NUERALIX PRIVACY POLICY

Comprehensive protection for your personal and health information

Privacy First Approach

Last Updated: October 30, 2025

Introduction

At Nueralix, we are committed to protecting your privacy and handling your personal and health data with the highest standards of care, transparency, and security. This Privacy Policy provides a comprehensive explanation of how we collect, use, process, disclose, store, and safeguard your information when you use our mobile application ("App"), website, and related services (collectively, the "Services").

Please read this privacy policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

Nueralix is a comprehensive health and wellness application that combines fitness tracking, medical assistance through health assessments, chronic disease management tools, and telehealth features. Our Services require access to sensitive health data to function properly and deliver personalized, evidence-based health recommendations.

Summary of Key Points

We Don't Sell Your Data: We never sell your personal or health data to third parties.

Health Data for Health Purposes Only: We use health data exclusively for fitness tracking, medical guidance, chronic disease management, and wellness optimization—never for advertising.

You Control Your Data: Access, update, export, or delete your data at any time through app settings.

Strong Security: Medical-grade encryption (AES-256 at rest, TLS 1.3 in transit), access controls, and HIPAA-aligned practices.

Transparent Assistance Use: Our medical assistance analyzes your data to provide personalized medical information, but you make all decisions.

Limited Sharing: We only share data with service providers bound by strict contracts, and with healthcare providers you explicitly authorize.

Your Rights: Access, correction, deletion, data portability, and consent withdrawal rights available to all users.

Age Restriction: Services are for users 16+ only; we do not knowingly collect data from children.

International Compliance: GDPR, CCPA, HIPAA-aligned practices to protect your privacy regardless of location.

Contact Us Anytime: Questions or concerns? Email [email protected]

1. Information We Collect

We collect several types of information to provide, maintain, improve, and personalize our Services. The collection of this data enables us to deliver accurate health insights, medical guidance, and fitness recommendations tailored to your individual needs.

1.1 Personal Information

What We Collect:

  • Account Information: Name, email address, phone number, date of birth, gender
  • Profile Information: Height, weight, body composition, profile picture
  • Demographic Information: Age, location (city/state level only)
  • Authentication Data: Username, password (encrypted), security questions
  • Communication Preferences: Email preferences, notification settings, language preferences

Why We Collect It:

  • Create and manage your user account
  • Verify your identity and prevent unauthorized access
  • Personalize your experience and content
  • Calculate accurate health metrics (BMI, caloric needs, target heart rate zones)
  • Communicate with you about your account and services
  • Comply with age verification requirements (must be 16+ years)

How We Collect It:

  • Directly from you during account registration and profile setup
  • When you update your profile settings
  • Through account verification processes

1.2 Health and Fitness Data

Nueralix collects comprehensive health and fitness data with your explicit consent to provide medical guidance, fitness tracking, chronic disease management, and personalized wellness recommendations. This data is considered highly sensitive and is subject to enhanced privacy protections.

1.2.1 Health Connect Data (Android)

We request access to the following Android Health Connect permissions to enable core health monitoring and medical features:

Sleep Data (android.permission.health.READ_SLEEP)

What We Collect:

  • Sleep duration (total time asleep)
  • Sleep stages (light, deep, REM sleep where available)
  • Sleep quality scores
  • Sleep start and end times
  • Sleep interruptions and awakenings
  • Nightly heart rate patterns during sleep

Why We Collect It & How We Use It:

Medical & Clinical Uses:

  • Symptom Correlation: Sleep disturbances are diagnostic indicators for cardiovascular disease, respiratory disorders (sleep apnea), metabolic conditions (diabetes, thyroid disorders), neurological conditions, mental health disorders (depression, anxiety, PTSD), chronic pain, and hormonal imbalances
  • Chronic Disease Management: Monitor disease progression and treatment efficacy; detect complications; assess medication side effects
  • Cardiovascular Risk Assessment: Analyze sleep patterns with heart rate data to identify potential arrhythmias, cardiovascular stress, and recovery adequacy
  • Mental Health Screening: Sleep changes are core diagnostic criteria for mood disorders; track treatment response
  • Medical Analysis: Provide accurate, contextual medical guidance by analyzing sleep alongside other vital signs when you ask health questions
  • Clinical Documentation: Include sleep data in health reports for healthcare provider consultations

