Privacy Policy

1. Data Protection & Compliance

We adhere to the principles of the Data Protection Act 2018 and the UK GDPR when processing personal data collected from customers and visitors to our website.

2. Data We Collect & Purpose of Processing

We only collect and process personal data that is necessary to provide our services efficiently. This may include information related to account creation, bookings, support, and platform usage, processed under Article 6(1)(b) UK GDPR (contractual necessity). Where we rely on consent (for example, marketing), you can withdraw that consent at any time.

3. Data Processing & Storage

• Personal data is used solely for the purposes outlined in this policy
• Data is stored securely and retained only for as long as necessary to fulfil its intended purpose
• Once no longer required, data is securely deleted

4. Payment Processing

All payment transactions are processed through trusted PCI-DSS compliant third-party payment providers. Neurowaze does not store or have access to your card details. Under Article 6(1)(c) UK GDPR, we retain transaction data for tax and VAT compliance.

5. Data Transfers & International Storage

To ensure service continuity, some customer and email subscription data may be stored with third-party providers, including those located outside the UK or EEA. Where this occurs, we implement safeguards such as Standard Contractual Clauses (SCCs) or equivalent measures to protect your data.

6. Your Rights & Data Access

Under UK GDPR, you have the right to:

• Request a copy of the personal data we hold about you
• Request correction or deletion of your personal data (Right to Erasure)
• Withdraw consent for marketing communications at any time

Please note that deleting certain data may affect our ability to provide support for past purchases or services.

7. Marketing & Email Communications

• We may send marketing communications only to users who have explicitly opted in, in compliance with Article 6(1)(a) UK GDPR.
• Marketing emails may include updates about Neurowaze, new features, practitioner availability, service announcements, and relevant content. We do not sell or rent mailing lists.
• Every marketing email includes a clear unsubscribe link. You can opt out at any time and we will action your request promptly. Opting out of marketing does not affect essential service communications (for example, booking confirmations, security notices, and account-related emails).

8. Data Security & Protection

Neurowaze implements robust security measures to protect your personal data from unauthorised access, alteration, or loss.

Video sessions are conducted using Google Meet, accessed via Google APIs with user consent through OAuth. Neurowaze does not record, store, or analyse video or audio content from sessions. Data transmitted is encrypted in transit. Google acts as an independent data processor under its own privacy and security obligations, and may process data under EU SCCs and the UK Addendum where applicable.

9. Use of Google APIs and OAuth User Data

Neurowaze uses Google APIs to enable secure authentication, calendar integration, and video consultation functionality. Access to Google user data is provided only with the user’s explicit consent via Google OAuth. Google Calendar access is optional and is required only for practitioners who choose to manage client appointments through calendar-based scheduling and Google Meet links.

9.1 Google User Data Accessed

Depending on the features a user enables, Neurowaze may access the following Google user data:

• Basic profile information (name, email address)
• Google Calendar event metadata (date, time, duration, attendee status)
• Google Meet meeting links associated with scheduled appointments

Neurowaze does not access email content or Google Drive files. Where calendar information is used, we access only what is required to schedule, update, and display appointments.

9.2 How Google User Data Is Used

• To authenticate users securely using Google Sign-In
• To create, update, or display calendar events for booked sessions
• To generate Google Meet links for video consultations
• To ensure accurate scheduling and reminders

Google user data is used strictly to provide the requested functionality and is never used for advertising, profiling, or marketing purposes.

9.3 Data Storage, Retention, and Security

• Google user data is stored securely using industry-standard encryption
• Only the minimum data required for functionality is retained
• Data is deleted when a user disconnects their Google account or deletes their Neurowaze account
• Access is restricted to authorised systems only

9.4 Data Sharing and Third-Party Access

Neurowaze does not sell, share, or transfer Google user data to third parties. Google user data is not used to train AI or machine learning models and is not accessed by external partners.

10. Contact Forms and Support Requests

If you contact us via our website forms, we will process the information you provide (such as your name, email address, subject, and message) to respond to your enquiry and provide support.

Our contact form submissions are processed using Formspree, a third-party form processing provider. Formspree acts as a data processor to deliver your message to us and help us manage and protect our support channels from abuse. We do not use contact form submissions for advertising or marketing unless you have explicitly opted in separately.

11. Data Sharing & Third Parties

• We do not sell, rent, or trade personal data with third parties
• Data is only shared with trusted partners where necessary to provide the service you request, or where explicit user consent is provided, ensuring full compliance with UK GDPR

12. Spam and Abuse Prevention

We take reasonable steps to protect our services and communication channels from spam and automated abuse. This may include technical measures such as rate limiting, filtering, and anti-abuse controls. We do not send unsolicited bulk emails (spam) in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

13. Cookies & Tracking Technologies

Our website uses cookies for essential functions. Non-essential cookies (for example, analytics and tracking) require explicit user consent.

We use the following types of cookies:

• Essential Cookies: Required for the website to function properly
• Analytics Cookies: Used to analyse site performance and visitor interactions (where enabled by consent)

Users can adjust or revoke their cookie preferences through browser settings and, where provided, our cookie controls.

14. Testimonials & User Stories

From time to time, we may display testimonials from individuals who have used Neurowaze or who have benefitted from neuroplastic treatment. These testimonials are based on real experiences and are provided with consent. To protect the privacy of our users, some names, photographs, and identifying details may be changed or withheld. The content of the testimonials remains faithful to the original experience shared and is not fabricated or misleading.

15. Contact Us

For any privacy-related questions or to exercise your data rights, please contact:

Email: support@neurowaze.health