NeuroScry

Privacy Policy

Version 1.0
Effective Date: May 29, 2026

Gradient Vector LLC builds software products, including NeuroScry, a Windows desktop AI assistant that can use screenshots, voice input, and app context to help answer user questions.

This Privacy Policy explains what information NeuroScry collects, processes, stores, or sends to third parties.

Who We Are

Gradient Vector LLC

Support: support@gradientvector.dev
Privacy: privacy@gradientvector.dev

We typically respond within 2–5 business days.

What This Policy Covers

This policy covers:

  • Gradient Vector LLC websites and pages, including neuroscry.app.
  • The NeuroScry application.
  • Account, support, and download flows connected to NeuroScry.

Information We Collect Or Process

Account and sign-in information

NeuroScry uses browser-based sign-in through neuroscry.app. Authentication is handled through WorkOS AuthKit.

The app or service may receive, store, or display:

  • Your account email address.
  • Your display name and avatar URL, if returned by the authentication provider.
  • Whether your email address is verified.
  • Your account role, plan, capabilities, or entitlement status.
  • Usage and quota information.
  • Basic session information, such as user agent and IP address, for authentication and abuse prevention.

The desktop app stores local credentials needed to keep you signed in. Access tokens are short-lived. Refresh tokens are stored locally and can be revoked when you sign out.

Signing out clears local credentials, revokes the presented refresh token, and opens the browser to a NeuroScry sign-out endpoint intended to revoke and clear the browser session.

App settings and local storage

NeuroScry stores settings, credentials, app identity records, logs, downloaded support files, and diagnostic information locally on your device.

Local data may include:

  • App settings and preferences.
  • Local credentials or user-provided API keys (not provided by us).
  • Records used to recognize applications you have confirmed.
  • Debug logs, if logging is enabled.
  • Debug screenshots or audio recordings, (Disabled by default).
  • Downloaded speech or performance support files.

The desktop app currently can store any local secrets you provide and configure in files on your device. Anyone with access to your Windows account or local files may be able to access those secrets.

Screenshots and window context

When you use NeuroScry’s hotkey or configured trigger, the app captures a screenshot, of the foreground (selected) window.

Screenshot-related data may include:

  • The screenshot image.
  • Foreground window title.
  • Process name.
  • Executable path metadata.
  • Window position and size.
  • App identity metadata if you provided it.

The screenshot is encoded and sent to the selected AI provider or the NeuroScry proxy when you ask a question. If you configure it to do so (disabled by default, admin user only), debug settings can save screenshots locally.

Audio and speech

NeuroScry may start a microphone stream while the app is running, if a microphone is available. The app keeps a rolling in-memory audio buffer and extracts audio ONLY around the active hotkey session.

Audio handling includes:

  • Local speech-to-text using local Whisper/faster-whisper models (if configured).
  • Cloud speech-to-text through xAI (if configured).
  • Local debug recordings if debug audio recording is enabled (disabled by default).

Prompts, answers, and history

When you ask NeuroScry a question, the app may send the selected AI service:

  • Your transcribed question (only while hotkey held).
  • The current screenshot (if enabled).
  • App or window context.
  • Recent question-and-answer context from the current app session, depending on settings.
  • Model and tool settings, such as web search options.

The app keeps recent Q&A history in memory during the app session. The code does not show persistent storage of full Q&A history by default. Debug logging can record prompts, transcripts, model responses, usage metadata, and errors if debug options are enabled.

Logs and diagnostics

Logs may contain personal or sensitive information depending on what is on screen, what you ask, and which debug options are enabled.

Logs may include:

  • Prompts or transcripts.
  • AI responses.
  • Window titles and process names.
  • App identity information.
  • Provider errors, timing, and usage metadata.

Do not send logs, screenshots, or audio recordings to support unless you have reviewed them and are comfortable sharing their contents.

Website, cookies, analytics, and downloads

The desktop app uses neuroscry.app for sign-in, token exchange, account checks, proxy access, download access, and sign-out.

NeuroScry uses a first-party browser cookie associated with the WorkOS session so the website can sign you out of the browser session when requested.