Fitness & Wellness Uses:

  • Track sleep duration for adequate workout recovery
  • Adjust workout intensity recommendations based on sleep quality
  • Optimize training schedules around rest and recovery
  • Prevent overtraining by monitoring sleep-activity balance
  • Daily wellness scoring combining sleep with activity metrics
  • Personalized bedtime recommendations
Heart Rate Data (android.permission.health.READ_HEART_RATE)

What We Collect:

  • Real-time heart rate measurements (beats per minute)
  • Resting heart rate
  • Maximum heart rate during activities
  • Heart rate during exercise and recovery
  • Heart rate variability (HRV) where available
  • Heart rate trends and patterns over time

Why We Collect It & How We Use It:

Medical & Clinical Uses:

  • Cardiovascular Health Assessment: Detect potential arrhythmias, heart failure indicators, coronary artery disease signs; assess cardiovascular mortality risk
  • Symptom Correlation: Essential context when you report chest pain, shortness of breath, dizziness, palpitations, or fatigue through our medical assistance
  • Chronic Disease Monitoring: Heart failure management (elevated HR indicates decompensation), hypertension control, diabetes complications (autonomic neuropathy), thyroid disorders (hyper/hypothyroidism detection)
  • Medication Safety Monitoring: Track effects of cardiac medications (beta-blockers, digoxin, calcium channel blockers) and detect adverse reactions from any medication affecting heart rate
  • Mental Health Assessment: Elevated resting HR and reduced HRV indicate anxiety, depression, PTSD, chronic stress
  • Infection & Illness Detection: Tachycardia signals fever, sepsis, dehydration, hypoxia
  • Exercise Prescription Safety: Calculate safe target heart rate zones for cardiac rehabilitation and high-risk patients
  • Vital Sign Integration: Heart rate is a primary vital sign displayed in Activity Insights dashboard for comprehensive health monitoring

Fitness & Wellness Uses:

  • Real-time heart rate display during workouts
  • Training zone optimization (aerobic, anaerobic, peak)
  • Cardiovascular fitness assessment and VO2 max estimation
  • Recovery status monitoring
  • Overtraining prevention
  • Caloric expenditure accuracy improvement
Total Calories Burned (android.permission.health.READ_TOTAL_CALORIES_BURNED)

What We Collect:

  • Total daily energy expenditure (TDEE)
  • Active calories burned through exercise
  • Resting/basal metabolic rate (BMR)
  • Hourly and daily caloric expenditure patterns
  • Caloric burn by activity type

Why We Collect It & How We Use It:

Medical & Clinical Uses:

  • Metabolic Health Assessment: Evaluate metabolic rate, detect thyroid disorders (hypo/hyperthyroidism), identify metabolic syndrome risk
  • Chronic Disease Management: Diabetes activity monitoring (affects insulin/medication needs), cardiovascular disease rehabilitation tracking, obesity treatment with precise caloric deficit calculation, COPD exercise tolerance, cancer cachexia detection
  • Weight Management Medicine: Calculate evidence-based caloric deficits for safe weight loss (1-2 lbs/week = 500-1000 cal/day deficit), monitor medical weight loss programs, prevent metabolic adaptation
  • Nutritional Medicine: Determine daily caloric needs for medical nutrition therapy, malnutrition risk screening, eating disorder recovery monitoring
  • Symptom Analysis: Reduced caloric expenditure objectively measures fatigue, weakness, deconditioning; helps distinguish physical vs. mental causes
  • Medication Monitoring: Track metabolic effects of weight-gaining medications (antipsychotics, corticosteroids) and stimulant medications

Nutrition & Wellness Uses:

  • Calculate Total Daily Energy Expenditure (TDEE) for personalized meal planning
  • Energy balance tracking (calories in vs. calories out)
  • Personalized macronutrient recommendations based on activity level
  • Activity-based dietary adjustments (higher needs on active days)
  • Weight management goal tracking (loss, gain, maintenance)
  • Performance nutrition for athletes
Distance (android.permission.health.READ_DISTANCE)

What We Collect:

  • Daily distance traveled (walking, running, cycling)
  • Distance by activity type
  • Hourly and weekly distance patterns
  • Outdoor vs. indoor distance tracking

