

Is data encrypted in transit and at rest? What encryption algorithms are used?

Yes, we store data in Google FireStore which encrypts data at rest and in transist. Specifically, Transport Layer Security (TLS) and ChaCha20-Poly1305 are used by FireStore to secure data in transit (https://cloud.google.com/firestore/docs/server-side-encryption). At rest, AES-256 is used to encrypt data (https://cloud.google.com/docs/security/encryption/default-encryption).

Does neep offer role-based access controls (RBAC) to restrict data access by role?

Yes.

Does neep third party have access to CJC data?

No.

Does neep allow integration with third-party security tools?

No.

Does neep have a vulnerability management policy?

Yes, our business continuity plan covers vulnerability management policy.

How does neep handle security updates and patches? How often are patches and updates released?

Security updates are released regularly.

Does the software provide logging and monitoring capabilities for user activity?

We log user usage time for their usage dashboard, but user can turn off tracking feature. There is no log expiration date. When user delete account, all user data will be delete.

What is the incident response plan (IRP) for handling security incidents?

Users can contact neep support in case of incidents which in less than 24 hours after we are notified of the issues will we communicate to clients. Communication is conducted via email, app and website.

Does the software comply with data protection regulations (e.g. GDPR)?

Yes. Data is handled by Google Firestore, which adheres to GDPR standards. https://firebase.google.com/support/privacy

Does the company have relevant security certifications (e.g. SOC 2, ISO 27001)?

We use Google Firestore to store data (usage time and error reports). Firestore has SOC2 and ISO 27001 but neep does not apply for these certification yet because the app is a native utility where all sensitive audio processing are done on users’ machines.

Where will the data be stored?

Google Firestore

What are the policies on data retention and deletion?

All user data will be deleted when user deletes their account. Users can request account deletion via support.

How often are security audits and assessment conducted?

One security audit a year.

How well does neep integrate with our existing systems?

Simple integration simply use neep’s virtual microphone and speaker in your audio recording apps or call apps.

Is neep dependent on third-party services, and what are the associated risks?

We use Google Firestore to store data, Google Cloud Function for backend deployment, Vercel for frontend deployment. Vercel may have minor outages a few times in a year which may prevent users from accessing our website in those downtime moments.

Does the software include backup and recovery features?

We backup each month using https://firebase.google.com/docs/firestore/backups

Data Processing Purpose

We use your personal information for a number of different reasons, as further explained below:

Providing access to and use of the Site and Services, including content and features
Providing the Services and creating accounts
Processing transactions, verifying payments, and sending related information
Developing and improving the Site, Services, and user experience
Responding to queries and communicating with you
Improving the Site’s content and administration
Detecting fraud, illegal activities, or security breaches
Providing Services to Customers
Ensuring compliance with applicable laws
Conducting statistical analyses and analytic
Customizing Services and Site experience based on your preferences
Managing customer relationships and providing support
Sending updates, security alerts, and support messages
Increasing customer base through marketing and advertising
Sending commercial communications based on preferences
Providing social features on the Site and Services
Enforcing contractual obligations and rights
Providing information to regulatory bodies as legally required

Disclosure of Your Information

We may share your personal data with third parties when necessary and in line with the safeguards and purposes outlined in this privacy notice. This includes:

Third-party service providers: We share your personal data with trusted third parties who help us offer and improve our products and services, such as hosting providers, technical support services, professional advisers, and payment system operators.
Regulators or authorities: We may share your personal data if legally required or if we believe it is necessary and permitted to cooperate with relevant authorities.
Protection of neep: Your personal data may be shared to prevent fraud, protect our rights, or enforce our legal claims.
Corporate transactions: If neep plans to merge with or be acquired by another business, we may share your personal data with potential purchasers or new owners as necessary.

We prioritize the appropriate security measures and level of protection for your personal data based on the risks associated with its nature and use. We adhere to industry practices to safeguard our IT environment and physical facilities.

Payment processing

We do not collect your payment information directly, nor do we store it. Instead, we utilize third-party payment processors that are PCI-compliant to collect payment information on our behalf to complete transactions. Although our administrators can view and track transactions through customer portals, we do not process or have access to your credit card information. However, if we receive refunds, we may require bank information from corporate customers if alternate payment methods were used.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Contact Us

If you have questions about data protection, or if you have any requests for resolving issues with your personal data, we encourage you to first contact us so we can reply to you more quickly.

Address: 3065 Kilgore Rd. Rancho Cordova, CA 95670
Contact: info@neep.com