← Back to Home

Privacy Policy

Version 2.2 · Last updated: 6 July 2026

1. Who this policy applies to

AudienceRole
Pharmacy customers (subscribers)You are the data controller for CCTV footage and personal information captured at your store.
Pharmacy patrons / customersYour pharmacy (not NeuraIQ) is responsible for lawful surveillance and your privacy rights.
Pharmacy staffWorkplace surveillance notices are issued by your employer.
Website visitorsNeuraIQ is the data controller for information you submit via neuraiq.com.au (see Section 14).

IntelliGuard is detection assistance — it generates alerts and local recordings. Your pharmacy decides whether and how to act.


2. Data sovereignty — our core commitment

IntelliGuard is designed on a data sovereignty model:

  • All AI video analysis runs on the NeuraIQ Edge Appliance at your pharmacy — not in NeuraIQ’s cloud.
  • Alert clips, face crops, face embeddings, and offender-gallery data stay on your appliance under your control.
  • In the ordinary course of the Service, NeuraIQ does not receive, store, copy, or retain your CCTV streams, alert video, or biometric data.
  • A minimal heartbeat is sent to NeuraIQ for subscription and health monitoring. Heartbeat contains only: Site ID, software version, appliance uptime, camera count (aggregate), alert count (aggregate — not per-event or per-person), and VPN connectivity status.
  • Heartbeat does not include video, images, audio, biometrics, face crops, alert clips, patron/customer/visitor names or identities, or any personal information or PII relating to pharmacy patrons, retail customers, visitors, or staff (Terms and Conditions 8.12).

Remote support access to your appliance or footage occurs when you email admin@neuraiq.com.au for support and NeuraIQ personnel connect via time-limited VPN under standing consent granted at onboarding (Terms and Conditions 8.6–8.7). NeuraIQ does not maintain always-on or unattended remote access.


3. What NeuraIQ does **not** collect or retain

NeuraIQ does not:

  • Retain, receive, store, copy, or have access to biometrics, face templates, face embeddings, or other sensitive information about your pharmacy patrons, customers, or patients in the ordinary course of the Service.
  • Operate a cloud video repository or receive your CCTV streams for routine processing.
  • Upload video, images, or alert media to NeuraIQ servers or third-party AI clouds for detection.
  • Use your footage to train or improve AI models unless you opt in under Schedule 4 of your Service Agreement — and then only for local on-appliance improvement at your site.
  • Sell or license your video or alert data to third parties.

Your pharmacy remains the sole custodian of footage and local IntelliGuard data.


4. What is processed **on your appliance** (pharmacy as controller)

The following is processed locally at your site by IntelliGuard software. NeuraIQ supplies the technology; your pharmacy determines the purposes of CCTV and AI monitoring.

Data typeWhere storedTypical retentionNotes
Video frames (in-memory)Appliance RAMSecondsDiscarded after real-time processing
Motion / alert clipsAppliance local storage~15 days (configurable)Short clips tied to detection events
Pose keypointsNot persistedUsed for scoring only
Face detection cropsAppliance local storage~15 daysThumbnails for staff alerts
Face embeddings (512-d vectors)Appliance SQLiteUntil offender record deletedMathematical vectors — not photographs
Alert metadata (score, camera, time)Appliance SQLite~15 days
Offender gallery recordsAppliance SQLiteUntil staff deleteOpt-in only — staff manually enroll from an alert

Sensitive information: Face-related data used for optional repeat-offender matching may be sensitive information under the Privacy Act. Your pharmacy must ensure lawful collection, signage, staff notices, and opt-in consent where required (see your IntelliGuard notices pack).


5. What NeuraIQ collects directly (processor / service provider)

Even with on-prem video, NeuraIQ processes limited personal information to deliver and bill the Service:

Data typePurposeStorageRetention
Heartbeat metadataSubscription verification, health monitoring, update delivery. No patron PII (see section 2).NeuraIQ Fleet Manager (AU-hosted VPS)~90 days
Billing & account dataInvoicing, subscription management. Pharmacy business data only.Stripe + NeuraIQ records7 years (Australian tax and accounting requirements)
Customer contact detailsSupport, onboarding, contractual notices. Nominated contacts only.NeuraIQ systemsLife of contract + legal retention
Support correspondenceTroubleshooting. No patron PII unless you attach it.Email / ticket systemsRetained for audit purposes — no fixed retention period
VPN session logsAudit of authorised remote support. No patron PII — session metadata only.NeuraIQ systems1 month maximum

NeuraIQ does not store your full payment card numbers — payments are processed by Stripe (see Appendix A).


6. Face detection transparency (OAIC retail AI guidance)

IntelliGuard uses on-device face detection to crop face regions and generate numerical embeddings for alert thumbnails and optional offender-gallery matching.

  • This is not mass public facial recognition.
  • Repeat-offender matching is opt-in: pharmacy staff must manually enroll a face from an alert.
  • Embeddings and crops remain on your appliance unless you export them locally.
  • NeuraIQ personnel do not access this data except in limited, request-only support circumstances — and do not retain copies afterward.

Pharmacies must display AI-assisted CCTV signage and comply with applicable workplace surveillance laws.


7. Controller and processor roles — data ownership

Terms and Conditions 8.17 allocates data as follows:

Data categoryOwner / controllerExamplesPatron or retail customer PII?
Customer dataPharmacy (controller)Raw CCTV, alert clips, thumbnails, face crops, embeddings, offender gallery, alert scores and logs on ApplianceYes — you control it
NeuraIQ IPNeuraIQSoftware, models, algorithms, firmware, documentationNo — technology only
Heartbeat metadataNeuraIQ (processor)Site ID, version, uptime, camera count, aggregate alert count, VPN statusNo
VPN session logsNeuraIQ (processor)Session timestamps, authorising contact, ticket referenceNo patron PII
Billing and account recordsNeuraIQ (processor)Business name, ABN, billing address, subscription statusPharmacy business data only
Support correspondenceNeuraIQ (processor)Tickets and emails from authorised contactsNo patron PII unless voluntarily attached
Fleet aggregates (if collected)NeuraIQDe-identified fleet-wide statisticsNo

NeuraIQ does not claim ownership of Customer data or of any "insights" about identifiable patrons. Detection outputs stored on your Appliance are Customer data. NeuraIQ owns NeuraIQ IP and Operational Telemetry only.