Why We Collect It & How We Use It:

Medical & Clinical Uses:

  • Cardiovascular Fitness: Distance correlates with VO2 max and heart health
  • Cardiac Rehabilitation: Track prescribed walking distances post-heart attack or surgery
  • Peripheral Artery Disease (PAD): Reduced walking distance indicates poor circulation
  • Chronic Disease Monitoring: Diabetes activity tracking, COPD exercise tolerance evaluation
  • Functional Capacity Assessment: 6-minute walk test equivalent; fall risk evaluation in elderly
  • Symptom Correlation: Provide context when reporting shortness of breath or leg pain

Fitness & Wellness Uses:

  • Daily activity monitoring and distance-based goals
  • Training progression for runners and cyclists
  • Validate step counts with actual distance
  • Improve caloric expenditure calculations (distance × weight)
  • Route and performance tracking
Exercise Sessions (android.permission.health.READ_EXERCISE)

What We Collect:

  • Exercise session details (start time, duration, end time)
  • Exercise type (running, cycling, swimming, strength training, yoga, sports, etc.)
  • Exercise intensity level
  • Workout frequency and consistency
  • Training volume and patterns

Why We Collect It & How We Use It:

Medical & Clinical Uses:

  • Chronic Disease Management: Diabetes (exercise timing affects glucose/insulin), cardiac rehabilitation compliance, hypertension (exercise frequency lowers BP), obesity (weight loss requires 200-300 min/week tracking), pulmonary rehabilitation
  • Exercise Prescription: Monitor adherence to prescribed exercise programs; ensure safe progression
  • Symptom Correlation: Exercise-induced symptoms (chest pain during running, shortness of breath during activity) help diagnose cardiac/pulmonary issues
  • Mental Health Treatment: Exercise as depression/anxiety treatment; track behavioral activation effectiveness
  • Injury Prevention: Training load monitoring to prevent overuse injuries; detect overtraining syndrome
  • Post-Exertional Malaise: Track chronic fatigue syndrome, Long COVID recovery

Fitness & Wellness Uses:

  • Comprehensive workout history and logging
  • Training progression and periodization
  • Performance analytics and personal records
  • Activity guideline adherence (150 min/week moderate or 75 min/week vigorous)
  • Recovery adequacy assessment
  • Workout variety and balance evaluation
Step Count (android.permission.health.READ_STEPS)

What We Collect:

  • Daily step count
  • Hourly step patterns
  • Steps by time of day
  • Step trends over time
  • Active minutes derived from step cadence

Why We Collect It & How We Use It:

Medical & Clinical Uses:

  • Cardiovascular Health: Step count correlates with reduced cardiovascular disease risk; validated mortality predictor
  • Chronic Disease Management: Diabetes (steps improve insulin sensitivity), hypertension (walking lowers BP), obesity, arthritis mobility tracking
  • Functional Mobility: Age-related decline detection, fall risk assessment, post-surgery recovery monitoring
  • Mental Health: Walking as depression treatment (behavioral activation), anxiety reduction
  • Activity Level Classification: Objective measurement for clinical assessments (sedentary, lightly active, moderately active, very active)

Fitness & Wellness Uses:

  • Daily 10,000-step goal tracking and achievement
  • Activity rings visualization and progress
  • Sedentary behavior detection and movement reminders
  • Baseline activity assessment for personalized recommendations
  • Differentiate daily movement from structured exercise

1.2.2 HealthKit Data (iOS)

For iOS users, we collect equivalent health data through Apple HealthKit with your explicit permission, including sleep analysis, heart rate, active energy, walking + running distance, workouts, and step count.

1.2.3 Manually Entered Health Data

  • Medical History: Existing health conditions, past diagnoses, surgeries, hospitalizations
  • Medications: Current medications, dosages, frequency, start dates
  • Allergies: Drug allergies, food allergies, environmental allergies
  • Immunizations: Vaccination history and dates
  • Symptoms: Self-reported symptoms with severity, duration, and characteristics
  • Vital Signs: Manual entries of blood pressure, temperature, blood glucose, weight, SpO2
  • Health Assessments: Responses to health questionnaires and screening tools
  • Health Notes: Personal health journal entries and observations
  • Test Results: Lab results, imaging reports, diagnostic test outcomes
  • Nutrition Data: Food intake, meal logging, water consumption, macronutrients

