NEUROFIT
Privacy Terms Cookies

Privacy Policy

Effective Date: September 8, 2023

We at NEUROFIT know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy. By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

Remember that your use of NEUROFIT’s Services is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.

What does this Privacy Policy cover?

This Privacy Policy (the “Policy”) explains how Xama Technologies, INC (Trading as “NEUROFIT”)(“us”, “our”, or “we”) collects, uses and discloses personal information that we collect through our website https://neurofit.app/ (“Website”) include the NEUROFIT mobile application (the “App”) and any other online services that we operate that include a link to this Policy (collectively referred to as the “Services”).

While we collect and process information related to your health, we are not a covered entity subject to the Health Insurance Portability and Accountability Act. HIPAA requirements do not apply to the information we collect and process through the Services. The Services are provided for educational and entertainment purposes only.

Will NEUROFIT ever change this Privacy Policy?

We’re constantly trying to improve our Services, so we may need to change this Policy from time to time as well, but we will update the Effective Date above each time this is done. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

What Information does NEUROFIT Collect?

When you use or access the Services, we may collect the following:

- Information you have provided directly to us; and

- Information we gather automatically from your use of the Services.

Information You Have Provided

Profile information such as your name and email address.

Authentication information such as your username and password.

Any information that you provide when you opt-in to any of our marketing promotions including quizzes, workshops and online training.

Health information that you enter into the Services such as stress level, energy level, exercise, sleep quality, water intake, alcohol intake and mood.

Workout information you enter into the Services such as your self-reported exercise activity.

Payment information when you make a purchase such as your payment card numbers, expiration date, security code and billing information.

Biometric identifiers and information such as finger scanning information we collect when you use the App designed to measure your heart rate variability and other biomarkers through images captured using your mobile phone’s camera. This function is not designed to identify you, it is designed to provide data that the App uses to estimate heart rate variability, heart rate and breathing rate.

Any other information you submit when you contact us through the Website or App, including any information or feedback you provide in a submission through our contact form on the Website or App.

We may also collect personal information from you if you respond to one of our surveys we deliver through the Services. This may include health information and behavioral information and any other personal information you provide through your survey question responses.

Information We Collect Automatically from the Use of Our Services

We may also collect other information from you automatically when you use or access our Services, such as:

- Browser and device information such as information about your operating system, browser or user devices (such as IP address and MAC addresses).

Information stored in Cookies or Web Beacons. Cookies are pieces of information stored directly on users’ computers or devices. Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL, and other traffic and usage data. We may also use cookies for purposes such as determining what features interest our users, revising our site features or operations, and as further described below. For more information, see the “Your Rights and Choices” section below. Some cookies and web beacons may be set by third parties, who may use the Services to collect personal information about your online activities over time and across different Services, applications, and other online products or services.

Pixel Tags and Log Files. The Services may also use other tracking systems such as log files and pixel tags. For example, pixel tags, sometimes called web beacons, are similar in function to a cookie and can tell us certain information like what content has been viewed.

Information Collected in Connection with Analytics Technology. We may use various technologies to learn more about how visitors use the Services, such as Mixpanel. Mixpanel uses cookies to help us analyze how visitors use the Website. The information generated by the cookies about your use of the Website includes your IP address. If you so choose, you may be able to opt out by turning off cookies in the preferences settings in your browser. For more information on Mixpanel, including how Mixpanel collects, uses, and discloses information, refer to the following page: https://mixpanel.com/legal/privacy-policy. We may also use other technologies to monitor your activities on our Website.

How We Use Your Information

We may process the information we collect about you for the following purposes:

For our legitimate interests, consistent with your rights and appropriate to the context, including:

- Providing, developing, customizing, protecting and improving our Services, including delivering insights and reports based on the information you provide to the Services.

- Processing payments for your purchases through the Services such as when you subscribe to monthly, quarterly or annual subscriptions of the App or purchase one of our digital workshops.

- Operating, evaluating, debugging, identifying and repairing errors, effectuating similar functional enhancements, and improving our Services.

- Understanding how you and other users use our Services, performing analytics, analyzing and reporting on usage and performance of the Services and marketing materials, and determining what features and functionality may interest you and other users.

- Communicating with you and others, including responding to your requests and providing promotional information.

- Offering, marketing, or advertising products, programs, and services from us including through targeted advertising.

