NeuroGeneces Privacy Policy

Effective Date: February 11, 2026

  1. Introduction

NeuroGeneces is committed to protecting your privacy and personal information. This Privacy Policy (this “Policy”) explains what information we collect from you, how that data is used, stored, and protected, when that data may be disclosed, and the decisions that you can make about your data. It is important for you to understand the privacy practices we follow for our products and services, including the NeuroGeneces™ website located at https://neurogeneces.com or any successor website (the "Website"), the NeuroInsight™ EEG device (the “Device”), the NeuroInsight Brain Age report (the “Report”), the NeuroGeneces mobile application (the "App"), the NeuroGeneces web application (the “Web App”), and any other related services provided by NeuroGeneces, Inc. (each, a “Service” and collectively, the “Services”). NeuroGeneces, Inc. may be referred to in these Terms as "NeuroGeneces," "we," "us," or "our."

We may update this Policy from time to time. We will notify you of any changes by posting the new Policy in the App and on the Website, and updating the Effective Date above. In some cases we may also notify you via the contact information you have provided to us. Your continued use of the Services after changes indicates acceptance of the updated Policy.

If you have any questions or concerns you can reach us here.

  1. Information We Collect

    2.1 Information You Provide to Us:

  • Account Information: When you create an account, we collect your name and email address. Account authentication is performed via one-time password (OTP) sent to your registered email address. You may optionally provide an SMS phone number for OTP authentication as an alternative to email. If you choose to use SMS for OTP authentication, you must explicitly opt-in and consent to receive SMS messages during the account creation process. Standard messaging rates may apply. You may opt out of SMS authentication at any time by updating your account settings.

  • Purchase Information: When you purchase the Services, we, or our third party payment processor, collect your payment information, such as your payment method, credit or debit card information, billing, shipping, and contact details, the product purchased, the date and time of the order, the price of the order, whether payment was made, and purchase history (e.g, whether you are re-ordering the Services).

  • Medical, Health and Wellness Information: When you complete our intake survey, we collect:

    • Your age and/or birth date

    • Your sex

    • Medical screening information including disease history

    • Diet and exercise information

    • Other health and lifestyle related responses you provide

      In certain circumstances, this information may be considered “protected health information” under state laws and federal laws such as HIPAA and HITECH.

  • Communications: If you contact us for support, we may record, log or monitor your communications to address your concerns, and for quality assurance and training purposes. Support ticket submissions may include images you choose to attach. If you agree to receive marketing, informational, or educational information from us, we will retain your contact information and preferences.

    2.2 Information Collected Automatically:

  • Device Information: the Device type, operating system version, and unique Device identifiers.

  • App and Web App Data: Features used, actions taken, and time spent in the App.

  • Sensor Data: Physiological data obtained by the sensors in the Device, including brain activity (using electroencephalagram or EEG), and accelerometer measurement of movement, head position, and breathing patterns.

  • Personal Device Data: The Internet Protocol (IP) address of the iPhone or other personal mobile device you use to access the Services, the date and time when you sync your personal device with our servers, and how long you use your personal device to access the Services.

  • Crash Reports: Information about app crashes and errors to improve stability.

  • Website Data: Information about how you use the Website, including the content you view or engage with, the features you use, the timing, frequency, and duration of your activity, the personal device you use to access the Website. Please also see “Cookies and Tracking Technologies” below.

    2.3 Information We Do NOT Collect

  • We do not collect location data.

  • We do not access your contacts, camera, or photos, except for images that you provide with support ticket submission

  • We do not collect profile photos or images.

  1. How We Use Your Information

We use the information we collect to provide, maintain, and enhance the Services, including:

  • Creating and managing your account

  • Generating the Report and calculating your Brain Age

  • Providing personalized analysis of health and lifestyle insights that may be impacting your Brain Age and targeted recommendations to enhance brain health

  • Tracking trends over time with repeated testing

  • Responding to your comments, questions, and customer service requests, and enhancing the customer experience

  • Sending you technical notices and support messages

  • Conducting Internal scientific research\

  • Performing inventory management and other typical business purposes

  • Detecting, investigating and preventing fraudulent or illegal activities

  • Complying with legal obligations

  1. Data Sharing and Disclosure

We use and disclose your data only as described in this Policy and as permitted by law. We do not sell or rent your personal information to third parties. We do not disclose your personal information to third parties, except in the following circumstances:

  • Trusted Third Party Partners. We may contract with certain third parties to perform the following functions related to the Services:

    • Cloud hosting and data storage

    • Website hosting

    • Order and payment processing

    • Shipping and related logistics

    • Data analysis

    • Financial, accounting, insurance, legal, and other professional services.