Why We Collect It:

  • Provide comprehensive medical history for medical assistance analysis
  • Track chronic disease management and treatment adherence
  • Monitor medication effects and potential side effects
  • Correlate symptoms with objective health data
  • Generate complete health reports for healthcare provider consultations
  • Identify health patterns and trends requiring intervention

1.3 Medical Assistance Interaction Data

What We Collect:

  • Health questions and queries you submit to the assistant
  • Conversation history and message threads
  • Symptom descriptions and clarification responses
  • Medical advice requests and follow-up questions
  • User-initiated health assessments
  • Feedback on assistant responses (helpful/not helpful ratings)

Why We Collect It:

  • Provide accurate, personalized medical guidance and health recommendations
  • Maintain conversation context for coherent multi-turn dialogues
  • Improve symptom analysis by understanding full medical context
  • Generate comprehensive health assessments considering your complete health profile
  • Refine assistance response quality based on user feedback
  • Identify urgent health concerns requiring immediate medical attention
  • Document health concerns for longitudinal tracking

How We Use It:

Our medical assistance analyzes your queries alongside your health data (with your permission) to provide contextual medical information, symptom exploration, treatment options discussion, and care recommendations. Conversations are used to improve service quality but are never used for advertising or sold to third parties.

1.4 Device and Technical Information

What We Collect:

  • Device Identifiers: Unique device ID, hardware model, device name
  • Operating System: OS version, platform (iOS/Android)
  • Mobile Network Information: Carrier name, connection type (WiFi, cellular)
  • App Version: Application version number, build number
  • Device Settings: Language preference, time zone, notification permissions
  • Device Sensors: Accelerometer, gyroscope data (for activity detection only)
  • IP Address: For security, fraud prevention, and approximate location (city/state level)

Why We Collect It:

  • Ensure app compatibility and optimal performance
  • Troubleshoot technical issues and bugs
  • Provide platform-specific features
  • Deliver push notifications for health reminders
  • Detect and prevent fraudulent activity and unauthorized access
  • Analyze app crashes to improve stability
  • Support multiple devices under one account

1.5 Usage and Analytics Data

What We Collect:

  • App Usage: Features accessed, screens viewed, time spent in app, navigation patterns
  • Interaction Data: Button clicks, form submissions, search queries within app
  • Performance Metrics: App load times, response times, error rates
  • Session Information: Login frequency, session duration, last active date
  • Feature Adoption: Which features you use and how frequently
  • A/B Testing Data: Responses to different UI variations or feature sets

Why We Collect It:

  • Understand how users interact with our Services
  • Identify popular and underutilized features
  • Improve user interface and user experience design
  • Optimize app performance and speed
  • Prioritize feature development based on user needs
  • Detect and resolve bugs or errors
  • Measure effectiveness of new features

What We Don't Collect:

We do NOT collect: precise geolocation/GPS coordinates, contacts from your device, photos/media (except profile pictures you explicitly upload), microphone audio (except voice input you initiate), SMS/text messages, phone calls, or browsing history outside our app.

2. How We Use Your Information

We use the collected information for the following purposes, always in accordance with your consent and applicable privacy laws:

2.1 Core Service Delivery

  • Account Management: Create, maintain, and secure your user account
  • Health Monitoring: Display real-time health metrics in Activity Insights dashboard and activity rings
  • Medical Assistance: Provide personalized medical information, symptom analysis, treatment discussions, and health recommendations through in-app assistance
  • Chronic Disease Management: Track and monitor chronic health conditions with trend analysis and alerts
  • Fitness Tracking: Log workouts, track progress toward fitness goals, provide performance analytics
  • Nutrition Guidance: Calculate personalized caloric needs, provide meal recommendations, track nutritional goals
  • Sleep Optimization: Analyze sleep patterns and provide recommendations for better rest and recovery
  • Health Assessments: Generate comprehensive health evaluations integrating multiple data sources
  • Medication Management: Track medication schedules, monitor adherence, alert to potential side effects
  • Telehealth Features: Facilitate patient-doctor communication with shared health data and encounter documentation

