Data Protection
Our Data Protection Promise
Your health data is among the most personal information you can share. We treat it with the utmost respect and protection. We follow GDPR principles, implement robust security measures, and give you full control over your information.
MyNeuroAge is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This page explains our security practices, your rights, and how we keep your information safe.
How We Protect Your Data
We implement multiple layers of security to keep your health information safe.
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your health information is never transmitted or stored in plain text.
Secure Infrastructure
Our servers are hosted in EU data centers with SOC 2 Type II certification. Physical and logical access controls protect against unauthorized access.
Access Controls
Employee access to user data is strictly limited to those who need it for support. All access is logged and regularly audited.
Security Testing
We conduct regular security assessments, penetration testing, and code reviews to identify and address vulnerabilities.
Your Data Rights
Under GDPR and applicable privacy laws, you have significant control over your personal data.
Right to Access
You can request a copy of all personal data we hold about you. We will provide this within 30 days in a portable format.
Right to Portability
You can export your data at any time through your account settings in a machine-readable format (JSON, CSV).
Right to Erasure
You can request complete deletion of your account and all associated data. We will process this within 30 days.
Right to Restrict
You can request that we limit how we process your data, for example during a dispute about accuracy.
To exercise any of these rights, contact us at kjmersland@gmail.com. We will respond within 30 days.
GDPR Compliance
As a Norwegian company, we are fully subject to GDPR. We embrace its principles not just as legal requirements, but as the right way to handle personal data. Our commitments include:
- We only collect data that is necessary for our service
- We process data only for the purposes you have consented to
- We keep data only as long as necessary
- We maintain accurate and up-to-date records
- We implement appropriate security measures
- We can demonstrate compliance through documentation
Data Protection Officer
For data protection inquiries, you can reach our team at kjmersland@gmail.com. We are committed to addressing any concerns promptly and thoroughly.
International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). When we need to transfer data outside the EEA (for example, to service providers), we ensure appropriate safeguards are in place:
- • Standard Contractual Clauses (SCCs) approved by the European Commission
- • Data processing agreements with all third-party processors
- • Regular review of recipient country privacy protections
- • Supplementary technical measures where needed
Data Breach Response
While we take extensive precautions to prevent data breaches, we have procedures in place should one occur:
- • Immediate containment and assessment of any incident
- • Notification to relevant supervisory authorities within 72 hours where required
- • Direct notification to affected users when the breach poses high risk to their rights
- • Full documentation and post-incident review
We are committed to transparency and will communicate openly about any incidents that may affect your data.
Contact & Complaints
Contact Us
For any data protection questions or to exercise your rights:
KM TECH LABS
Kristiansand, Norway
Email: kjmersland@gmail.com
Supervisory Authority
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with:
Datatilsynet (Norwegian Data Protection Authority)
www.datatilsynet.no