Neurum Privacy Policy - Protecting Your Data

We care about the protection and confidentiality of your data

‍Neurum Limited (“our,” “we” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, store, use and distribute information through our website(s), platform, products, services and applications (the “Services”) in terms of the General Data Protection Regulation (GDPR). We care about the protection and confidentiality of your data.

We therefore only process your data to the extent that:

It is necessary to provide the Neurum services you are requesting, You have given your consent to the processing, or We are otherwise authorized to do so under the data protection laws. By using or accessing the services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you at this moment consent that we will collect, use, and share your information in the following ways. Remember that your use of Neurum's services is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.

If you have any questions, suggestions or comments, you are welcome to contact us at hello@neurumhealth.com
‍
‍
“What information is collected?”

Neurum collects information about you; including information that directly or indirectly identifies you. We are committed to ensuring the Services are secure, and to protect against fraud, spam and abuse, etc. We collect information so that we can provide and improve our Services, including personalized Services. The information we collect is necessary for the continued development of our offerings to our users and we are committed to doing so sustainably and securely.

By submitting your personal information, you consent to us using that information in the manner as set out in this policy. This shall include and not be limited to disclosure to third-party providers referred to in this policy.

We may collect and store the following information:
‍
1) Basic Account Information

Through the registration proces and account settings, you can provide information such as your email, name, age, gender and work information.

2) Health Information

Within the app, you can do assessments and monitor self-reported emotional health symptoms of depression, anxiety, stress and other mental health detriments. We collect this information to allow you to monitor your progress, to view forecasts and to provide you with useful feedback.

Within the app, you can track your mood and associated factors. We collect this information to allow you to understand your mood and factors influencing it.

3) User-generated Information

Within the app, you input reflections and rate your wellbeing, Neurum infers health information and journey entries based on these input. We collect this information to allow you to keep a log of your reflections, records of wellbeing and organize your mental notes.

4) Activity Data

Within the app, you can gain insights into how your behaviour and context influences your emotional health. To provide this feature, when you allow access and provide us with consent - we collect location, movement information from your device for behavioural data and calendar information for contextual data.

5) Third-Party Health Integrations

When you allow access and provide us with the consent, we collect information from Apple’s Health App, Google Fit, Health Connect and other third party health integrations. The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.

6) Device Data

We collect technical data that that tells us what hardware and software you are using to access our app, including mobile platform (iOS/Android), version of the app, device model, system version, identifier for advertising in Apple for iOS and Android devices.

We may also use cookies, URL information, web beacons and similar technology to gather information regarding the date and time of an internet visit, web pages reviewed and the information searched and viewed. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while viewing a website. We may use both session Cookies (which expire once a web browser is closed) and persistent Cookies (which stay on a computer until deleted) to provide a more personal and interactive experience on our Site. Persistent Cookies can be removed from a computer by following “help” directions from an Internet browser.

We collect app usage data that tells us how you use the app for analytics and to provide useful feedback, like how often the app was opened, which areas were clicked on the app, app settings (language, notifications), and usage data.

7) Employer

Despite the collection of personal information mentioned above, we may collect additional information when your Employer signs you up on our platform or when you use our platform. We may ask either you or your Employer to provide us with certain personal information that can be used to contact or identify you. This information may include your suffix, sex, employee ID (if applicable), department, title, job code (if applicable). We gather this information from you and your Employer to allow us to:

(a) Process your registration and onboarding.
(b) Provide access to the services we offer on our platform including self-guided resources, Human Care Services, and users support.
(C) Reach out to ask for your feedback and comment on our services.
‍
‍
“How is my data secured and protected?”

‍We use a variety of industry-standard security technologies and procedures to help protect your data from unauthorized access, use, or disclosure.

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

All transmitted data are encrypted during transmission. We use Secure Socket Layer (SSL) encryption that encodes information for such transmissions. All stored data are encrypted and maintained on secure servers. Access to stored data is protected by multi-layered security controls including firewalls, role-based access controls and passwords.

While we use reasonable commercial efforts to protect the data, no technology, data transmission or system can be guaranteed to be 100% secure. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your data, we’ll notify you as soon we spot the issue.
‍
‍
“To whom do you share information with?”

‍We neither rent nor sell your information in personally identifiable form to anyone. However, we may share your information with third parties as described in this section:

1) Third-Party Services

We use a number of third-party services to provide and improve our Services:

(a) We use Google Analytics and Amplitude to track usage patterns in order to improve user experience and product features.
(b) We use Sentry to track errors that occur within our platform and products. This also includes certain data that correlates with the error, but does not include sensitive user or customer information (including passwords and tokens).
(c) We send marketing newsletters and updates, as transactional and administrative emails through Brevo. Marketing emails are only sent to users who signed up specifically to receive the newsletter.
(d) We use Amazon's Web Services to store and process data obtained through our Service.
(e) We use Hapio to provide scheduling for Human Care Services

2) Aggregated and Non-Identifiable Information

‍We may de-identify or anonymize your information so that you are not individually identified, and provide that information to our partners. We also may combine your de-identified information with that of other users to create aggregate de-identified data that may be disclosed to third parties who may use such information to understand how often and in what ways people use our services, so that they, too, can provide you with an optimal experience. For example, we may use information gathered to create a composite profile of all the users of the Services to understand community needs, to design appropriate features and activities. However, we never disclose aggregate information to a partner in a manner that would identify you personally, as an individual.

