// Trust & Security Report
Neural Love OÜ
Consumer/prosumer AI creative studio (neural.love): text-to-image and image-to-image art generator, AI Photo Studio (headshots/avatars), image/video/audio quality enhancer and upscaler, Uncrop (generative outpainting), image-to-video conversion, and a paid credits-based REST API for developers/business integrations.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on neural.love“"This privacy notice explains how we process personal data in our business as per the General Data Protection Regulation (GDPR) and other relevant privacy laws applicable to our business." Also: "Your personal data is protected under the GDPR...regardless of your geographical location."”
> Show 7 unconfirmed / not-held certifications
source: neural.loveNo public evidence. No trust center, security page, or SOC 2 mention found on neural.love, neural.love/privacy, neural.love/terms, or docs.neural.love; neural.love/security returns 404.
source: neural.loveNo public evidence of ISO 27001 certification anywhere on the vendor's own domain (home, privacy, terms, API docs).
source: neural.loveNo public evidence. No AI-governance certification referenced on vendor domain.
source: neural.loveNo public evidence. No HIPAA or Business Associate Agreement mention found on vendor domain; product is a consumer creative tool with no healthcare-specific data handling.
source: neural.loveNo public evidence. Payment processing details/PCI scope not disclosed on vendor domain (likely handled entirely by a third-party payment processor, which is unconfirmed).
source: neural.loveNo public evidence; not applicable to a consumer/prosumer product with no US federal government offering referenced.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Not disclosed. Privacy notice states data processors are used for "cloud storage, web hosting, e-mailing" and that AWS is the storage/processing sub-processor for uploaded files (per Terms), but no specific AWS region/data-residency commitment is published; the notice invites users to contact the company directly to ask where their data is processed.
Terms state plainly: "We do not use your uploaded files to train our AI algorithms or for any purpose other than the automated processing to which you've agreed." No tier-based exception was found (this applies to the general consumer/API terms; no separate enterprise data-processing addendum was located to confirm identical treatment at scale). Content generated via the free Art Generator is released under a CC0 (public domain) license, which is a separate output-licensing matter, not a training-data policy.
// Security controls
Encryption
"We use strong passwords, data encryption, access control and two-factor authentication to secure our data and prevent unauthorized persons from accessing, altering, deleting..." (transit/at-rest not separately specified).
neural.loveThird-party data sharing
"We do not share your uploaded or processed files with third parties, except for our secure provider, Amazon Web Services." (AWS used for storage/processing only.)
neural.loveData retention / deletion
File retention varies by processing status (24 hours to 6 months); files and order metadata are permanently deleted if a user deletes their order or account.
neural.loveAPI authentication
Bearer-token authentication; one active token per account, regenerating invalidates the prior token; default rate limit 300 requests / 5 minutes.
docs.neural.loveGDPR data-subject rights process
Users can request access, rectification, erasure, restriction, objection, and portability; company commits to responding within 30 days and runs annual internal "GDPR audit days" to review/delete data; complaints may be filed with the Estonian data protection authority.
neural.loveWebsite analytics
Uses Fathom Analytics, described as cookie-free, processing data in pseudo-anonymized (SHA-256 hash) form.
neural.love// Products & data scope
data: Prompts and optional reference images; user can toggle Private mode to hide generations from the public feed.
Free-to-use with a public-by-default generation gallery unless the user selects Private; outputs released under CC0.
data: User-uploaded personal photo(s) used to generate styled outputs; vendor states no model training occurs on uploads.
No separate biometric-data disclosure found beyond the general privacy notice.
data: User-uploaded media files, processed via AWS-hosted infrastructure per the Terms.
Same retention and no-training commitments apply per the general Terms/Privacy notice; no product-specific carve-outs found.
data: API requests and uploaded assets; credits-based billing; webhook support for high-volume business clients.
No enterprise-specific security page, DPA template, or compliance documentation was located; businesses are directed to contact business@neural.love for custom arrangements, which could not be independently verified.
// What to watch
- GDPR is a regulatory posture the vendor asserts compliance with, not a third-party-audited certification; list it as 'GDPR-aligned (self-declared)', not as a certification badge.
- No SOC 2, ISO 27001, ISO 42001, HIPAA, or PCI DSS evidence found anywhere on the vendor's own domain; do not display any compliance badges for this vendor.
- Data residency/region for AWS storage is not disclosed on the vendor's own pages; AIFOXX listing should mark data region as 'not verified' rather than inferring a specific region.
- The 'no AI training on uploads' commitment is stated in the general Terms; no separate enterprise DPA or business-tier terms page was found to confirm whether large/API customers get a distinct (e.g. contractually stronger) commitment.
- Identity check: evidence and legal-entity lookups (Estonian business registry) both point to Neural Love OÜ (reg. no. 14992583, Pudisoo, Estonia) as the operator of neural.love, with business@neural.love as the contact email on both the registry listing and the vendor's own privacy notice, so no conflation risk was found with a similarly named entity.
// At a glance
Pricing model
Freemium credits-based: free tier plus paid credit packs / subscriptions for the consumer app; separate credits-based pricing for the API; custom terms for business/enterprise via direct contact.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Neural Love OÜ's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
neural.love