- Storing information about your preferences, recognizing you when you use the Services in order to customize your experience.

- Creating aggregate or de-identified information.

- Legal and safety purposes, such as maintaining the safety, security, and integrity of our Services, other technology assets, services, and our organization; preserving or enforcing our legal rights and property; protecting our users, our employees, and others; and complying with industry standards. This includes:

- Protecting against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.

- Enforcing our policies, terms of use, contracts, or other legal rights.

- Evaluating or participating in an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.

- Such other purposes as you may authorize.

- To perform obligations pursuant to contractual terms you have accepted, such as our terms and conditions.

- To comply with applicable law and legal obligations.

Storage and Retention of Your Information

We retain personal information other than biometric information for as long as we reasonably need it to fulfill the purposes for which it was collected, including provision of the Services and to comply with law, resolve disputes, and enforce our agreements, as applicable.

For example, if you register on our Services, we will store your information for as long as needed to maintain your account, provide you the Services or other functionality as you request it, enforce any applicable terms that govern your use of the Services, and maintain appropriate records to reflect our delivery of Services to you.

Unless otherwise required by a valid warrant or subpoena issued by a court of competent jurisdiction, we will securely destroy or erase biometric information upon the earlier of (i) fulfilling the purpose for which we collected the biometric information, such as providing you access to estimates of your heart rate variability based on finger scanning, or (ii) three years from your last interaction with us. We will securely destroy or erase biometric information in accordance with the reasonable standards of care applicable to our industry designed to destroy or erase the relevant information such that it cannot be practicably read or reconstructed.

Sharing of Your Information

Will Company Share Any of the Personal Information it Receives?

We do not rent or sell your Personal Information in personally identifiable form to anyone, except as expressly provided below:

- Information that has been de-identified: We may de-identify your personal information so that you are not identified and provide information to our partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual.

- Our Agents: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we may use a payment processing company to receive and process your credit card transactions for us and to measure your biometric data. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.

- User Profiles and Submissions: Certain user profile information, including your name, location, and any video or image content that such user has uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our services. Your account privacy settings may allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others. Please remember that any content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards in online courses, at public workshops, in the online community) becomes publicly available, and can be collected and used by anyone. Your user name may also be displayed to other users if and when you send messages or comments or upload images or videos through the Services and other users can contact you through messages and comments.

- Business Transfers: We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.

- Protection of Company and Others: We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of Company, our employees, our users, or others.

- To comply with applicable law, other legal requirements, and industry standards.

- To enforce our policies, terms of use, contracts, or other legal rights.

- To investigate or prevent unlawful activities or misuse of the Services.

- To protect against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.

- To operate, evaluate, debug, identify and repair errors, effectuate similar functional enhancements, and improve our Services and offerings.

- To such other parties as you may authorize.

- To publish summaries of aggregate and de-identified information created from our users’ data in our blog posts and white papers.

What Personal Information can I access?

Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us including name, password and email address.

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at support@neurofit.app.

What choices do I have?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

For example, you may choose not to provide your biometric information in order to measure your Heart Rate Variability but doing so may prevent you from receiving or using analytics, visualizations, and other reports through the Services that use personal information received.

Similarly, you may also be able to restrict the collection of personal information through the Website through your device's operating system or by disabling cookies, but doing so may prevent you from using the functionality of the Website.

You may be able to add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by contacting us at support@neurofit.app. Some information may remain in our records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.

How We Protect Your Information

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Please note, however, that we cannot and do not guarantee the security of your information, as no method of data storage or transmission is 100% secure.

International Transfers

We operate internationally and your personal information may be transferred outside the jurisdiction you are located. The data protection laws in other jurisdictions may differ from the jurisdiction where you are located and may not provide the same level of protection compared to the laws in the jurisdiction in which you are located. When we transfer personal information subject to the data protection laws of the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland outside of the EEA, UK, or Switzerland, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission.

Additional Information for Individuals Located in the EEA, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, you may have additional rights to withdraw consent, request access to, correction of, erasure of, or the transfer of your personal information, or object to or restrict the processing of your personal information. You may exercise these rights, if applicable, by contacting us as described in the “Contact Us” section of this Policy. Individuals located in the EEA, UK, or Switzerland may also have the right to lodge a complaint with an EEA, UK, or Swiss supervisory authority, as applicable.