PartyRoleResponsibility
Pharmacy (subscriber)Data controller for Customer dataLawful CCTV/AI monitoring, signage, staff notices, patron enquiries, footage disclosure decisions
NeuraIQData processor for Operational Telemetry + controller for billing and websiteProvide Service securely; process heartbeat/billing/support meta without patron PII

Detailed processor obligations are in the IntelliGuard Terms and Conditions (Part II — Data Processing), incorporated into your Service Agreement.


8. How we use information

NeuraIQ uses the information described in Section 5 to:

  • Provide, activate, and maintain the IntelliGuard Service
  • Verify subscription status and deliver software/model updates
  • Process payments and issue tax invoices
  • Respond to support requests you initiate
  • Comply with law and enforce our agreements

We do not use patron video or biometrics for advertising, unrelated analytics, or model training without your Schedule 4 of your Service Agreement opt-in.


9. Disclosure to third parties

NeuraIQ does not disclose your video, alert clips, or patron biometrics to third parties in the ordinary course of the Service.

We use sub-processors for limited functions (billing, hosting, support infrastructure). See Appendix A — Sub-processors.

We may disclose information where required by law, or to protect rights and safety, in accordance with applicable legislation.


10. Data security

  • On-prem processing — core detection does not depend on cloud video upload.
  • MQTT and admin interfaces secured with authentication.
  • Appliance databases stored locally at your site.
  • Remote support VPN-only, on-demand, under standing consent when you email admin@neuraiq.com.au for support.
  • NeuraIQ implements reasonable technical and organisational measures appropriate to the data we hold.

11. Data breach notification

If NeuraIQ becomes aware of a data breach affecting personal information we hold as a processor or controller, we will notify affected pharmacy customers and cooperate with your breach-response obligations under the Notifiable Data Breaches scheme, in accordance with the Terms and Conditions and applicable law.

Breaches of data held only on your appliance are primarily your responsibility as controller; NeuraIQ will assist on request.


12. Your rights (Australian Privacy Principles)

Individuals may have rights to access, correct, or complain about personal information held about them.

If the information is…Contact
Footage, alerts, embeddings on your applianceYour pharmacy (data controller)
Billing or support records held by NeuraIQNeuraIQ — admin@neuraiq.com.au

You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au.


13. Retention and deletion

DataDefault retention
On-appliance alert clips & metadata~15 days (pharmacy-configurable)
Offender gallery embeddingsUntil deleted by pharmacy staff
Heartbeat metadata~90 days
Billing records7 years (Australian tax and accounting requirements)
VPN session logs1 month maximum
Support tickets and correspondenceRetained for audit purposes — no fixed retention period

On termination, pharmacies control export/deletion of local appliance data. NeuraIQ deletes or anonymises account metadata per our retention schedule.


14. Website visitors (neuraiq.com.au)

When you visit neuraiq.com.au or submit a Book a Demo / newsletter form, NeuraIQ may collect:

  • Name, email, phone, business name, message content
  • Technical logs (IP address, browser type, pages visited) for security and analytics

Purpose: respond to enquiries, send marketing you opt into, improve the website.

Lawful basis: consent and legitimate interests (APP 3 / APP 6).

Newsletter: unsubscribe link in every email.

This website policy is separate from pharmacy CCTV processing under IntelliGuard.


15. International transfers

IntelliGuard video processing does not involve routine offshore video transfer.

Some sub-processors (e.g. Stripe) may process billing data outside Australia. We take reasonable steps to ensure overseas recipients handle information consistently with APP 8.


16. Changes to this policy

We may update this policy with 30 days’ notice to subscribers for material changes. The current version is published at https://neuraiq.com.au/privacy.

Material changes to data sovereignty or processing architecture will be communicated in accordance with your Service Agreement.


17. Contact

NeuraIQ Pty Ltd

Email: admin@neuraiq.com.au

Privacy enquiries: admin@neuraiq.com.au (consider privacy@neuraiq.com.au)

Phone: 0434 673 004 (business hours AEST)

Registered address: [to be inserted]

Web: https://www.neuraiq.com.au


Appendix A — Sub-processors

Sub-processorPurposeData processedLocationNotes
Stripe Payments Australia Pty LtdSubscription billing, tax invoicesCustomer name, email, billing address, payment method tokensAU / global Stripe infrastructurePCI-DSS; Stripe Privacy Policy applies to payment data
Linode / Akamai Connected Cloud (or successor)Fleet Manager hosting — heartbeat metadataSite ID, version, uptime, camera count, alert countSydney, AU (target)No video or biometrics
NetBird (or successor WireGuard mesh)Encrypted remote support VPNSession metadata, connection logsPer vendorOnly when customer authorises session
Email / ticketingSupport correspondenceContact details, support contentAU where practicableConfirm provider before publish

NeuraIQ will update this appendix when sub-processors change. Subscribers will be notified of material changes per the Service Agreement.


Incorporated by reference into the IntelliGuard Service Agreement. For contractual terms, see Terms and Conditions v2.5.

NeuraIQ Pty Ltd

Sydney, NSW, Australia

admin@neuraiq.com.au · 0434 673 004

Terms of Service · IntelliGuard