2.2 Personalization and Recommendations

  • Customized Content: Deliver health insights, articles, and tips relevant to your health profile and interests
  • Personalized Recommendations: Generate personalized exercise prescriptions, nutrition plans, sleep strategies, and lifestyle modifications based on your data
  • Goal Setting: Suggest achievable health and fitness goals tailored to your current fitness level
  • Risk Assessment: Identify potential health risks based on activity patterns, vital signs, and health history
  • Predictive Insights: Alert you to concerning trends (e.g., declining activity, elevated resting heart rate, poor sleep patterns)
  • Adaptive Coaching: Adjust recommendations based on your progress, preferences, and feedback

2.3 Medical and Clinical Analysis

  • Comprehensive Health Assessment: Integrate sleep, heart rate, activity, nutrition, and self-reported data for holistic health evaluation
  • Symptom Correlation: Analyze relationships between symptoms and objective health metrics
  • Medication Monitoring: Detect potential medication side effects through vital sign changes
  • Disease Progression Tracking: Monitor trends in chronic conditions over time
  • Treatment Efficacy: Assess whether medical treatments and lifestyle interventions are working
  • Clinical Decision Support: Provide evidence-based information to support your healthcare decisions
  • Urgent Care Guidance: Identify symptoms requiring immediate medical attention and recommend appropriate level of care

2.4 Communication

  • Transactional Messages: Send account confirmations, password resets, payment receipts
  • Health Reminders: Notify you about medication schedules, appointment reminders, health check-ins
  • Progress Updates: Share milestone achievements, goal completions, streak notifications
  • Educational Content: Provide health tips, wellness articles, feature tutorials
  • Customer Support: Respond to your questions, requests, and technical support needs
  • Service Updates: Inform you about new features, app updates, terms changes, security alerts
  • Marketing Communications: Send promotional offers, newsletters, surveys (you can opt-out anytime)

2.5 Research and Improvement

  • Service Improvement: Analyze usage patterns to enhance features, fix bugs, optimize performance
  • Product Development: Understand user needs to develop new features and services
  • Quality Assurance: Test new features and ensure they work properly before wide release
  • Service Quality Improvement: Improve medical assistance accuracy and response quality (using aggregated, de-identified data only)
  • Scientific Research: Conduct population health research using aggregated, anonymized data to advance medical knowledge (only with explicit opt-in consent)

2.6 Security and Compliance

  • Fraud Prevention: Detect and prevent unauthorized access, account takeovers, fraudulent transactions
  • Security Monitoring: Identify suspicious activity, security threats, potential data breaches
  • Abuse Prevention: Prevent misuse of Services, spam, harassment, or violation of terms
  • Legal Compliance: Comply with legal obligations, court orders, subpoenas, regulatory requirements
  • Audit and Verification: Maintain records for compliance audits and regulatory inspections
  • Age Verification: Ensure users meet minimum age requirement (16+)

2.7 Business Operations

  • Analytics and Reporting: Generate business intelligence and operational reports
  • Customer Insights: Understand user demographics, preferences, and behavior patterns
  • A/B Testing: Compare different features or designs to determine what works best
  • Performance Monitoring: Track key performance indicators and service reliability
  • Financial Operations: Process payments, manage subscriptions, handle refunds

4. Data Sharing and Disclosure

We are committed to not selling your personal or health data. We only share your information in the limited circumstances described below:

4.1 No Sale of Personal or Health Data

We do NOT and will NEVER:

  • Sell your personal information to third parties
  • Sell your health or fitness data to data brokers, advertisers, insurance companies, or any other entities
  • Share your data for advertising or marketing purposes beyond our own services
  • Use your health data to serve personalized or interest-based advertising
  • Provide your information to employers, insurance companies, or credit agencies for decision-making purposes

This commitment applies to all data types, including highly sensitive health information accessed through Health Connect permissions.