We may also provide such de-identified information to third parties including academic journals and external publications for research and analysis purposes. This may be different from our use to monitor and improve our Services. These statistics will not include information that can be used to identify you.

3) Legal Requirements

We may preserve and share your information with third parties, including law enforcement, public or governmental agencies, or private litigants, within or outside your country of residence, if we determine that such disclosure is reasonably necessary to comply with the law, including to respond to court orders, warrants, subpoenas, or other legal or regulatory process. We may also retain, preserve or disclose your information if we determine that disclosure is reasonably necessary or appropriate to prevent any person from death or serious bodily injury, to address issues of national security or other issues of public importance, to prevent or detect violations of our Terms of Service or fraud or abuse of Neurum or its users, or to protect our operations or our property or other legal rights, including by disclosure to our legal counsel and other consultants and third parties in connection with actual or potential litigation.
‍
‍
“Where is my data stored?”

‍Our services are operated in Hong Kong. Our technology services are hosted in Singapore. If you are located in another jurisdiction, please be aware that information you provide to us may be transferred to, stored and processed in Singapore. By using our services or providing us with any information, you consent to this transfer, processing, and storage of your information in Singapore, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside or are a citizen. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
‍

"How do you protect my data?"

We are committed to protecting your privacy and data:

1) Data Storage and Transfer

Your information collected through the Services is stored and processed on our secure servers with Amazon Web Services (AWS) in Singapore or any other country in which Neurum or its affiliates or service providers maintain facilities. We encrypt sensitive information (e.g. your login credentials, PII) during transmission and storage. The Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and other sensitive information. In addition, Neurum's secure servers protect this information using industry firewall, network technology and strict access controls.

2) Access

We have put in place procedures and policies to deal with any suspected personal data breach and will notify you, other involved parties, and any applicable regulator(s) of a breach where we are legally required to do so. However, no security system is impenetrable, and we cannot 100% guarantee the security of our systems.
‍
‍
“How long do you retain my data for?”

‍We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
‍
‍
”What information can I access?”

‍Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us: name, email address, user profile information, text-based entries, health information and insights generated by Neurum.

The information you can view, update, and delete may change as the services change. If you have any questions about viewing or updating information we have on file about you, please contact us at hello@neurumhealth.com
‍
‍
“How may I delete all my data?”

You can delete your account anytime inside the Services by visiting settings in the Neurum app. Once deleted, your data, including your account, well-being and usage data cannot be reinstated. You can also delete all your data by contacting our team at support@neurumhealth.com . Our team will provide the support to delete all your data from our Services.
‍
‍
“What are my data protection rights?”

‍As a user of our app, you have the following data protection rights, depending on the circumstances of the specific case:

1) Disclosure and Access

‍To receive information about your personal data processed by us and to request access to your personal data and/or copies of these data. This includes information on the purpose of use, the category of data used, its recipients and authorized persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration;

2) Correction, Deletion or Limitation of Processing

‍To request the correction, deletion or limitation of the processing of your personal data, e.g. by sending us an e-mail. If (i) the data are incomplete or incorrect, (ii) they are no longer necessary for the purposes for which they were collected, (iii) the consent on which the processing was based has been revoked, or (iv) you have successfully exercised your right to object to data processing; in cases where data is processed by third parties, we will forward your requests for correction, deletion or limitation of the processing to these third parties, unless this proves impossible or involves a disproportionate effort;

3) Opposition to the Processing

‍To object to the processing for reasons arising from your particular situation;

4) Refusal and Revocation of Consent

To refuse your consent or – without affecting the legality of data processing prior to the revocation – to revoke your consent to the processing of your personal data at any time;

5) Automatic Decisions

‍To require that you be subject to a decision based exclusively on automated processing only in the exceptional cases provided by law, if that decision has legal effect against you or significantly affects you in a similar manner; should such an automated decision take place in exceptional cases, you have the right to obtain information on the logic involved and the scope of the intended effects;

6) Right of Appeal

‍Communicate with and, if necessary, complain to the data protection supervisory authority.

7) Choice / Opt-Out of Marketing Communications

You always have the opportunity to opt-out of our marketing communications with you or change your preferences by emailing us at hello@neurumhealth.com or by using the unsubscribe link (if any) found at the bottom of a marketing email to opt-out of receiving future emails. Some communications from us are considered transactional or service communications (for example, important account notifications), and your account(s) on our platform are provided to you upon the condition that you receive these communications from us. You must cancel your account(s) on Our Platform, as applicable, if you do not wish to receive any transactional or service communications. To cancel your account(s), please follow the instructions found in the terms of service for the applicable Service. You may still receive marketing communications from us even after you cancel your account unless you also opt-out of our marketing communications, as described above.

8) Correction

You have the right to require us to correct any personal data held by us about you that is inaccurate and have incomplete data completed. Where you request a correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
‍

Children's Privacy

Our Service is intended for individuals at least 18 years old or older, except in limited circumstances that will be clearly described to you. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Data through any of our Services without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Data to us, please contact us, and we will endeavour to delete that information from our databases.
‍

‍Protection of Neurum and Others

‍We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or safety of Neurum, our employees, our users, or others.
‍

Changes to the Privacy Policy

‍We reserve the right to change this data protection declaration in compliance with data protection regulations. The current version can be found here or at another accessible location in our app.