Neo4j Privacy Notice
Last Updated: February 18, 2026 | Archive
This Privacy Notice explains how we collect and use your personal information in relation to the following:
- Neo4j websites, including at neo4j.com, neo4j.io, arrows.app, graphdatabases.com, and opencypher.org (each a “Site”);
- Neo4j products and services including Neo4j fully-managed products and services (the “Cloud Offering”) and Neo4j’s self-managed software (the “Software Offering” and together, with the Cloud Offering, “Neo4j Products”); and
- Neo4j events and experiences that reference this Privacy Notice.
In this privacy notice, the term “Personal Data” has the meaning as defined in the European Data Protection legislation and the California Consumer Privacy Act (CCPA/CPRA).
This Notice does not apply to the data our customers and their users upload or store in the Neo4j Products. Neo4j processes such data solely on behalf of the customer (the data controller), and our use of this data is governed by our agreement with that customer. If you have questions about data held within Neo4j Products on behalf of an organization, please contact that organization directly.
Personal Data Collection & Disclosure
1. Personal Data Collection.
Neo4j collects Personal Data through your direct interactions with us, your use of Neo4j Products, and through Neo4j Affiliates and third parties.
You have choices about the data you provide. If you choose not to provide us with certain Personal Data, you may be unable to use some functionalities of our Sites and Neo4j Products.
A. Data You Provide to Us. You may provide us with certain Personal Data when you register for an account, contact us with questions or comments, engage with support, submit a talk, or engage in our online community. The categories of Personal Data you provide may include:
| Category | Examples |
|---|---|
| Identity & Contact Information | Name, email address, phone number, and mailing address. |
| Account Credentials | Login identifiers (email and password) and user profile details. |
| Commercial Information | Billing and payment information, and records of services purchased. |
| User Content & Communications | Support queries, talk proposals, feedback surveys, and community forum posts. |
B. Data We Automatically Collect from You. When you visit our Sites or use Neo4j Products, we may collect certain information automatically to provide our services and ensure that our services remain secure, stable, and user-friendly. The categories of data collected may include:
| Category | Examples |
|---|---|
| Product Usage & Telemetry | Product edition, version downloaded, system type and IP address, UI feature use, success/fail of a query, RAM utilization, CPU usage and database instance identifier/usage. |
| Device & Connection Data | IP address, unique device identifiers, and device attributes, such as operating system and browser type. |
| Website Data and History | Site and navigation history. |
| Marketing & Advertising | Identifiers used to track the effectiveness of marketing campaigns. |
C. Data Collected from Other Sources. We may receive Personal Data from third parties, including (1) business partners, such as distributors and resellers, (2) marketing and lead-generation providers, and (3) publicly available sources such as social media platforms or public databases.
2. Purposes and Legal Bases for Processing.
A. Legal Bases. If applicable data protection laws require a lawful basis for processing and if Neo4j acts as the data controller of the Personal Data collected, then Neo4j’s legal basis for collecting and using the Personal Data may be one, or more, of the following:
- Contractual Necessity: Processing is required to perform the agreement we have with you or to take steps at your request prior to entering into a contract.
- Legitimate Interests: Processing based on Neo4j’s business interest in: (a) providing, improving, and administering the Sites and Neo4j Products; (b) maintaining the security of the Sites and Neo4j Products; (c) using insights to research and develop new products and services; and (d) sending marketing communications that you have opted into or that we believe are relevant to you.
- Legal Obligation: Processing required for us to comply with the law (e.g., tax records or regulatory reporting).
B. Purpose and the Legal Basis. The legal basis will depend on the category and context in which the Personal Data was collected. The following are some examples:
| Category | Purpose | Legal Basis |
|---|---|---|
| Identity & Contact Information | Create and secure your account, verify your identity, and send product updates. | Contractual necessity; Legitimate interests. |
| Account Credentials | Manage your access to Neo4j Products and provide personalized settings. | Contractual necessity. |
| Commercial Information | Process transactions, manage subscriptions, and fulfill our contractual obligations. | Contractual necessity; Legal Obligation. |
| User Content & Communications | Provide technical support, facilitate events, and improve our online community. | Contractual necessity; Legitimate interests. |
| Product Usage & Telemetry | Troubleshoot technical issues, monitor product stability, and analyze, develop, and improve performance and Offerings. | Legitimate interests. |
| Device & Connection Data | Secure our Sites, diagnose server problems, and gather broad demographic insights. | Legitimate interests; Legal Obligation. |
| Website Data and History | Analyze Site traffic and improve the general administration of our online services. | Legitimate interests. |
| Marketing & Advertising | Deliver relevant content and measure our promotional reach. | Legitimate interests; Consent (where applicable). |
3. How Neo4j Shares Your Information
Neo4j does not sell your Personal Data. We share your information with third parties as described below.
