Data Protection

How we protect your personal data and ensure compliance with regulations

Last updated: June 15, 2023

1. Our Commitment to Data Protection

At NeuroProfile, we are committed to protecting your personal data and respecting your privacy. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for our users in the European Union, the California Consumer Privacy Act (CCPA) for our users in California, and other relevant data protection regulations.

This Data Protection Policy explains how we collect, use, store, and protect your personal information when you use our services.

2. Data Protection Principles

We adhere to the following data protection principles:

Lawfulness, Fairness, and Transparency

We process your data lawfully, fairly, and in a transparent manner. We clearly communicate how we use your data and obtain appropriate consent when required.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.

Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure that personal data is accurate and kept up to date.

Storage Limitation

We keep personal data in a form that permits identification of data subjects for no longer than necessary.

Integrity and Confidentiality

We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Accountability

We are responsible for demonstrating compliance with these principles.

3. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data that we hold.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@neuroprofile.com.

4. International Data Transfers

NeuroProfile is based in the United States, but we may transfer and process data outside of your country of residence. When we transfer your personal data outside the European Economic Area (EEA) or other regions with comprehensive data protection laws, we ensure appropriate safeguards are in place.

These safeguards may include:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules for intra-group transfers
  • Certification under the EU-US Privacy Shield Framework (where applicable)
  • Other legally accepted mechanisms for international data transfers

5. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical Measures
  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of data at rest using AES-256 encryption
  • Regular security testing and vulnerability assessments
  • Access controls and authentication mechanisms
  • Network security and intrusion detection systems
Organizational Measures
  • Data protection policies and procedures
  • Employee training on data protection
  • Confidentiality agreements with staff and contractors
  • Regular audits of data processing activities
  • Incident response and data breach notification procedures

6. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy and applicable data protection laws. You can contact our DPO at:

  • Email: dpo@neuroprofile.com
  • Address: Data Protection Officer, NeuroProfile, 123 Neuroscience Way, San Francisco, CA 94107, United States

7. Changes to This Policy

We may update our Data Protection Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

You are advised to review this Data Protection Policy periodically for any changes. Changes to this policy are effective when they are posted on this page.

8. Contact Us

If you have any questions about this Data Protection Policy, please contact us:

  • By email: privacy@neuroprofile.com
  • By mail: NeuroProfile, 123 Neuroscience Way, San Francisco, CA 94107, United States

You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes applicable data protection laws.