The download flow creates a short-lived download token and serves the Windows download through Cloudflare infrastructure. If a signed-in account does not have download access, the download page may show that the account is pending approval.

The NeuroScry website does not currently include analytics scripts, advertising pixels, session replay, browser local storage, or browser session storage. Cloudflare or other infrastructure providers may still process basic request information as part of hosting, security, and observability.

Payments

Paid billing is not currently implemented in NeuroScry. If Gradient Vector LLC adds paid plans, subscriptions, or a payment processor, this policy should be updated to describe the payment data flow.

Support communications

If you contact support, Gradient Vector LLC may receive the information you provide, such as your email address, account email, device details, app version, logs, screenshots, or issue description.

Do not send API keys, access tokens, refresh tokens, or private screenshots unless support specifically asks and provides instructions. Support will NEVER ask for your password.

Third-Party Services

NeuroScry may use these third-party services:

  • WorkOS AuthKit for account sign-in and browser sessions.
  • Cloudflare for website hosting, Workers, storage, database, security, observability, and AI Gateway routing.
  • OpenAI APIs for AI responses in direct mode or through the NeuroScry proxy.
  • xAI APIs for AI responses, speech-to-text, or text-to-speech depending on settings.
  • OpenRouter APIs for AI responses, speech-to-text, or text-to-speech depending on settings.
  • Microsoft Edge TTS through edge-tts for text-to-speech.
  • Hugging Face Hub for local speech model downloads.
  • PyPI and NVIDIA-related package sources for optional performance support files.
  • Windows operating system APIs for screenshots, microphone input, hotkeys, clipboard behavior, audio playback, and GPU detection.

Third-party services may process information according to their own terms and privacy policies.

How We Use Information

Gradient Vector LLC uses information to:

  • Provide NeuroScry’s screenshot, voice, AI, account, and proxy features.
  • Authenticate users and manage access.
  • Enforce entitlements, quotas, and abuse controls.
  • Troubleshoot bugs and support requests.
  • Improve reliability, safety, and product quality.
  • Protect the service, users, and third-party providers from misuse.

We do not claim that NeuroScry is certified under any specific privacy, security, or compliance framework.

Quotas, Entitlements, And Abuse Controls

NeuroScry may enforce access by plan and quota. New users may require approval or an invite before AI proxy access is enabled.

Current quota enforcement is based on successful AI proxy calls in a rolling 30-day window. The service may record usage metadata such as account ID, time, provider, model, token counts when available, latency, status, and error code.

Data Retention

Local app data remains on your computer until you delete it, uninstall with data removal, or the app changes or rotates it.

Known local retention behavior:

  • Access tokens are memory-only.
  • Refresh tokens are stored locally and are expected to expire or rotate.
  • Debug screenshots and recordings are saved only if enabled.
  • App identity records and debug logs may persist locally until deleted.

Backend systems may store account records, invite records, session records, short-lived auth codes, usage events, download files, infrastructure logs, and support communications. Retention periods may vary by data type, provider requirements, operational needs, security needs, and legal obligations.

Your Choices

You can:

  • Sign out from the NeuroScry app.
  • Disable debug screenshots and debug recordings.
  • Use local speech-to-text instead of cloud speech-to-text when supported.
  • Delete local NeuroScry data from your device.
  • Contact support or privacy email about account access or data questions.

Deleting local files may remove settings, tokens, logs, debug captures, identity records, downloaded model files, and other runtime data.

Security

Gradient Vector LLC uses technical measures intended to protect the service, such as browser-based authentication, short-lived access tokens, refresh token rotation, HTTPS API endpoints, and server-side provider keys for the NeuroScry proxy.

No internet-connected service can be guaranteed secure. If you discover a security issue, contact security@gradientvector.dev.

Changes To This Policy

Gradient Vector LLC may update this policy as the product, website, backend, payment model, and support process change. The updated version will show a new effective date.

Contact

Gradient Vector LLC

Support: support@gradientvector.dev
Privacy: privacy@gradientvector.dev
Security: security@gradientvector.dev

We typically respond within 2–5 business days.

All legal documents