// Trust & Security Report

    Neural Love OÜ logo

    Neural Love OÜ

    Consumer/prosumer AI creative studio (neural.love): text-to-image and image-to-image art generator, AI Photo Studio (headshots/avatars), image/video/audio quality enhancer and upscaler, Uncrop (generative outpainting), image-to-video conversion, and a paid credits-based REST API for developers/business integrations.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR (posture, not a certification)
    HELD

    "This privacy notice explains how we process personal data in our business as per the General Data Protection Regulation (GDPR) and other relevant privacy laws applicable to our business." Also: "Your personal data is protected under the GDPR...regardless of your geographical location."

    Verify on neural.love
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No trust center, security page, or SOC 2 mention found on neural.love, neural.love/privacy, neural.love/terms, or docs.neural.love; neural.love/security returns 404.

    source: neural.love
    ISO/IEC 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification anywhere on the vendor's own domain (home, privacy, terms, API docs).

    source: neural.love
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence. No AI-governance certification referenced on vendor domain.

    source: neural.love
    HIPAA
    NOT CONFIRMED

    No public evidence. No HIPAA or Business Associate Agreement mention found on vendor domain; product is a consumer creative tool with no healthcare-specific data handling.

    source: neural.love
    PCI DSS
    NOT CONFIRMED

    No public evidence. Payment processing details/PCI scope not disclosed on vendor domain (likely handled entirely by a third-party payment processor, which is unconfirmed).

    source: neural.love
    FedRAMP
    NOT CONFIRMED

    No public evidence; not applicable to a consumer/prosumer product with no US federal government offering referenced.

    source: neural.love
    CSA STAR
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: neural.love

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Not disclosed. Privacy notice states data processors are used for "cloud storage, web hosting, e-mailing" and that AWS is the storage/processing sub-processor for uploaded files (per Terms), but no specific AWS region/data-residency commitment is published; the notice invites users to contact the company directly to ask where their data is processed.

    Terms state plainly: "We do not use your uploaded files to train our AI algorithms or for any purpose other than the automated processing to which you've agreed." No tier-based exception was found (this applies to the general consumer/API terms; no separate enterprise data-processing addendum was located to confirm identical treatment at scale). Content generated via the free Art Generator is released under a CC0 (public domain) license, which is a separate output-licensing matter, not a training-data policy.

    // Security controls

    Encryption

    "We use strong passwords, data encryption, access control and two-factor authentication to secure our data and prevent unauthorized persons from accessing, altering, deleting..." (transit/at-rest not separately specified).

    neural.love

    Third-party data sharing

    "We do not share your uploaded or processed files with third parties, except for our secure provider, Amazon Web Services." (AWS used for storage/processing only.)

    neural.love

    Data retention / deletion

    File retention varies by processing status (24 hours to 6 months); files and order metadata are permanently deleted if a user deletes their order or account.

    neural.love

    API authentication

    Bearer-token authentication; one active token per account, regenerating invalidates the prior token; default rate limit 300 requests / 5 minutes.

    docs.neural.love

    GDPR data-subject rights process

    Users can request access, rectification, erasure, restriction, objection, and portability; company commits to responding within 30 days and runs annual internal "GDPR audit days" to review/delete data; complaints may be filed with the Estonian data protection authority.

    neural.love

    Website analytics

    Uses Fathom Analytics, described as cookie-free, processing data in pseudo-anonymized (SHA-256 hash) form.

    neural.love

    // Products & data scope

    AI Art / Image Generator (consumer, free tier)Text-to-image / image-to-image generation

    data: Prompts and optional reference images; user can toggle Private mode to hide generations from the public feed.

    Free-to-use with a public-by-default generation gallery unless the user selects Private; outputs released under CC0.

    AI Photo StudioPersonalized image generation (headshots, social/Tinder photos)

    data: User-uploaded personal photo(s) used to generate styled outputs; vendor states no model training occurs on uploads.

    No separate biometric-data disclosure found beyond the general privacy notice.

    Image / Video / Audio Enhancer & Upscaler, Uncrop, Image-to-VideoMedia restoration and generative editing

    data: User-uploaded media files, processed via AWS-hosted infrastructure per the Terms.

    Same retention and no-training commitments apply per the general Terms/Privacy notice; no product-specific carve-outs found.

    neural.love API (developer/business/enterprise)Programmatic access to the above generation/enhancement capabilities

    data: API requests and uploaded assets; credits-based billing; webhook support for high-volume business clients.

    No enterprise-specific security page, DPA template, or compliance documentation was located; businesses are directed to contact business@neural.love for custom arrangements, which could not be independently verified.

    // What to watch

    • GDPR is a regulatory posture the vendor asserts compliance with, not a third-party-audited certification; list it as 'GDPR-aligned (self-declared)', not as a certification badge.
    • No SOC 2, ISO 27001, ISO 42001, HIPAA, or PCI DSS evidence found anywhere on the vendor's own domain; do not display any compliance badges for this vendor.
    • Data residency/region for AWS storage is not disclosed on the vendor's own pages; AIFOXX listing should mark data region as 'not verified' rather than inferring a specific region.
    • The 'no AI training on uploads' commitment is stated in the general Terms; no separate enterprise DPA or business-tier terms page was found to confirm whether large/API customers get a distinct (e.g. contractually stronger) commitment.
    • Identity check: evidence and legal-entity lookups (Estonian business registry) both point to Neural Love OÜ (reg. no. 14992583, Pudisoo, Estonia) as the operator of neural.love, with business@neural.love as the contact email on both the registry listing and the vendor's own privacy notice, so no conflation risk was found with a similarly named entity.

    // At a glance

    Pricing model

    Freemium credits-based: free tier plus paid credit packs / subscriptions for the consumer app; separate credits-based pricing for the API; custom terms for business/enterprise via direct contact.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Neural Love OÜ's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    neural.love

    > Browse all vendor trust reports