Last Updated: 01 January 2025
This Privacy Policy (“Policy”) explains how Neurone inc. (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards personal data, including biometric data (such as electroencephalography, or EEG signals), when you use our non-invasive neurointerface device and related software application (collectively, the “Service”). We are committed to protecting your personal information and your right to privacy, in compliance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act / California Privacy Rights Act (“CCPA/CPRA”), among others.
By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, please do not use the Service.
By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, please do not use the Service.
1. DEFINITIONS
- Company (also “we,” “us,” or “our”): Neurone inc., with registered address at 8 The Green, Ste A, Dover, DE 19901 and contact email: appsupport@neurodive.com.
- Service: Our website, mobile application(s), related software, and/or the non-invasive neurointerface device, owned or operated by the Company.
- User (also “you” or “your”): Any individual who uses or accesses the Service, or a representative of a legal entity using the Service.
- Personal Data: Any information relating to an identified or identifiable natural person, as defined by relevant laws (e.g., GDPR, CCPA/CPRA).
- Biometric Data: Data resulting from specific technical processing relating to a person’s physiology or behavior (e.g., EEG signals) that can uniquely identify or describe a user’s psychophysiological state.
- Cookies: Small text files placed on your device by websites you visit or by third-party services integrated into a website.
- GDPR: EU General Data Protection Regulation 2016/679.
- CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act, applicable to California residents.
- DPO (Data Protection Officer).
2. CATEGORIES OF DATA WE COLLECT
2.1. Data You Provide Directly
Contact Information: Name, email address, phone number, postal address (if you provide it for order processing or user registration).
Account Credentials: Login, password, and other details necessary to set up and maintain a user account.
Communications: Any information you provide when contacting customer support or otherwise corresponding with us.
2.2. Biometric (EEG) and Health-Related Data
We collect and analyze EEG signals through our non-invasive neurointerface device. These signals may qualify as biometric or health-related data under relevant laws.
We process EEG data strictly to enable the Service’s features (such as measuring or interpreting concentration, stress levels, etc.) and to improve or develop new functionalities related to neurofeedback.
We obtain your explicit consent for the collection and processing of your EEG data, typically through in-app prompts or device setup steps. You may withdraw consent at any time by contacting us or adjusting your account settings, although this may affect certain functionality of the Service.
2.3. Usage Data (Automatically Collected)
Device & Log Information: Internet Protocol (IP) address, browser type, operating system, device identifiers, date/time of visits, pages viewed, session duration, and error logs.
Geolocation Data: Approximate location (if you grant permission), used for core functions or analytics.
Cookies & Similar Technologies: We use Cookies, web beacons, and similar tracking technologies to enhance your experience and gather usage statistics.
2.4. Third-Party Social Media Services
You may register or log in via social network accounts (e.g., Google, Facebook). We receive personal data (e.g., name, email) from those services according to your privacy settings on those platforms.
Contact Information: Name, email address, phone number, postal address (if you provide it for order processing or user registration).
Account Credentials: Login, password, and other details necessary to set up and maintain a user account.
Communications: Any information you provide when contacting customer support or otherwise corresponding with us.
2.2. Biometric (EEG) and Health-Related Data
We collect and analyze EEG signals through our non-invasive neurointerface device. These signals may qualify as biometric or health-related data under relevant laws.
We process EEG data strictly to enable the Service’s features (such as measuring or interpreting concentration, stress levels, etc.) and to improve or develop new functionalities related to neurofeedback.
We obtain your explicit consent for the collection and processing of your EEG data, typically through in-app prompts or device setup steps. You may withdraw consent at any time by contacting us or adjusting your account settings, although this may affect certain functionality of the Service.
2.3. Usage Data (Automatically Collected)
Device & Log Information: Internet Protocol (IP) address, browser type, operating system, device identifiers, date/time of visits, pages viewed, session duration, and error logs.
Geolocation Data: Approximate location (if you grant permission), used for core functions or analytics.
Cookies & Similar Technologies: We use Cookies, web beacons, and similar tracking technologies to enhance your experience and gather usage statistics.