4.2 Service Providers and Business Partners

We may share your information with trusted third-party service providers who perform services on our behalf, subject to strict contractual obligations:

Categories of Service Providers:

  • Cloud Hosting: AWS, Google Cloud, or DigitalOcean for secure data storage and server infrastructure
  • Assistance Services: Third-party processors used to power in-app assistance features (data is processed under data processing agreements and is not used to train public models)
  • Analytics Providers: Firebase Analytics, Amplitude (using anonymized/aggregated data only)
  • Communication Services: Email delivery (SendGrid, Mailgun), SMS notifications (Twilio), push notifications (Firebase Cloud Messaging)
  • Payment Processors: Stripe, PayPal for secure payment processing
  • Customer Support: Zendesk, Intercom for customer service tools
  • Security Services: Auth0, AWS Cognito for authentication and identity management

4.3 Healthcare Providers (With Your Explicit Consent)

With your explicit, affirmative consent, we may share your health data with:

  • Your healthcare providers (doctors, nurses, specialists, therapists you explicitly authorize)
  • Fitness coaches or personal trainers you choose to work with
  • Nutritionists or registered dietitians you select
  • Care coordinators or case managers involved in your healthcare

You control exactly what data is shared and can revoke access at any time through app settings.

4.4 Legal Requirements and Safety

We may disclose your information when required by law or when necessary to protect rights and safety:

  • Comply with subpoenas, court orders, or judicial proceedings
  • Respond to lawful requests from law enforcement agencies
  • Meet requirements of health regulators, tax authorities, or other government agencies
  • Prevent imminent serious bodily harm or death
  • Detect, investigate, and prevent fraudulent transactions or illegal activities
  • Enforce our Terms of Service and protect our rights, property, or safety

5. Data Security

We implement comprehensive security measures to protect your personal and health information from unauthorized access, disclosure, alteration, or destruction.

5.1 Technical Security Measures

Encryption:

  • Data in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption (HTTPS)
  • Data at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption
  • Database Encryption: Health data databases use field-level encryption for additional protection
  • Password Security: Passwords are hashed using bcrypt with individual salt values (we never store plain-text passwords)

Access Controls:

  • Principle of Least Privilege: Employees and systems access only data necessary for their function
  • Multi-Factor Authentication required for all employee access to production systems
  • Role-Based Access Control (RBAC): Permissions granted based on job responsibilities
  • Access Logging: All data access is logged and monitored for suspicious activity
  • Automatic Session Timeout: Sessions expire after inactivity to prevent unauthorized access

Infrastructure Security:

  • Secure Cloud Hosting: Servers hosted on HIPAA-compliant, SOC 2 certified cloud infrastructure
  • Firewalls: Network firewalls restrict unauthorized network access
  • Intrusion Detection: Automated monitoring for suspicious network activity
  • Vulnerability Scanning: Regular automated scans for security vulnerabilities
  • DDoS Protection: Distributed denial-of-service attack mitigation
  • Isolated Environments: Development, testing, and production environments are strictly separated

5.2 Your Role in Security

Best Practices:

  • Choose a strong, unique password (minimum 12 characters, mix of letters, numbers, symbols)
  • Enable biometric authentication (fingerprint, Face ID) if available
  • Do not share your password or account credentials with others
  • Log out of your account when using shared devices
  • Keep your mobile device operating system and app updated
  • Be cautious of phishing emails or suspicious communications
  • Report suspicious activity to [email protected]

Security Limitations:

Despite our comprehensive security measures, please understand: No security system is completely impenetrable. No method of data transmission over the internet is 100% secure. We cannot guarantee absolute security. By using our Services, you acknowledge these inherent risks.

6. Data Retention

We retain your personal and health information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods by Data Type

Active Account Data:

  • Personal Information: Retained for the duration of your account plus 30 days after deletion
  • Health and Fitness Data: Retained while your account is active and for 90 days after account deletion (extended retention allows account recovery)
  • Assistance Conversation History: Retained for 2 years or until account deletion, whichever comes first
  • Usage and Analytics Data: Aggregated data retained indefinitely for statistical purposes; individual-level data retained for 2 years

Inactive Account Data:

  • If your account is inactive for 3+ years with no login, we will send email reminders
  • If still inactive after 3.5 years, we may delete your account and associated data after final notification
  • You can reactivate your account at any time before deletion

Deleted Account Data:

  • Upon account deletion request, most data is deleted within 30 days
  • Some data retained for 90 days to allow account recovery if deletion was accidental
  • After 90 days, all personal data is permanently and irreversibly deleted
  • Backups containing your data are overwritten within 180 days through routine backup rotation

Legal and Compliance Data:

  • Financial records: Retained for 7 years to comply with tax and accounting regulations
  • Legal dispute records: Retained until disputes are resolved and appeal periods expire
  • Security incident logs: Retained for 5 years for forensic and audit purposes
  • Regulatory compliance records: Retained as required by applicable healthcare regulations

7. Your Privacy Rights and Choices

We respect your rights to access, control, and make decisions about your personal data. The specific rights available to you may vary based on your jurisdiction.