    These third parties will be given only the information they need to perform their designated functions and are not allowed to use or disclose your information for their own marketing or other purposes.

  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests.

  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner.

  • With Your Consent: We may share information with your explicit consent.

  • De-Identified Data: We may remove personal identifiers from your data, or generate aggregated data, so that your identity is not linked to and cannot be determined from the data. We may use this de-identified and/or aggregated data to improve our Services, and may also provide it to third party researchers in connection with research programs. Your acceptance of this Policy consents to this third-party research use.

  1. Cookies and Tracking Technologies {#cookies-and-tracking-technologies}

When you use the Services, we collect certain information automatically, such as through cookies (text files sent to and stored on your personal devices when you access our website), server log files, web beacons, your personal device ID (if you use our App) and programming code that collects information about your interaction with the Services. You can set your web browser or personal device settings to notify you when you receive a cookie or to decline certain tracking technologies. To learn more about cookies, visit www.aboutcookies.org. Although some web browsers include a Do Not Track feature, because these features are not available on all browsers and the signals are not uniform, the NeuroInsight does not respond to Do Not Track signals.

  1. Data Retention

We retain your personal information:

  • For as long as your account is active
  • As needed to provide you the Services
  • As necessary to comply with legal obligations
  • As necessary to resolve disputes and enforce agreements

  1. Data Security

We implement appropriate physical, technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. We periodically conduct and document data protection assessments and update our privacy practices. Your health and lifestyle information is stored securely using industry-standard encryption. However, no method of transmission over the Internet or electronic storage is 100% secure and we cannot guarantee that a security breach will not occur. It is important that you also use appropriate security measures to protect your personal information when using the Services.

  1. App Permissions

Our App only requests permissions that are necessary for its functionality. Network access is required to sync your data with our servers and provide app functionality. We will always request your explicit consent before accessing any personal device features and clearly explain why we need each permission.

  1. Privacy Law Compliance

Several states have enacted privacy laws that include special protections for neuronal data, such as the California Consumer Privacy Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Montana Genetic Information Privacy Act. Although these laws may only apply to residents of the specific state, and some may not yet apply to NeuroGeneces, this Policy is intended to afford all of our customers the enhanced privacy protections described in those laws.

  1. Your Rights and Choices

Exercising your privacy rights will not result in discriminatory treatment. In addition to understanding what information we collect, how we use it and under what circumstances we share that information, as described in this Policy, you have the right to:

  • Request access to your data, which we provide within 45 days
  • Review and update your personal information
  • Withdraw consent for data processing at any time, and/or request deletion of your data, although this may affect your ability to use the Services

  1. Account and Data Deletion

To delete your account and all associated data:

  • Contact us at support@neurogeneces.com with your account deletion request.
  • We will verify your identity and process your request within 45 days.
  • Once deleted, your data cannot be recovered.

  1. Children’s Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

  1. International Data Transfers

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

If you are a resident of the European Union, you have rights under the General Data Protection Regulation (GDPR), including: the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and rights related to automated decision-making.

  1. Contact Us

If you have questions or concerns about this Policy or our privacy practices, please contact us at:

NeuroGeneces, Inc.
Email: support@neurogeneces.com
Address: 1012 Marquez Place, Suite 207A, Santa Fe, NM 87505 USA
Website: https://neurogeneces.com/

  1. Acknowledgement and Consent

  • I have reviewed and understand the NeuroGeneces Privacy Policy, and consent to NeuroGeneces’ collection, processing and use of my neural data and other personal information in accordance with the terms of the Policy.

Various other affirmative opt-ins will be required:

  • I give permission for NeuroGeneces to access (list personal device features) for the following purposes (clear explanation of why we need each permission).

  • I would like to receive marketing, informational, or educational information from NeuroGeneces.

Note: Montana law requires us to make available to the consumer two different privacy policies:

The first is a high-level privacy policy overview that includes basic essential information about the entity’s collection, use and disclosure of neural data.

The second is a prominent publicly available privacy notice that includes, at least, information about the entity’s data collection, consent, use, access, disclosure, transfer, security, retention and deletion practices for neural data. This policy meets the standard for the second policy