SmartCampaign is a software-as-a-service platform for elective campaign operations, operated by Thinkneo AI Technology Company Limited ("ThinkNEO", "we", "us", "our"), a company incorporated in Hong Kong (Company Registration Number: 3349494).
This Privacy Policy explains how we collect, use, store, and protect personal data of users who access SmartCampaign at smartcampaign.thinkneo.ai (or any successor domain).
For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA"), the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, "LGPD"), and other applicable data protection laws, ThinkNEO acts as a data processor with respect to data uploaded or input by Customer organizations into the platform, and as a data controller with respect to account, billing, and usage data we collect directly from authorized users, and with respect to publicly available third-party data we collect to power the platform's intelligence features.
SmartCampaign is sold to organizations (each a "Customer" or "Tenant") and used by their authorized staff (each a "User" or "Seat"). This Privacy Policy applies to:
Content input by Users into the platform on behalf of the Customer (campaign records, internal notes, scheduling data, files, messaging, and similar). This data belongs to the Customer; ThinkNEO processes it solely on the Customer's instructions and in accordance with the Subscription Agreement.
Where Users invoke the platform's AI features (chat, content generation, monitoring queries, response generation), we process the prompts, contextual data, and the resulting AI outputs as part of providing the Service. AI outputs are presented to the User for review; the User retains discretion over their use.
To power the platform's intelligence features (described in Section 5), we collect and process publicly available information from sources including, but not limited to:
We do not collect, store, or process personal data of private individuals (voters, donors, members of the general public) as part of these features. The processing is limited to public figures acting in their public role, and to public institutions acting institutionally.
| Purpose | Legal basis (GDPR / LGPD) |
|---|---|
| Provide, maintain, and operate the SmartCampaign service | Performance of contract |
| Bill Customers and process payments | Performance of contract; legal obligation |
| Authenticate Users and secure accounts | Legitimate interest; legal obligation |
| Provide customer support and respond to requests | Performance of contract; legitimate interest |
| Improve product features through aggregated, non-identifying analytics | Legitimate interest |
| Power the AI chat, content generation, and intelligence features described in Section 5 | Performance of contract; legitimate interest |
| Aggregate publicly available data on public figures and institutions to power monitoring, agenda tracking, and polling features | Legitimate interest, balanced against the reduced privacy expectations of public figures acting in their public capacity (GDPR Art. 6(1)(f); LGPD Art. 7, X) |
| Send service-related emails (account, security, billing, incident alerts) | Performance of contract; legal obligation |
| Detect, prevent, and respond to fraud, abuse, or security incidents | Legitimate interest; legal obligation |
| Comply with legal, regulatory, or audit obligations | Legal obligation |
SmartCampaign integrates artificial intelligence and aggregates third-party public data to support Users in elective campaign operations. We treat AI as a deliberate, governed capability of the platform — not as a hidden background process.
The AI does: aggregate public information, generate draft content for User review, summarize, classify by sentiment, suggest responses to detected events, and provide conversational assistance contextualized to the Customer's operational data.
The AI does not: autonomously publish content; transmit messages to third parties; make decisions producing legal effects on Users or third parties without human review; profile private individuals; predict behavior of voters; or operate as a substitute for legal, electoral, or strategic professional advice.
The platform's AI gateway routes inferences to one or more of the following providers, depending on the Customer's configuration: NVIDIA (Nemotron models), Anthropic (Claude models), and OpenAI (GPT models). When the Customer brings its own API keys, prompts and outputs are processed by that provider under that provider's terms; ThinkNEO does not retain a copy beyond what is required for service operation, audit logging under the AIRGP protocol, and observability.
All AI inferences performed within the platform are subject to the AIRGP protocol described in Section 11, including runtime policy enforcement, complete audit logging, and observability of every call. Customers with appropriate roles can inspect the AI activity within their tenant.
We do not sell personal data. We share personal data only with the following categories of recipients, and only as necessary to operate the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe Payments | Payment processing | Ireland / United States |
| Cloud hosting and infrastructure providers | Application hosting, storage, content delivery | European Union and / or United States |
| NVIDIA | AI inference (Nemotron models) via ThinkNEO AI Gateway | United States |
| Anthropic | AI inference (Claude models) when configured by Customer | United States |
| OpenAI | AI inference (GPT models) when configured by Customer | United States |
| Public-data aggregation services (news, search trends, official journals) | Power Web Monitor, Competitor Agenda, Polls, Rapid Response | Various |
| Email delivery provider (transactional email and incident alerts) | Account, security, billing, alert emails | European Union and / or United States |
| Error monitoring and analytics providers | Aggregated, non-identifying performance and error analytics | European Union and / or United States |
An up-to-date list of sub-processors is available on request to privacy@thinkneo.ai. We may also disclose personal data where required by law, court order, or to protect the rights, property, or safety of ThinkNEO, our Customers, or others.
ThinkNEO is established in Hong Kong. Personal data may be processed in the European Union, United States, and other jurisdictions where our sub-processors operate. Where personal data of EU, UK, or Brazilian residents is transferred outside their respective jurisdictions, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) and equivalent mechanisms, where applicable.
Subject to applicable law, you have the right to:
Public figures whose names, public statements, voting records, or public agendas appear in our intelligence features have the right to request access, correction, or — subject to the legitimate interest balancing test — restriction or erasure. Requests should be directed to privacy@thinkneo.ai. We will respond within the timelines required by applicable law.
California residents have the right to know what personal information we collect, to request deletion of personal information, and to opt out of the "sale" or "sharing" of personal information. ThinkNEO does not sell personal information as defined under CCPA.
Brazilian residents have the rights set out in Article 18 of the LGPD, including confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent. Requests may be directed to privacy@thinkneo.ai.
We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS 1.2 or higher), encryption at rest, access controls based on the principle of least privilege, audit logging, regular security reviews, and incident response procedures. No system is perfectly secure; we cannot guarantee absolute security but we work continuously to reduce risk.
The SmartCampaign backend operates under two open protocols published by ThinkNEO. We have chosen to publish them openly and to operate under them precisely because the layer that governs AI-driven and data-driven systems should be inspectable by customers and the broader community, not proprietary.
Operation under these protocols means that every AI inference performed inside SmartCampaign — including chat, content generation, monitoring, agenda aggregation, polling aggregation, and incident response generation — is subject to runtime guardrails, complete audit logging, and policy enforcement at the gateway level. Customers with appropriate roles can inspect this activity within their tenant.
SmartCampaign is not directed at, or intended for use by, persons under the age of 18. We do not knowingly collect personal data from minors. If you become aware that a minor has provided personal data to us, please contact privacy@thinkneo.ai and we will take appropriate steps to delete such data.
SmartCampaign uses strictly necessary cookies for authentication and session management, and limited analytics cookies for product improvement. We do not use advertising cookies. A detailed cookie notice is available within the application.
We may update this Privacy Policy from time to time. Material changes will be communicated to active Customers by email and through an in-app notice at least 30 days before they take effect. The "Last updated" date at the top of this document indicates when this policy was last revised.
For privacy-related questions or to exercise your rights, contact:
Thinkneo AI Technology Company Limited
Hong Kong (Company Registration: 3349494)
Email: privacy@thinkneo.ai
General contact: fabio@thinkneo.ai