7.1 Universal Rights (All Users)

Right to Access:

View all personal information we have about you

Access through: Settings → Privacy → Download My Data

Right to Update:

Correct inaccurate personal information

Access through: Settings → Profile

Right to Delete:

Request deletion of your account and associated personal data

Access through: Settings → Privacy → Delete My Account

Note: Deletion is permanent and irreversible after 90-day grace period

Right to Data Portability:

Export your health data in standard formats (CSV, JSON, HL7 FHIR)

Access through: Settings → Privacy → Export Data

Right to Withdraw Consent:

Withdraw consent for health data collection at any time

Revoke Health Connect permissions: Android Settings → Apps → Health Connect → App Permissions → Nueralix

Note: Withdrawing consent may limit app functionality requiring that data

7.2 Additional Rights for California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights:

  • Right to Know: Request specific categories and pieces of personal information collected
  • Right to Delete: Request deletion with certain exceptions (legal obligations, fraud prevention)
  • Right to Opt-Out of Sale: We do NOT sell personal information, so no opt-out is necessary
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct Inaccurate Information: Request correction of inaccurate personal information

7.3 Additional Rights for European Economic Area/UK Residents (GDPR)

Under the General Data Protection Regulation (GDPR) and UK GDPR, EEA and UK residents have additional rights:

  • Right to Access (Subject Access Request): Receive confirmation of processing and copy of personal data
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure ("Right to be Forgotten"): Request deletion when data no longer necessary
  • Right to Restrict Processing: Restrict processing when accuracy is contested or processing is unlawful
  • Right to Data Portability: Receive personal data in structured, commonly used, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right Not to Be Subject to Automated Decision-Making: Not be subject to solely automated decisions with significant effects
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Contact Information for Privacy Requests:

  • Email: [email protected]
  • In-App: Settings → Privacy → Submit Privacy Request
  • Response Time: 30-45 days depending on jurisdiction and complexity

8. Children's Privacy

Nueralix is not intended for, and we do not knowingly collect personal information from, individuals under the age of 16 (or under 13 in the United States, or the applicable age of consent in your jurisdiction).

Age Verification:

  • We require users to provide their date of birth during account creation
  • Accounts for users under 16 are automatically rejected
  • We use age gates to prevent underage access

Underage User Deletion:

If we learn we have collected personal information from a child under 16 without proper age verification, we will delete that information immediately.

If you believe we have inadvertently collected information from a child under 16, please contact us immediately at [email protected] with "Underage User" in the subject line.

9. International Data Transfers

Nueralix operates globally, and your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States.

9.1 Legal Basis for Transfers

European Economic Area and United Kingdom:

  • We transfer personal data from the EEA and UK to the United States and other countries
  • Standard Contractual Clauses (SCCs): European Commission-approved data transfer agreements with service providers
  • Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate data protection
  • Consent: In some cases, we may obtain your explicit consent for data transfer

9.2 Data Protection Safeguards

When transferring data internationally, we implement:

  • Contractual protections requiring equivalent data protection standards
  • Technical security measures (encryption in transit and at rest)
  • Organizational safeguards (access controls, employee training)
  • Regular audits of international data handling practices

10. Third-Party Services and Links

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Nueralix.

10.1 Third-Party Integrations

You may choose to connect Nueralix with third-party services such as:

  • Health Platforms: Apple Health, Google Fit, Samsung Health
  • Wearable Devices: Apple Watch, Fitbit, Garmin, Whoop
  • Fitness Apps: Strava, MyFitnessPal, Nike Run Club
  • Telehealth Platforms: Third-party telemedicine services

10.2 Advertising and Analytics

We Do NOT:

  • Use third-party advertising networks or ad exchanges
  • Share your health data with advertisers
  • Serve personalized or interest-based advertising based on your health information

We DO use:

  • Analytics Tools: Firebase Analytics, Amplitude (with anonymized data) to understand app usage and improve Services
  • Crash Reporting: Crashlytics to detect and fix app crashes (includes device info but not health data)

You can opt out of analytics: Settings → Privacy → Analytics → Disable

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, legal requirements, or for other operational, legal, or regulatory reasons.

