Privacy Policy

1. Who We Are

MyNeuroAge is operated by KM TECH LABS, a Norwegian company (Org.nr. 934 044 029) based in Kristiansand, Norway. We are the data controller for the personal information we collect through our platform.

Contact:
KM TECH LABS
Kristiansand, Norway
Email: kjmersland@gmail.com

2. Information We Collect

Account Information

When you create an account, we collect your email address, name (optional), and account credentials. This information is necessary to provide you access to our services.

Health Data from Connected Devices

With your explicit permission, we collect health metrics from your connected wearable devices and health apps, including:

• Sleep data (duration, stages, quality scores)
• Heart rate and heart rate variability (HRV)
• Activity data (steps, exercise, movement)
• Recovery and readiness scores
• Related biometric measurements

We do not collect location data, messages, contacts, or other non-health information from your devices.

Usage Information

We collect information about how you use our platform, including pages visited, features used, and interaction patterns. This helps us improve our service and provide better insights.

Technical Information

We automatically collect device type, browser type, IP address, and similar technical information to ensure our platform works correctly and securely.

3. How We Use Your Information

We use your information to:

• Provide our service: Generate personalized cognitive wellness insights based on your health data
• Improve our algorithms: Use aggregated, anonymized data to make our insights more accurate
• Communicate with you: Send service updates, respond to inquiries, and (with permission) send newsletters
• Ensure security: Protect against fraud, abuse, and unauthorized access
• Comply with law: Meet legal and regulatory requirements

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: Processing necessary to provide the service you requested
• Consent: For health data collection and optional communications
• Legitimate interests: For service improvement and security
• Legal obligation: When required by law

5. Data Sharing

We never sell your personal health data. We may share information with:

• Service providers: Companies that help us operate (hosting, analytics, payment processing), bound by strict data protection agreements
• Legal authorities: When required by law or to protect rights and safety
• Business transfers: In connection with a merger, acquisition, or sale of assets (you would be notified)

We do not share your individual health data with advertisers, data brokers, or other third parties for commercial purposes.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/HTTPS) and at rest
• Secure, access-controlled infrastructure
• Regular security assessments
• Employee access controls and training

While we take extensive precautions, no system is completely secure. We encourage you to use strong passwords and protect your account credentials.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain information.

8. Your Rights

Under GDPR and applicable privacy laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Revoke consent at any time

To exercise these rights, contact us at kjmersland@gmail.com. We will respond within 30 days.

9. International Transfers

Your data may be processed in countries outside the EEA. When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

MyNeuroAge is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or prominent notice on our platform. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact & Complaints

For privacy questions or to exercise your rights:
Email: kjmersland@gmail.com

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In Norway, this is the Datatilsynet (datatilsynet.no).