Additional Information for Residents of California

This section applies only to residents of the State of California and generally describes how we collect, use, and disclose the personal information of California residents and their households (“California Personal Information”). However, California Personal Information does not include, and this section does not apply to:

- Personal information reflecting a communication or a transaction between us and a California resident acting as a representative of an organization that relates to the organization obtaining products or services from us.

- Other personal information excluded or excepted from requirements of the California Consumer Privacy Act of 2018 (“CCPA”).

Additionally, this section applies only to the extent we direct the purposes and means of California Personal Information processing and otherwise qualify as a business subject to the CCPA.

California Personal Information We Collect

We may collect, and may have collected in the preceding 12 months, the following categories of California Personal Information, as described in more detail above in “The Information We Collect” section:

- Identifiers, including online identifiers.

- Commercial information.

- Internet and other electronic activity information.

- Inferences drawn from your activity.

- Geolocation data.

- Biometric information.

- Other categories of personal information described in California law.

Sources of California Personal Information We Collect

We collect California Personal Information from the sources described in the “Information We Collect” section of this Policy.

Purposes for Which We Use California Personal information

We may collect and use the categories of California Personal Information described in the “California Personal Information We Collect” section above for one or more of the business and commercial purposes described in the “How We Use Your Information” section above.

Disclosures of California Personal Information for a Business Purpose

In the preceding 12 months, we may have disclosed the categories of California Personal Information listed below to the categories of third parties identified below for a business purpose:

- Identifiers, including online identifiers—with our service providers.

- Commercial information—with our service providers.

- Internet and other electronic activity information—with our service providers.

- Inferences drawn from your activity—with our service providers.

- Geolocation data—with our service providers.

- Biometric information—to such third parties as you may authorize.

- Other categories of personal information described in California law—with our service providers.

Sales of California Personal Information

In the preceding 12 months, we have not sold California Personal Information. We do not sell California Personal Information, and we do not have actual knowledge that we sell California Personal Information of consumers under 16 years of age.

California Personal Information Rights and Choices

The CCPA provides California residents with specific rights regarding their California Personal Information. This section describes those rights and explains how to exercise those rights to the extent we direct the purposes and means of the processing of your California Personal Information processing and otherwise qualify as a “business” under the CCPA.

Access to Specific Information and Data Portability Rights

California residents have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your California Personal Information over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will disclose to you, depending on the scope of the request:

- The categories of California Personal Information we collected about you.

- The categories of sources for the California Personal Information we collected about you.

- Our business or commercial purpose for collecting California Personal Information about you.

- The categories of third parties with which we share your California Personal Information.

- The specific pieces of California Personal Information we collected about you.

- If we disclosed your California Personal Information for a business purpose, a list of the categories of third parties to whom we disclosed California Personal Information for a business purpose identifying the categories of California Personal Information disclosed to those parties in the preceding 12 months.

Deletion Request Rights

California residents have the right to request that we delete California Personal Information, subject to certain exceptions. Once we receive and confirm your verifiable consumer request pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will delete your California Personal Information from our records, unless an exception applies.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at support@neurofit.app.

You may designate an authorized agent to submit requests on your behalf through a signed written permission that authorizes the agent to act on your behalf. We may mandate additional requirements when submitted through an authorized agent, such as requiring you to verify your identity directly with us or to directly confirm the authorized agent’s permission to act on your behalf.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Information, or an authorized agent of that person. In order to verify your request, we may require you to provide additional information, including account profile information such as your Services email address and other information elements necessary to verify your identity. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with California Personal Information if we cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, if you have a password-protected account with us we consider requests made through that account sufficiently verified when the request relates to California Personal Information associated with that specific account.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill, or are permitted to decline, your request then we will alert you or your authorized agent. For data portability requests, we will select a format to provide your California Personal Information that is readily usable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision, and we reserve the right to either refuse to act on your request or charge you a reasonable fee to complete your request if it is excessive, repetitive, or manifestly unfounded.

Non-Discrimination

Subject to certain exceptions, you have the rights to not receive discriminatory treatment for exercising your access, data portability, opt-out, and deletion rights described above.

Contact Us

What if I have questions about this policy?

If you have any questions or concerns regarding this Policy, or you would like to ask for amendment or deletion of your personal information, please send us a detailed message to support@neurofit.app, and we will try to resolve your concerns.