2.4. Third-Party Social Media Services
You may register or log in via social network accounts (e.g., Google, Facebook). We receive personal data (e.g., name, email) from those services according to your privacy settings on those platforms.
3. LEGAL BASES FOR PROCESSING (GDPR)
3. LEGAL BASES FOR PROCESSING (GDPR)
For Users in the European Economic Area (“EEA”) and other GDPR-applicable regions, we rely on the following legal bases:
1. Consent (Art. 6(1)(a) / 9(2)(a) GDPR):
Especially for processing EEG (biometric) data or sending marketing communications.
2. Performance of a Contract (Art. 6(1)(b) GDPR):
To provide the functionalities of the Service (e.g., user account management, device functionality).
3. Legitimate Interests (Art. 6(1)(f) GDPR):
For security, fraud prevention, or service improvements (not applicable to special categories of data).
4. Legal Obligations (Art. 6(1)(c) GDPR):
Where required by law or when responding to lawful requests by public authorities.
For Users in the European Economic Area (“EEA”) and other GDPR-applicable regions, we rely on the following legal bases:
1. Consent (Art. 6(1)(a) / 9(2)(a) GDPR):
Especially for processing EEG (biometric) data or sending marketing communications.
2. Performance of a Contract (Art. 6(1)(b) GDPR):
To provide the functionalities of the Service (e.g., user account management, device functionality).
3. Legitimate Interests (Art. 6(1)(f) GDPR):
For security, fraud prevention, or service improvements (not applicable to special categories of data).
4. Legal Obligations (Art. 6(1)(c) GDPR):
Where required by law or when responding to lawful requests by public authorities.
4. COOKIES AND TRACKING TECHNOLOGIES
We use Cookies and similar technologies to:
You can modify your browser settings to block or delete Cookies, but some features of the Service may not function properly without them. We may also use third-party analytics tools (e.g., Google Analytics) that place their own Cookies, subject to your consent where required by law.
- Remember your sign-in status and preferences (e.g., language, region).
- Understand how you interact with our Service (analytics).
- Provide, maintain, and improve our Service.
You can modify your browser settings to block or delete Cookies, but some features of the Service may not function properly without them. We may also use third-party analytics tools (e.g., Google Analytics) that place their own Cookies, subject to your consent where required by law.
5. HOW WE USE YOUR DATA
We use personal data, including biometric data, for the following purposes:
1. Providing and Maintaining the Service
Creating and managing user accounts.
Enabling neurointerface functionality (capturing, analyzing, and displaying EEG).
Offering technical support.
2. Service Improvement and Analytics
Understanding user interactions to optimize UI/UX and enhance neurofeedback algorithms.
3. Marketing and Communications (with consent)
Sending newsletters, updates, or promotional offers if you have opted in to receive such communications.
4. Legal Compliance
Complying with applicable laws and regulations, such as accounting/tax obligations. Responding to valid legal requests from public authorities.
5. Security and Fraud Prevention
Protecting our Service, investigating suspicious activity, and enforcing our Terms of Use.
1. Providing and Maintaining the Service
Creating and managing user accounts.
Enabling neurointerface functionality (capturing, analyzing, and displaying EEG).
Offering technical support.
2. Service Improvement and Analytics
Understanding user interactions to optimize UI/UX and enhance neurofeedback algorithms.
3. Marketing and Communications (with consent)
Sending newsletters, updates, or promotional offers if you have opted in to receive such communications.
4. Legal Compliance
Complying with applicable laws and regulations, such as accounting/tax obligations. Responding to valid legal requests from public authorities.
5. Security and Fraud Prevention
Protecting our Service, investigating suspicious activity, and enforcing our Terms of Use.
6. DISCLOSURE AND SHARING OF DATA
We do not sell or rent your personal data to third parties for profit. However, we may share personal data in the following circumstances:
1. Service Providers
Hosting providers, payment processors, analytics providers, or other vendors who perform services on our behalf, bound by contractual confidentiality and data protection obligations.
2. Affiliates and Subsidiaries
Our parent company, subsidiaries, or other entities under common control, subject to consistent privacy safeguards.
3. Business Transactions
In the event of a merger, acquisition, bankruptcy, or other corporate transaction, your data may be transferred as part of the assets. You will be notified of any change in data ownership or use.
4. Legal Compliance and Protection
To comply with applicable laws, court orders, or requests from government authorities; To protect our rights, property, or the safety of our users or the public.
5. Cross-Border Data Transfer
If you reside in the EEA, your data may be processed in countries outside the EEA (e.g., the United States) where data protection laws may differ. We rely on valid legal mechanisms (e.g., Standard Contractual Clauses) to ensure an adequate level of protection for cross-border transfers.
1. Service Providers
Hosting providers, payment processors, analytics providers, or other vendors who perform services on our behalf, bound by contractual confidentiality and data protection obligations.
2. Affiliates and Subsidiaries
Our parent company, subsidiaries, or other entities under common control, subject to consistent privacy safeguards.
3. Business Transactions
In the event of a merger, acquisition, bankruptcy, or other corporate transaction, your data may be transferred as part of the assets. You will be notified of any change in data ownership or use.
4. Legal Compliance and Protection
To comply with applicable laws, court orders, or requests from government authorities; To protect our rights, property, or the safety of our users or the public.
5. Cross-Border Data Transfer
If you reside in the EEA, your data may be processed in countries outside the EEA (e.g., the United States) where data protection laws may differ. We rely on valid legal mechanisms (e.g., Standard Contractual Clauses) to ensure an adequate level of protection for cross-border transfers.
7. DATA RETENTION AND SECURITY
1. Retention Period
We retain your personal data for as long as your account remains active or as needed to fulfill the purposes outlined in this Policy.
EEG data are generally kept for up to 5 years following your last active session unless further retention is required by law or by your explicit agreement. After that period, data may be securely deleted or anonymized.
Web and usage logs are typically kept for 5 years for security, analytics, and fraud detection.
2. Security Measures
We implement technical and organizational measures to protect personal data, including encryption in transit (TLS/SSL) and, where feasible, encryption or pseudonymization at rest.
Access to biometric (EEG) data is strictly limited to authorized personnel who require it to perform their duties.
While we strive to use commercially acceptable means to protect data, no method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security.
We retain your personal data for as long as your account remains active or as needed to fulfill the purposes outlined in this Policy.
EEG data are generally kept for up to 5 years following your last active session unless further retention is required by law or by your explicit agreement. After that period, data may be securely deleted or anonymized.
Web and usage logs are typically kept for 5 years for security, analytics, and fraud detection.
2. Security Measures
We implement technical and organizational measures to protect personal data, including encryption in transit (TLS/SSL) and, where feasible, encryption or pseudonymization at rest.
Access to biometric (EEG) data is strictly limited to authorized personnel who require it to perform their duties.
While we strive to use commercially acceptable means to protect data, no method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security.
8. YOUR RIGHTS
8.1. GDPR Rights (EEA Residents)
Under GDPR, you have the right to:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to legal exceptions.
Restriction of Processing: Temporarily limit processing of your data under certain circumstances.
Objection: Object to processing if we lack overriding legitimate grounds.
Data Portability: Obtain a machine-readable copy of your data or request direct transfer to another service provider.
Withdraw Consent: Revoke your consent for EEG or other processing at any time without affecting the lawfulness of prior processing.
8.2. CCPA/CPRA Rights (California Residents)
If you are a California resident, you may have the right to:
Know the categories of personal information collected and with whom they are shared.
Delete personal information we have collected about you (subject to certain exceptions).
Correct inaccurate personal information.
Limit the Use of Sensitive Personal Information: If EEG data are considered sensitive under CPRA, we use them only for the provision of our Service. Should we consider additional uses, you have the right to limit such use.
Opt Out of Sale/Sharing of personal data (we do not currently sell data, but if our practices change, we will provide an opt-out mechanism).
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To submit a request under CCPA/CPRA, please contact us as described in the “Contact Us” section below. We typically respond within 45 days, subject to extension where permitted by law.
