Skip to main content
Back to Home

Privacy Policy

Last updated: May 6, 2026

Data Controller

NeuralSoft Systems
[Registered mailing address pending]
Privacy contact: privacy@deadlinepilot.com

NeuralSoft Systems is the “data controller” (GDPR / UK GDPR / Quebec Law 25) and the “business” (CCPA / CPRA) for the personal information described in this policy.

1. Introduction

This Privacy Policy explains how Deadline Pilot, a product of NeuralSoft Systems (“we”, “our”, “us”), collects, uses, discloses, and safeguards your information when you use our web application at www.deadlinepilot.com. We process personal data on the legal bases described in Section 8 below; we do not rely on a generic “by using the service you agree” consent.

2. Information We Collect

We collect the following categories of personal information:

Account Information. When you create an account: name, email address, and authentication credentials. Authentication is managed by Clerk, a third-party identity provider acting as our data processor.

Documents and Document Metadata. Court orders, eService emails, and other legal documents you upload (or that arrive at your unique forwarding address) for deadline extraction. Documents are stored encrypted at rest in Cloudflare R2 and are sent to our AI sub-processors (Anthropic and/or OpenAI) for extraction, with image-based pages sent to Google Cloud Vision for OCR when required.

Operational Usage Data. We log information about how the service operates — request paths, extraction counts and timestamps, plan usage against quotas, error events. We use this to bill, to enforce plan limits, to detect abuse, and to debug operational problems. We do not run analytics or tracking pixels in the browser, and we do not profile users for advertising or marketing purposes.

Payment Information. If you subscribe to a paid plan, payment processing is handled by Stripe. We never see or store full card numbers; we receive a reference token, your billing email, and the billing country from Stripe.

Support Communications. If you contact our sales or support team via the website forms, we receive the contact details you provide (name, firm name, email, phone) along with your message.

3. How We Use Your Information

We use your information to operate and provide the Deadline Pilot service: extracting deadlines from court documents, generating calendar invites, sending email notifications you have asked us to send, processing payments, providing customer support, and complying with our legal obligations. We do not sell or share your personal information for cross-context behavioral advertising or any other purpose.

4. Sub-processors

We use a small set of vetted sub-processors to operate Deadline Pilot — each one selected for a specific function (authentication, document analysis, payment processing, email delivery, OCR, hosting, error monitoring). The full current list, the type of data each sub-processor handles, and the status of each Data Processing Agreement is published on our Subprocessors page. We will give existing customers reasonable advance notice (at least 30 days) before adding a new sub-processor that processes customer data.

5. Document Processing (AI)

Document text and (when needed) page images are sent to our AI sub-processors — Anthropic and/or OpenAI for deadline extraction, and Google Cloud Vision for OCR. Each operates under a Data Processing Agreement that prohibits training models on our customer data. We send only the content necessary for deadline analysis — we do not include your account credentials, billing information, or other extraneous data.

6. Data Retention

Extraction data is retained according to your subscription plan: 7 days for Starter (free), 30 days for Premium, and 365 days for Professional. You may delete your extraction history at any time. Account data is retained while your account is active. On account deletion, your account and associated documents are soft-deleted immediately and permanently purged within 30 days, including from object storage. Audit-log entries about your account activity may be retained longer (up to 90 days in primary storage and longer in cold archive) for security and legal-defensibility purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, and application-level encryption for sensitive credentials. For more details, see our Security page.

8. Legal Bases for Processing (GDPR / UK GDPR)

We process personal data on the following legal bases under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)) — for account creation, authentication, deadline extraction, calendar generation, notification delivery, and customer support.
  • Legitimate interest (Art. 6(1)(f)) — for service security, abuse detection, error monitoring, audit logging, and pursuing payment for services rendered. We have weighed our legitimate interest against your rights and concluded the processing is proportionate; you may object to legitimate- interest processing at any time by contacting us.
  • Compliance with legal obligation (Art. 6(1)(c)) — for tax records, responses to lawful government requests, and similar compliance processing.
  • Consent (Art. 6(1)(a)) — separately obtained at the point of request, for any future non-essential cookies, marketing communications, or processing not covered by the bases above.

9. Your Rights

You have the right to access, correct, port, restrict, or delete your personal data, to object to processing based on legitimate interest, and (where applicable) to withdraw consent. You may export your extraction data or delete your account at any time through the Settings page. To exercise any other right, contact us at the email below; we respond to verified requests within 30 days and may need to verify account ownership before acting.

EU / UK / EEA residents (GDPR / UK GDPR). You have the rights listed above plus the right to lodge a complaint with your national data protection supervisory authority. In the UK, that is the Information Commissioner's Office (ICO).

California residents (CCPA / CPRA). You have the right to know what personal information we collect, to delete it, to correct inaccuracies, and to opt out of any sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. We recognize and honor Global Privacy Control (GPC) browser signals as a valid opt-out request.

Quebec residents (Law 25). Our designated person responsible for the protection of personal information is reachable at the privacy contact email above.

Other jurisdictions. Residents of other US states (CO, VA, CT, UT, TX, OR, MT, IA, DE, NJ, MD, NH, MN, RI, IN, TN, KY) and other countries with applicable privacy laws (Brazil's LGPD, Switzerland's revFADP, South Africa's POPIA, India's DPDPA, South Korea's PIPA, Japan's APPI) may exercise the rights granted by their local laws by contacting us at the email above.

10. Cookies

Deadline Pilot uses only strictly-necessary cookies for authentication and session management. We do not use analytics, advertising, or third-party tracking cookies, and we do not load third-party fonts, scripts, or pixels. For the full cookie inventory and how Clerk (our authentication processor) sets first-party cookies on your behalf, see our Cookie Policy.

11. International Transfers

Deadline Pilot is operated from the United States. If you access the service from outside the US, your data will be transferred to, stored, and processed in the United States. For transfers from the EEA, UK, or Switzerland to our US-based sub-processors (or to any other country that the European Commission has not recognized as providing an adequate level of protection), we rely on the following GDPR Chapter V transfer mechanisms: (i) the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, executed with each sub-processor; and (ii) where the sub-processor is certified, the EU-US Data Privacy Framework, the UK Extension to the DPF, and the Swiss-US Data Privacy Framework. The status of each Data Processing Agreement is listed on our Subprocessors page. We do not rely on user consent under Article 49 as the primary transfer basis.

12. Children's Privacy

Deadline Pilot is a professional tool for licensed attorneys and the administrative staff of law firms. The service is not directed to anyone under 18, and we do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material change by posting the new policy on this page and updating the “Last updated” date, and (for changes that materially expand the scope of processing) by emailing the address on your account.

14. Contact Us

If you have questions about this Privacy Policy or want to exercise any privacy right, contact us at privacy@deadlinepilot.com.

Deadline Pilot