11.1 Notification of Changes

How We Notify You:

  • Email Notification: For material changes affecting sensitive data handling, we will email you at least 30 days before changes take effect
  • In-App Notification: Prominent banner notification when you next open the app
  • Updated Date: "Last Updated" date at the top of this policy will be revised
  • Push Notification: For significant changes requiring action or consent

11.2 Your Options

After Notification:

  • Review: Carefully read the updated Privacy Policy
  • Accept: Continued use of Services after the effective date constitutes acceptance
  • Object: If you disagree with changes, you may discontinue using the Services or delete your account before changes take effect

For material changes to sensitive health data handling, we may require your affirmative re-consent.

12. HIPAA Compliance and Healthcare Data

While Nueralix is primarily a consumer health and wellness application, we recognize that some users' data may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).

12.1 HIPAA-Aligned Practices

Security Measures:

  • We implement administrative, physical, and technical safeguards consistent with HIPAA requirements
  • Data encryption (AES-256 at rest, TLS 1.3 in transit)
  • Access controls and audit logs
  • Workforce training on data privacy and security
  • Incident response and breach notification procedures

12.2 Personal Health Records (PHR)

For Consumer Users: When you use Nueralix as a consumer for personal health tracking, the data is considered a Personal Health Record (PHR). PHRs are generally not subject to HIPAA because Nueralix is not a "covered entity." However, we voluntarily adopt many HIPAA-aligned best practices to protect your health information.

For Healthcare Provider Users: Healthcare providers using our platform to manage patient data ARE subject to HIPAA. We serve as a Business Associate and enter into BAAs with covered entities. Contact [email protected] to execute a BAA.

13. Data Breach Notification

Despite our robust security measures, if a data breach occurs that compromises your personal or health information, we are committed to transparent and timely notification.

13.1 Our Breach Response Process

Detection and Assessment:

  • Continuous monitoring for security incidents
  • Immediate investigation upon breach detection
  • Assess scope, nature, and severity of breach
  • Determine what data was affected and whose data was compromised

Notification:

  • Notify affected users as required by law
  • Notify regulatory authorities (supervisory authorities, state attorneys general, FTC, HHS if HIPAA-applicable)
  • Provide information about the breach, affected data, steps taken, and recommended actions

13.2 User Notification

Timing:

  • Without Undue Delay: Generally within 72 hours of discovery for GDPR-applicable breaches
  • HIPAA Breaches: Within 60 days for breaches affecting 500+ individuals
  • State Laws: Comply with varying state breach notification timelines

Method:

  • Email: Primary notification method to your registered email address
  • In-App: Prominent notification banner
  • Website: Public notice on our website if email contact is unavailable

13.3 Your Actions After a Breach

If notified of a breach, consider:

  • Change Password: Immediately change your Nueralix password and any reused passwords
  • Enable MFA: Enable multi-factor authentication if not already enabled
  • Monitor Accounts: Watch for suspicious activity on your accounts
  • Report Suspicious Activity: Contact us immediately at [email protected]

14. Contact Information

We are committed to addressing your privacy questions, concerns, and requests promptly and transparently.

General Privacy Inquiries

Email: [email protected]

Response Time: Within 5 business days for initial response

Security Concerns

Email: [email protected]

Response Time: Within 24 hours for security incidents

Customer Support

Email: [email protected]

Legal Inquiries

Email: [email protected]

Nueralix, Inc.

100 Market Street, Suite 500

San Francisco, CA 94105

United States

14.1 Regulatory Authority Contacts

If you believe we have violated your privacy rights, you may file a complaint with:

United States:
European Economic Area:

Your local Data Protection Authority: edpb.europa.eu

United Kingdom:

Information Commissioner's Office (ICO): ico.org.uk or 0303 123 1113

California:

California Attorney General: oag.ca.gov

Related Information

Terms of Service

Review our Terms of Service to understand the rules and guidelines for using Nueralix.

View Terms of Service →

Data Deletion

Learn how to request deletion of your data from our systems.

Contact Support →