A. Third-Party Service Providers. We share data with third-party vendors who provide and perform services on our behalf. We contractually prohibit these vendors from using your data beyond what is necessary to assist us or beyond what you authorized Neo4j to do. These vendors may include:
- Hosting and Infrastructure: For example, Google Cloud Platform hosts and supports Neo4j’s Cloud Products.
- Payment Processing: Neo4j may use third-party processors to handle payments. We do not store your credit card numbers; you provide that directly to the processor.
B. Partners & Event Co-Sponsors. Neo4j may share data with business partners to fulfill your requests or to provide support.
- Event Co-Sponsors: If you register for an event, Neo4j may share your registration information with co-presenters or co-sponsors for that event. Unless you opt-out at the time of event registration, those sponsors may use your Personal Data for their own marketing purposes.
- Distributors & Resellers: We may share your information to fulfil product and information requests and to effectively deliver unified support.
C. Law Enforcement Requests and Safety Disclosures. Neo4j may disclose your Personal Data (a) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, if we are required to do so by law, regulation or other government authority or otherwise in cooperation with an ongoing investigation of a governmental authority, (b) to enforce the terms of service or agreement(s) for our Sites and/or Neo4j Products or to otherwise protect our rights, or (c) to protect the safety of users of our Sites or Neo4j Products.
D. Business Transfers. We may transfer your Personal Data to a successor entity upon a merger, consolidation or other corporate reorganization. If such a corporate transaction occurs, we will provide a notification of any changes of control of your information, as well as the choices you may have.
Digital Interactions and Tracking
1. Cookies and Tracking Data
We may use cookies and other tracking mechanisms to improve your experience with our Sites and the Neo4j Products. To learn more or opt-out, please see our Cookie Policy.
2. Third Party Sites and Social Plugins
The Sites may link to other websites or resources over which Neo4j does not have control (“External Websites”). Neo4j is not responsible for the content or privacy practices on these External Websites, and is providing these links only as a convenience. Further, interacting with third-party social plugins on the Sites (e.g. a Facebook “Like”) may allow these third-parties to receive your data. Your use of these plugins is subject to the third party’s privacy notice.
Your Rights and Control
1. Your Privacy Rights
Subject to local data protection laws, you may have certain rights regarding your Personal Data. Depending on the applicable laws, these may include the right to:
- Receive confirmation whether your Personal Data is being processed by us.
- Receive information about the processing.
- Access your Personal Data.
- Obtain a copy of your Personal Data.
- Object to our processing of your Personal Data.
- Have Personal Data concerning you deleted.
- Require correction of incorrect data about you.
- Not be subject to a decision made based on automated processing of only your Personal Data.
- Restrict the processing of data concerning you.
In certain cases, you may also have a right to data portability. This means that you may request your Personal Data either in a commonly used format, or to have it transmitted to another data controller as directed by you.
If you would like to exercise any of these rights, you can visit https://preferences.neo4j.com/privacy.
Please note that the exercise of these rights is not absolute. For certain rights specific criteria must be met or specific exceptions apply in order for the right to be exercised.
2. Notice to California Consumers
In addition to the rights above, California consumers should review the California Privacy Rights, located at https://neo4j.com/legal-terms/.
3. Opting-Out of Communication from Neo4j
You have the ability to “opt-out” or unsubscribe from receiving Neo4j marketing communications via email at any time. Neo4j also provides opt-out information in all marketing communications via an “unsubscribe” link in communication emails, which directly unsubscribes you from any further communication from Neo4j. You can also control these preferences at https://neo4j.com/manage-subscriptions/.