Under GDPR, you have the right to:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to legal exceptions.
Restriction of Processing: Temporarily limit processing of your data under certain circumstances.
Objection: Object to processing if we lack overriding legitimate grounds.
Data Portability: Obtain a machine-readable copy of your data or request direct transfer to another service provider.
Withdraw Consent: Revoke your consent for EEG or other processing at any time without affecting the lawfulness of prior processing.
8.2. CCPA/CPRA Rights (California Residents)
If you are a California resident, you may have the right to:
Know the categories of personal information collected and with whom they are shared.
Delete personal information we have collected about you (subject to certain exceptions).
Correct inaccurate personal information.
Limit the Use of Sensitive Personal Information: If EEG data are considered sensitive under CPRA, we use them only for the provision of our Service. Should we consider additional uses, you have the right to limit such use.
Opt Out of Sale/Sharing of personal data (we do not currently sell data, but if our practices change, we will provide an opt-out mechanism).
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To submit a request under CCPA/CPRA, please contact us as described in the “Contact Us” section below. We typically respond within 45 days, subject to extension where permitted by law.
9. EXERCISING YOUR RIGHTS
You may exercise your rights by:
Email: Sending a request to appsupport@neurodive.com, specifying the right you wish to exercise.
App/Account Settings: Where supported, adjusting settings or preferences within your user account or the application.
We may require you to verify your identity before fulfilling certain requests. We aim to respond to GDPR-related requests within 30 days and CCPA/CPRA-related requests within 45 days, subject to any lawful extension.
Email: Sending a request to appsupport@neurodive.com, specifying the right you wish to exercise.
App/Account Settings: Where supported, adjusting settings or preferences within your user account or the application.
We may require you to verify your identity before fulfilling certain requests. We aim to respond to GDPR-related requests within 30 days and CCPA/CPRA-related requests within 45 days, subject to any lawful extension.
10. CHILDREN’S PRIVACY
Our Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe that we have inadvertently collected personal information from a child under 13, please contact us immediately so we can take steps to remove such information. For some jurisdictions in the EEA, parental or guardian consent may be required for processing data of children under 16. We will comply with COPPA and other applicable child protection laws where relevant.
11. LINKS TO THIRD-PARTY WEBSITES
The Service may contain links to external sites or services not operated by us. We are not responsible for the privacy practices or content of such third-party sites. We encourage you to review their privacy policies before providing any information.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or to comply with new regulations. The updated version will be posted on https://neurodive.com/ with a new “Last Updated” date. If changes are significant, we may provide a more prominent notice (e.g., by email or via the Service interface). You should periodically review this page for the latest information on our privacy practices.
13. CONTACT US
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact us at:
Neurone inc.
8 The Green, Ste A, Dover, DE 19901
Email: appsupport@neurodive.com
Website: https://neurodive.com/
If you are in the EEA and believe we have not resolved your concern, you have the right to lodge a complaint with a supervisory authority in your country of residence or where you believe a breach may have occurred.
Neurone inc.
8 The Green, Ste A, Dover, DE 19901
Email: appsupport@neurodive.com
Website: https://neurodive.com/
If you are in the EEA and believe we have not resolved your concern, you have the right to lodge a complaint with a supervisory authority in your country of residence or where you believe a breach may have occurred.
This Privacy Policy (“Policy”) explains how Neurone inc. (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards personal data, including biometric data (such as electroencephalography, or EEG signals), when you use our non-invasive neurointerface device and related software application (collectively, the “Service”). We are committed to protecting your personal information and your right to privacy, in compliance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act / California Privacy Rights Act (“CCPA/CPRA”), among others.
By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, please do not use the Service.
By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, please do not use the Service.
By using our Service, you agree to this Privacy Policy. Thank you for trusting Neurone inc. with your personal and biometric data. We are committed to safeguarding your information and respecting your privacy rights.
Privacy Policy
Email
Adress
8 The Green, Ste A, Dover, DE 19901
© 2024 NeuroDive. All rights reserved
