Privacy policy

PRIVACY POLICY

Last updated: 25 July 2025

Thank you for choosing Nepharp! Your privacy is important to us. This Privacy Policy explains how Neoharp LLC-FZ (“Neoharp”, “we”, “us”, or “our”) collects, uses, discloses and safeguards your personal data when you visit our website https://neoharp.com (the “Website”), use our Neoharp mobile or desktop applications (the “App”), purchase a Neoharp instrument, or otherwise interact with our services (collectively, the “Service”). It also describes your rights and how the law protects you.

This Policy is intended to comply with the UAE Federal Data Protection Law No. 45 of 2021, the EU & UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act (CCPA/CPRA) and other applicable privacy laws. If any of those laws impose stricter requirements than those set out below, we will follow the stricter requirement.

1. WHO WE ARE

Neoharp LLC-FZ is registered in the United Arab Emirates with its principal place of business at Al Fajer Building, Garhoud, Dubai, UAE. We design and manufacture the Neoharp MIDI-based musical instrument and develop companion software.

Primary privacy contact: neoharp@neoharp.com

We will update this Policy with an EU/UK representative and Data-Protection Officer (if appointed) before we begin processing personal data of residents in those jurisdictions.

2. THE DATA WE COLLECT ABOUT YOU

2.1 Data you provide directly

Identity Data – first name, last name, username or similar identifier and, if you sign in with a social provider, public profile information.
Contact Data – billing address, delivery address, e-mail address, telephone number (optional).
Account Credentials – hashed password, authentication tokens.
Transaction Data – purchase history, order numbers, payment confirmations.
Marketing Preferences – your choices about receiving marketing from us.

2.2 Data we collect automatically

Usage Data – how you interact with the Website, App and products (e.g., session duration, screens viewed, features used).
Technical Data – IP address, browser type and version, time-zone setting, operating system and platform.
Device Data – device identifiers, device type, operating system, unique device IDs (e.g., IDFA for iOS, GAID for Android).

2.3 Data from third parties

Social Login Data – information you authorise from Google, Facebook, Instagram, Twitter, LinkedIn or similar providers (typically name and e-mail address).
Payment Processors – confirmation of payment and last four digits of your card number from Stripe, PayPal or other providers (we never receive or store full card details).

2.4 Special-category & children’s data
We do not knowingly collect special-category personal data (e.g., health, biometric, religious information) or data from children under 13 (or 16 where GDPR applies). If you believe a child has provided us with personal data, please contact us and we will delete it.

3. COOKIES & SIMILAR TECHNOLOGIES

We use first-party and third-party cookies, pixels and local-storage objects to (i) make the Service work, (ii) remember your preferences, (iii) analyse traffic and (iv) deliver personalised ads. You can manage cookies through our Cookie Banner or in your browser/device settings. For more information, see our separate Cookie Policy.

4. LEGAL BASES FOR PROCESSING (GDPR/UK GDPR)

Contract (Art. 6(1)(b)) – to create and manage your account, deliver the Neoharp instrument and App, process orders and send service-related messages (e.g., order confirmations).
Legitimate interests (Art. 6(1)(f)) – to provide customer support, troubleshoot, improve and secure the Service and to send limited direct marketing to existing customers (you can opt out at any time).
Consent (Art. 6(1)(a)) – to send newsletters and promotional offers to non-customers, place non-essential cookies and display personalised ads. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c)) – to comply with tax, accounting and other statutory requirements.

5. HOW WE USE YOUR DATA

Provide, operate and maintain the Service.
Process and manage pre-orders or purchases (when enabled).
Send you administrative information, such as confirmations, updates, security alerts and support messages.
Improve and personalise the Service, including analytics and product development.
Send marketing communications (with consent or as otherwise permitted by law).
Deliver targeted advertising via Google Ads and Meta platforms.
Detect, prevent and address technical issues and fraud.
Comply with legal obligations.

6. DISCLOSURES OF YOUR PERSONAL DATA

Service Providers – hosting and commerce platform (Shopify Inc.), analytics, marketing, payment and logistics partners bound by confidentiality and data-processing agreements.
Affiliates – companies within our corporate group supporting the Service.
Business Transfers – as part of any merger, acquisition or asset sale (you will be notified beforehand).
Legal & Regulatory – when required by law, court order or to defend legal claims.
With your consent – for any purpose you have expressly authorised.

We do not sell or “share” personal data for monetary consideration, as those terms are defined under the CCPA/CPRA.

7. INTERNATIONAL TRANSFERS

Our application servers are located in Germany, while our Shopify storefront and pre-order data are hosted by Shopify Inc. on servers in the United States (and may also be processed in Canada). Where personal data is transferred outside the UAE, UK or EEA (for example, to a service provider in another country), we ensure an adequate level of protection by using Standard Contractual Clauses or other approved safeguards.

8. DATA SECURITY

We use industry-standard administrative, technical and physical safeguards, including TLS 1.2+ encryption in transit, encrypted password storage (bcrypt) and role-based access controls. No online system is entirely secure; we encourage you to use a strong, unique password and keep it confidential.

9. DATA RETENTION

Account data – while your account is active and for up to 3 years after closure.
Pre-order records – 7 years to comply with tax and accounting laws.
Marketing preferences – until you unsubscribe or 2 years after your last interaction, whichever is earlier.
Anonymous analytics – retained indefinitely.

10. YOUR RIGHTS

Depending on where you live, you may have the right to:

Access a copy of your personal data.
Correct inaccurate or incomplete data.
Request deletion of your data (“right to be forgotten”).
Restrict or object to processing based on legitimate interests.
Receive your data in a portable format.
Withdraw consent at any time.
Lodge a complaint with a supervisory authority.

To exercise these rights, contact neoharp@neoharp.com or use the in-app Privacy Settings. We respond within 30 days.

11. ANALYTICS & ONLINE ADVERTISING

We use Google Analytics, Google Ads and Meta (Facebook/Instagram) Pixel to analyse traffic and measure the effectiveness of our ads. These tools may set cookies and collect pseudonymous identifiers (IP address, device ID). You can opt out by adjusting our Cookie Banner settings, installing Google’s opt-out browser add-on or changing ad-personalisation settings in your Google or Meta account.

12. THIRD-PARTY LINKS

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing information.

13. CHANGES TO THIS POLICY

We may update this Policy from time to time. If we make material changes, we will notify you via e-mail (if you have an account) and post a prominent notice on the Website at least 7 days before the changes take effect. The “Last updated” date will reflect the revision date.

14. CONTACT

For questions about this Policy or our privacy practices, e-mail neoharp@neoharp.com. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection authority.