Global Data Management
1. International Transfers
The Personal Data entered on the Site or collected through Neo4j Products may be transferred outside of your country or location to another country, such as the United States of America. This may be done by one of our Affiliates or third-parties listed in Section 3 of the Personal Data Collection & Disclosure section on “How Neo4j Shares Your Information” above. “Affiliate” means any individual, corporation, partnership, or business entity that controls, is controlled by, or is under common control by an entity with an ownership of more than 50% of the voting shares.
Neo4j ensures that the recipient of your Personal Data provides an adequate level of protection and security, by entering into appropriate agreements, including, where required, standard contractual clauses or an alternative mechanism for the transfer of Personal Data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators or legislators. Transfers of Personal Data from the European Union to the United States of America are made using the EU Commission’s Standard Contractual Clauses (Decision 2004/915/EC) in accordance with applicable law.
By agreeing to the terms governing the Sites and/or Neo4j Products and this Privacy Notice, you consent to the transfer of your Personal Data to the United States of America, and to the processing of that information by Neo4j on servers located in the United States of America as described above.
2. Data Privacy Framework
Neo4j, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.
Neo4j, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
Neo4j, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is a conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, either Data Privacy Framework Principles shall govern.
The Federal Trade Commission has jurisdiction over Neo4j’s compliance with the Data Privacy Framework. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Please contact us for more information about international data transfers, or if you want to obtain a copy of the Data Processing Agreement between our European entities and our United States entity and/or a copy of the Standard Contractual Clauses used.
3. Information for EU, UK and Swiss Citizens
Neo4j Sweden AB, Neo4j Germany GmbH and Neo4j UK Limited are Personal Data controllers for the processing of your Personal Data, under UK and European data protection legislation.
Neo4j is committed to resolve any complaints about our collection and processing of your Personal Data in compliance with the Data Privacy Framework Principles. European Union, United Kingdom or Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Neo4j at: https://preferences.neo4j.com/privacy.
If your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel. In compliance with the applicable rules, Neo4j commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on Data Privacy Framework Principles. If Neo4j transfers data of EU, UK or Swiss individuals received pursuant to the EU-US Data Privacy Framework, UK Extension to the EU-U.S and the Swiss-U.S. Data Privacy Framework onward to third parties, Neo4j may be potentially liable. Neo4j provides you with the ability to review and update the personal information that you provide to us by contacting us at https://preferences.neo4j.com/privacy.If any complaints regarding our handling of Personal Data remain unresolved, Neo4j is committed to refer such complaints to the International Centre for Dispute Resolution (https://www.icdr.org/dpf), which is an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the International Centre for Dispute Resolution are provided at no cost to you.
4. Contact Information for European Companies
- Neo4j Sweden AB: Nordenskiöldsgatan 24, 211 19 Malmö, Sweden
- Neo4j UK Limited: Second Floor, Union House, 182 – 194 Union St, London SE1 0LH, United Kingdom
- Neo4j Germany GmbH: Westendstraße 28, 60325 Frankfurt am Main, Germany
Children’s Privacy
Neo4j recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. Our Site(s) and Products are not intended for children under the age of 16. Neo4j does not target its Sites or Products to children under 16. Neo4j does not knowingly collect Personal Data from children under the age of 16.
Data Security & Administration
1. Retaining your Personal Data
We keep your Personal Data only as long as necessary for the purpose for which it was collected or to meet legal obligations. When we decide how long we will keep your information we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, why we need it, and any relevant legal requirements.
2. Security
We employ technical and organizational measures, consistent with industry practice, which are reasonably designed to help protect your Personal Data from loss, unauthorized access, disclosure, alteration or destruction. These measures may include encryption, secure socket layer and other security measures to help prevent unauthorized access to your Personal Data.
3. Privacy Notice Updates
Neo4j may update this Privacy Notice from time to time. If so, Neo4j will post an updated Privacy Notice on the Sites or on an administrative or notice page of our Products, as applicable, along with notice that the Privacy Notice has been changed. Neo4j may also send authorized administrators of the Sites or Neo4j Products e-mails notifying such users of any material changes to the Privacy Notice. Neo4j encourages you to review this Privacy Notice regularly for any changes. Your continued use of this Site and/or continued provision of Personal Data to us will be subject to the then-current Privacy Notice, and indicates your acceptance of such terms.
4. Complaints
If you have any complaints regarding our processing of your Personal Data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Our Data Protection Officer can be reached at: dponeo4j@neo4j.com.