Privacy Policy

Neural Omega S.L. ("Neural Omega," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platforms and services.

This policy applies to:

• Neural Omega Health (patient and clinician platform)
• Neural Omega Research (research and pharmaceutical platform)
• neuralomega.com (corporate website)

1. Information We Collect

1.1 Personal Information

We collect information that identifies you as an individual, including:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password, profile preferences
• Professional Information: Institution, role, credentials, area of specialization
• Payment Information: Billing address, payment method details (processed securely through third-party providers)

1.2 Health Information (Neural Omega Health Only)

When you use Neural Omega Health, we may collect:

• Symptom Data: Self-reported symptoms, triggers, and patterns
• Medical History: Diagnoses, medications, treatments, and outcomes
• Biometric Data: Data from wearables or monitoring devices (with your consent)
• Clinical Notes: Information shared by your healthcare providers (with appropriate authorization)

1.3 Automatically Collected Information

We automatically collect certain information when you use our services:

• Usage Data: Pages visited, features used, time spent, interaction patterns
• Device Information: Device type, operating system, browser type, IP address
• Location Data: General geographic location (city/region level) based on IP address

2. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent: Processing health data for personalized insights, sending marketing communications, using non-essential cookies
• Contractual Necessity: Providing and maintaining our services, processing payments, account communications
• Legal Obligation: Complying with applicable laws and regulations, responding to legal requests
• Legitimate Interests: Improving our services, ensuring security, conducting internal analytics

For health data processing, we rely primarily on explicit consent and ensure you can withdraw consent at any time.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: Deliver personalized health tracking, symptom analysis, treatment insights, and research tools
• Service Improvement: Analyze usage patterns, develop new features, enhance user experience
• Communication: Send service notifications, respond to inquiries, provide support
• Legal and Security: Comply with legal obligations, protect against fraud, enforce our Terms of Service
• Research and Development: Use aggregated, de-identified data to advance autoimmune research

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• Service Providers: Third-party vendors who help us operate our platforms (cloud hosting, payment processing, analytics)
• Healthcare Partners: With your explicit consent, we may share health data with your chosen healthcare providers
• Research Partners: Only aggregated, de-identified data for scientific research purposes
• Legal Requirements: When required by law or to protect our rights and users' safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)

5. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Data Processing Agreements with our service providers

Our primary data centers are located in the EU.

6. Data Retention

We retain your personal data for the following periods:

• Account Data: While your account is active and for a reasonable period thereafter as required by law
• Health Data: For the duration you use Neural Omega Health, plus any legally required retention period
• Research Data: De-identified data may be retained indefinitely for research purposes
• Contact Records: For the duration necessary to respond to your inquiry and any follow-up requirements

7. Your Rights

Under the GDPR, you have the following rights:

To exercise any of these rights, please contact us at legal@neuralomega.com

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• End-to-end encryption for health data transmission and storage
• Regular security audits and penetration testing
• Access controls and authentication protocols
• Employee training on data protection practices
• Incident response and breach notification procedures

9. Cookies and Tracking

Our website uses minimal essential cookies for:

• Website functionality and user authentication
• Security and fraud prevention
• Essential service delivery

We do not use cookies for advertising or tracking purposes without your explicit consent.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of any material changes through email or prominent notice on our website. Your continued use of our services constitutes acceptance of the updated policy.