NEOera Systems: Privacy Policy

Neoera Systems provides "IntelAgent," an AI-powered conversational marketing and lead capture tool designed for specialized medical and dental practices. IntelAgent is engineered exclusively for marketing, scheduling, and general inquiries. It is not a clinical patient care system and does not process, store, or transmit Protected Health Information (PHI) under HIPAA definitions.

Users and clinic visitors are explicitly warned via a persistent UI disclaimer not to submit sensitive medical records or diagnostic information through the chat interface. Data collected is strictly limited to lead generation metrics (e.g., Name, Email, Phone Number, and Procedure Interests).

To ensure international best practices and operational reliability, all data is hosted on highly secure, US-based servers utilizing a multi-provider cloud architecture (Vercel, Convex, and Supabase).

Neoera Systems enforces strict cryptographic security and access controls to protect all data:

• In Transit: All data is transmitted over TLS 1.2+ protocols.
• At Rest: Data stored within our databases is secured using AES-256 encryption. API keys are hashed using SHA-256 before storage and are never stored in plaintext. Webhook payloads utilize HMAC-SHA256 signatures.
• Access Accountability: Administrative dashboards enforce automatic log-off after periods of inactivity. All data access is tracked via detailed audit logging, ensuring absolute visibility into user activity within the organization's environment.

We utilize select enterprise-grade third-party processors to facilitate our services. Lead data is strictly isolated per organization and is never shared or aggregated across clinics.

• OpenAI: Processes conversational messages to generate responses. Per our API agreement, no visitor or clinic data is ever used to train or improve OpenAI’s public models.
• Convex & Supabase: Utilized for secure operational data storage, vector search, and authentication.
• Calendly: Receives invitee scheduling data via a secure, authenticated server-to-server API call (OAuth 2.0 PKCE) to finalize bookings.
• Stripe: Processes billing data securely for clinic owners (Stripe does not process visitor/patient data).
• Sentry & Vercel: Utilized for secure application hosting and error monitoring.

Neoera Systems operates with radical accountability regarding data retention.

• Data Portability: Clinic owners retain full control over their lead data and can export their complete lead lists and conversation histories via CSV directly from the authenticated dashboard at any time.
• Account Deletion: Upon termination or deletion of a clinic’s account, the system executes an immediate, automated, and irreversible cascade deletion. This instantly purges all widget configurations, conversations, leads, bookings, and user accounts from our servers. There is no waiting period; data is purged immediately.

If you have any questions regarding this Privacy Policy, how your data is handled, or if you need to execute your data portability rights, please contact our administrative team.

• Website: neoerasystems.com
• Product Portal: neoeraintelagent.com
• Compliance & Support Email: support@neoerasystems.com
• Corporate Address: 301 Blanco Rd. Suite B, San Antonio, Texas 78212