Effective Date: March 18, 2026

At Nervea (accessible from nervea.net), we are committed to protecting your privacy while providing cutting-edge AI and business automation solutions. This Privacy Policy outlines how we collect, use, and safeguard your information in compliance with the Prevention of Electronic Crimes Act (PECA) 2016 of Pakistan, the UK General Data Protection Regulation (UK GDPR), and the California Consumer Privacy Act (CCPA/CPRA) and Health Insurance Portability and Accountability Act (HIPAA) of the United States.

By using our services, you consent to the data practices described in this policy.

1. Information We Collect

To provide our services and optimize our business operations, we collect several types of information:

A. Personal Identification Information

- Contact Details: Name, email address, phone number, and mailing address.

- Professional Information: Job title, company name, and industry.

- Account Credentials: Usernames and passwords for our service portals.

B. Usage and Technical Data

- Device Information: IP address, browser type, operating system, and device identifiers.

- Interaction Data: Pages visited on nervea.net, time spent on site, and clickstream data.

C. Client Data for Automation

- Data provided by you for the purpose of engineering AI agents, CRM setups, or workflow automations. This may include business data, customer interactions, and, in specific cases, Protected Health Information (PHI).

2. How We Use Your Data

We use the collected data to drive business growth and deliver high-value services:

- Service Delivery: To build and maintain your AI agents, websites, and automation workflows.

- Business Optimization: To analyze usage patterns and improve our service offerings.

- Marketing and Communication: To send you newsletters, promotional offers, and updates about new automation features (you may opt-out at any time).

- Lead Generation and CRM: To manage our sales pipeline and provide personalized consulting.

- Data Analytics: To create internal reports that help us understand market trends and client needs.

3. Global Legal Compliance

A. Pakistan Law (PECA 2016)

In accordance with PECA 2016, we ensure that:

- Your data is processed fairly and lawfully.

- We implement robust security measures to prevent unauthorized access or "data interference" (Section 3).

- We do not engage in "identity theft" or unauthorized use of identity information (Section 16).

B. UK Compliance (UK GDPR)

For users in the United Kingdom, we adhere to the UK GDPR principles:

- Lawfulness, Fairness, and Transparency: We process data based on legitimate interests, contract fulfillment, or consent.

- Data Minimization: We only collect data necessary for the specified purposes.

- International Transfers: Data transferred outside the UK is protected by Standard Contractual Clauses (SCCs) or other approved mechanisms.

C. USA Compliance (CCPA/CPRA & HIPAA)

For residents of the United States and businesses handling sensitive data:

CCPA/CPRA (California & General US Consumer Rights)

- Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected.

- Right to Delete: You can request the deletion of your personal information, subject to certain exceptions.

- Right to Opt-Out of Sale/Sharing: Nervea does not "sell" your personal information for money. However, we may "share" it for cross-context behavioral advertising, and you have the right to opt-out.

- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

HIPAA (Healthcare Information Privacy)

Nervea recognizes the sensitivity of Protected Health Information (PHI). When acting as a Business Associate for healthcare clients:

- BAA Agreements: We enter into formal Business Associate Agreements (BAAs) with covered entities to ensure HIPAA compliance.

- Security Rule Compliance: We implement administrative, physical, and technical safeguards (including encryption and access controls) to protect electronic PHI (ePHI).

- Breach Notification: We adhere to strict notification protocols in the event of any unauthorized access or disclosure of PHI.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

- Service Providers: Third-party vendors (like GoHighLevel or cloud providers) who assist in delivering our services.

- Legal Requirements: If required by law or to protect the rights and safety of Nervea and its clients.

- Business Transfers: In the event of a merger or acquisition, your data may be transferred as a business asset.

5. Data Security

We employ industry-standard encryption and security protocols to protect your information. However, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and notify us immediately of any suspicious activity.

6. Your Rights

Depending on your location (UK, USA, or Pakistan), you have the right to:

- Access, correct, or delete your personal data.

- Restrict or object to the processing of your data.

- Data portability (receive your data in a structured format).

- Withdraw consent at any time.

7. Cookies and Tracking Technologies

Nervea uses cookies to enhance your browsing experience and gather analytics. You can manage your cookie preferences through your browser settings or our on-site cookie banner.

8. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated "Effective Date."

9. Contact Us

If you have questions regarding this Privacy Policy or our data practices, please contact us at:

Email: [email protected] Website: nervea.net