Privacy Policy
Last updated February 29, 2024
​Data Privacy at Neru Health
At Neru Health, we take the protection of personal user data seriously. This data privacy statement refers to acquisition, storage, handling, sharing and use of personal data by Neru Health.
Our product enables users to track their wellbeing and lifestyle choices. We understand that data does not get much more personal than this, and the protection of their personal data is baked into our product design. Please take a moment to carefully review this document.
​
Why Neru Health Processes Your Data
Neru Health collects and processes personal user data only for the following purposes:
-
To provide Neru Health services and app features, such as to give users daily insights about their wellbeing, stress levels, sleep, and activity. This allows us to fulfill our mission of helping Neru Health users interpret and benefit from their health data through a seamless experience across our services and app features.
-
To develop our products and services. We process data regarding users’ use of the Neru Health platform to improve our services and features. We are doing this using only pseudonymized, aggregated, or non-personally identifiable data.
-
To provide customer service. We process personal data for the purpose of providing customer service and managing our customer communication. If users contact our support with questions regarding their app data, we may use the provided information to answer their questions and for solving any issues they may have.
​
How Neru Health Processes Your Data – Processed Data and Data Sources
We process health-related user data only with their consent. In some cases, you users can provide their consent to us for processing their data through their actions, such as by inputting journaling data.
In most cases, Neru Health collects personal data directly from users, such as when they register for an account or integrate their Apple Health to collect measurement data via the tracking functions of wearable devices.
​
Neru Health processes the following personal data categories about device and users:
-
Contact information such as email address;
-
User information such as gender, User ID, and other information they may provide to us about themselves;
-
Device information such as device model, operating system version, watch model and version;
-
User activity and context information such as activities within the app;
-
Phone or wearable device data such as heart rate, activity data, sleep, etc.;
-
Calculated user, sleep and activity data, such as activity levels throughout the day, stress level;
-
Interaction with NeruGPT.
Please note that some of the personal data we process, including any data concerning the health of users, is considered special or sensitive personal data. Under applicable law, such data is processed only if users have given their consent for processing.
​
How Neru Health Manages Your Data
Neru Health does not sell or rent personal information about users, and only shares their personal data with certain trusted service providers (e.g. Google Cloud Platform) essential for user services, or for user opt-in research (e.g. university researchers) and with trusted service partners, so that we can provide users with our services and operate our business. Whenever we share data with third-party service providers, we require that they use your information only for the purposes we've authorized, and for the limited reasons explained in Processing Purposes above. We also require these service providers to protect personal information in a HIPAA compliant way.
Like most companies, Neru Health uses service providers for purposes such as:
-
providing and improving our platform;
-
storing our user data;
-
providing customer services.
Neru Health stores personal data within the geographic region where it is collected. In cases where personal data is processed outside of the area in which it was collected, we ensure personal data is protected under the US privacy laws.
Safeguarding User Data
Neru Health uses technical and organizational safeguards to keep user data safe and secure. Where appropriate, these safeguards include measures such as anonymization or pseudonymization of personal data, strict access control, and the use of encryption to protect the data we process. We also regularly test our service, systems, and other assets for possible security vulnerabilities.
​
Data Retention
The retention period for personal user data depends on the duration of the pilot study lifecycle. The personal data will be deleted when it is no longer needed for the purpose it was originally collected, unless we have a legal obligation to retain data for a longer period of time. Users may request deletion of their account and all data by contacting tech@neruhealth.com.
​
Your Neru Health User Rights
Whenever Neru Health processes user data, they have certain rights that enable them to control how their personal data is being processed.
-
Right to access data. Users have the right to know what personal data is processed about them. Users may contact us to request access to the personal data we have collected about them, and we will confirm whether we are processing their data, and provide them with information about the personal data we have collected and processed about them.
-
Right to erasure. Users have the right to request the deletion of their personal data in certain circumstances. We will comply with such requests unless we have a valid legal basis or legal obligation to preserve the data.
-
Right to rectification (of inaccurate data). Users have the right to request correction of any incorrect or incomplete personal data we have stored about them.
-
Right to data portability. Users have the right to request receipt of the personal data they have provided to us in a structured and commonly used format. The right to data portability only applies when we process their personal data for certain reasons, such as by contract or by their consent.
-
Right to object to processing. Users have the right to object to the processing of their personal data under certain circumstances. In the event that we do not have legitimate grounds to continue processing such personal data, we will no longer process their personal data after we have received and verified their objection.
-
Right to restrict processing. Users have the right to request that we restrict processing of their personal data under certain circumstances.
-
Right to withdraw consent. If we have requested user consent in order to process their personal data, they have the right to withdraw their consent for such processing at any time. It should be noted, however, that withdrawing their consent may lead to issues or restrictions on their ability to fully utilize Neru Health services.
For any questions regarding your user rights or to exercise any of these rights, please contact our team at tech@neruhealth.com.