Consumer Health Data Privacy Policy

1. Introduction

This Consumer Health Data Privacy Policy ("Health Data Policy") describes how Neurolife, operated by Adspro Digital Private Limited, collects, uses, shares, and protects your consumer health data. This policy supplements our general Privacy Policy and provides additional information specific to health-related information.

We are committed to maintaining the highest standards of privacy and security for your health data, in compliance with applicable health data privacy laws including state consumer health data privacy laws.

2. What is Consumer Health Data?

"Consumer Health Data" means personal information that identifies or can be used to identify an individual and relates to:

• Physical or mental health status, condition, treatment, or diagnosis
• Social, psychological, behavioral, or medical interventions
• Health-related surgeries or procedures
• Use or purchase of prescribed medication
• Bodily functions, vital signs, symptoms, or measurements
• Diagnoses or diagnostic testing, treatment, or medication

3. Health Data We Collect

Through your use of Neurolife, we may collect the following types of consumer health data:

3.1 Assessment Data

• Responses to nervous system assessment questions
• Self-reported symptoms (anxiety, stress, pain, fatigue, etc.)
• Physical sensations and bodily responses
• Emotional state and mental health indicators
• Sleep patterns and quality
• Stress levels and triggers

3.2 Program and Progress Data

• Selected wellness programs and goals
• Exercise completion and frequency
• Progress tracking and outcomes
• Notes and reflections on exercises
• Changes in symptoms over time

3.3 Inferred Health Data

• Nervous system state classifications (based on polyvagal theory)
• Program recommendations based on your assessment
• Patterns in your usage and engagement

4. How We Use Your Health Data

We use your consumer health data only for the following purposes:

4.1 Primary Purposes

• Personalization: To analyze your nervous system state and recommend appropriate somatic exercises and programs
• Service Delivery: To provide, maintain, and improve our wellness services
• Progress Tracking: To help you monitor your progress and outcomes
• Communication: To send you relevant program updates and wellness tips

4.2 Research and Improvement

We may use aggregated, de-identified health data for research and improvement purposes. This data cannot be used to identify you personally and helps us:

• Improve program effectiveness
• Develop new features and exercises
• Understand usage patterns and outcomes
• Contribute to somatic and nervous system research

5. How We Share Your Health Data

5.1 Limited Sharing

We may share your health data only in the following limited circumstances:

With Your Explicit Consent

• When you explicitly authorize us to share your health data
• With healthcare providers if you choose to share your progress

Service Providers

• With trusted third-party service providers who assist in operating our Services (e.g., cloud hosting, data analytics)
• These providers are contractually obligated to protect your data and may only use it to provide services to us
• They cannot use your health data for their own purposes

Legal Requirements

• When required by law, regulation, legal process, or government request
• To protect the rights, property, or safety of Neurolife, our users, or the public
• In connection with legal proceedings or investigations

Business Transfers

• In connection with a merger, acquisition, reorganization, or sale of assets
• Any successor entity will be bound by this Health Data Policy

5.2 De-identified Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you. This data may be used for research, analytics, or business purposes.

6. Your Rights Regarding Health Data

You have specific rights regarding your consumer health data:

6.1 Right to Access

• Request confirmation of whether we collect or share your health data
• Request a copy of your health data in a portable format

6.2 Right to Delete

• Request deletion of your health data
• We will delete your data within 90 days, except where retention is required by law

6.3 Right to Withdraw Consent

• Withdraw your consent for collection or sharing of health data at any time
• Note: Withdrawal may limit your ability to use certain features

6.4 Right to Opt-Out

• Opt-out of the sale or sharing of your health data (though we never sell your data)
• Opt-out of targeted advertising using your health data

6.5 Right to Non-Discrimination

• You will not be discriminated against for exercising your rights
• We will not deny services, charge different prices, or provide different quality based on exercising your rights

6.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@neurolife.fit with the subject line "Health Data Rights Request."

We will respond to your request within 45 days (or as required by applicable law) and verify your identity before processing your request.

7. Health Data Security

We implement robust security measures to protect your consumer health data:

7.1 Technical Safeguards

• End-to-end encryption for data in transit (TLS/SSL)
• Encryption at rest using industry-standard algorithms
• Secure data storage with access controls
• Regular security audits and vulnerability assessments
• Multi-factor authentication for account access

7.2 Administrative Safeguards

• Limited access to health data on a need-to-know basis
• Employee training on data privacy and security
• Confidentiality agreements with all personnel
• Incident response and breach notification procedures

7.3 Physical Safeguards

• Secure data centers with physical access controls
• Regular backups with secure storage
• Disaster recovery and business continuity plans

8. Data Retention

We retain your consumer health data only for as long as necessary to:

• Provide you with our Services
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Support business operations and improvements

When you delete your account, we will delete or de-identify your health data within 90 days, except where we are required to retain it for legal, regulatory, or security purposes.

9. Geolocation Data

We do not collect precise geolocation data. We may collect general location information (city/region level) based on your IP address solely to:

• Provide localized content and time zone settings
• Comply with regional legal requirements
• Improve service performance

This general location data is not linked to your health data and is not used for health-related inferences.

10. Children's Health Data

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect consumer health data from children. If we become aware that we have collected health data from a child without proper consent, we will take immediate steps to delete that information.

11. International Data Transfers

Your health data may be processed in countries outside your country of residence. We ensure that appropriate safeguards are in place to protect your health data in accordance with this policy and applicable laws, including:

• Standard contractual clauses
• Adequate data protection frameworks
• Encryption and security measures

12. Authorized Representatives

You may designate an authorized representative to exercise your rights on your behalf. To do so, you must:

• Provide written authorization signed by you
• Verify your identity and the representative's authority
• Submit the authorization to support@neurolife.fit

13. Data Breach Notification

In the event of a data breach that affects your consumer health data, we will:

• Notify affected individuals without unreasonable delay
• Notify relevant regulatory authorities as required by law
• Provide information about the breach, potential risks, and remedial actions
• Take immediate steps to mitigate the breach and prevent future incidents

14. Changes to This Policy

We may update this Consumer Health Data Privacy Policy from time to time. Material changes will be communicated through:

• Email notification to your registered email address
• Prominent notice in our Services
• Update of the "Last Updated" date at the top of this policy

We encourage you to review this policy periodically. Your continued use of our Services after changes constitutes acceptance of the updated policy.

15. State-Specific Rights

Depending on your location, you may have additional rights under state law. For California residents, please see our California Privacy Notice.

16. Contact Us

If you have questions, concerns, or requests regarding this Consumer Health Data Privacy Policy or our handling of your health data, please contact us: