Privacy

Privacy Policy

Your privacy matters to us. Here's how we protect and handle your data.

Data Controller

For the purposes of the UK GDPR and related data protection laws, the Data Controller is Neurobuff Limited (Company Number: 16866010).
Registered Address: Green Acres New Hey Lane, Newton, Preston, England, PR4 3SB.
Contact: support@neurobuff.app

Information We Collect

We collect information you provide when creating an account, training data from your sessions, and basic usage analytics to improve our services.

Account information such as email and name
Onboarding quiz answers, including your selected age range and training preferences
Training performance and progress data
Usage patterns and preferences
Marketing email preference if you choose to opt in
Technical diagnostics when contacting support, such as browser info and page URL

Lawful Basis For Processing

Under UK GDPR, we must have a lawful basis to process your data. We rely on the following:

Contractual Necessity: To provide our cognitive training services and manage your account or subscription.
Legitimate Interest: To improve our algorithms, ensure system security, and provide customer support.
Consent: When you explicitly agree to analytics cookies to help us improve the site.
Consent: When you separately opt in to receive marketing emails.

Third-Party Processors

We use trusted third-party services to operate Neurobuff securely and efficiently. We share only the strictly necessary data with them:

Supabase: For secure database hosting and user authentication.
Stripe: For processing secure payment transactions.
Sentry & Swetrix: For performance monitoring and (consented) usage analytics.
AWS & PrivateEmail: For delivering transactional emails and providing customer support.

International Data Transfers

Our primary database (Supabase) is hosted in the United States (US East). When data is transferred outside the UK/EEA, it is protected by Standard Contractual Clauses (SCCs) and high encryption standards to ensure it receives equivalent legal protection.

Data Retention

We retain your personal data only for as long as your account is active. When you delete your account, your profile and training data are permanently erased from our active databases. Secure system backups are automatically purged after 7 days. To preserve community discussions, any public forum posts are retained but fully anonymized.

Your Rights

You have full control over your data and hold several rights under UK GDPR:

Access & Correction: Request a copy of your personal data or correct inaccurate information.
Deletion: Delete your account and personal data at any time via your account settings.
Data Portability: Request an export of your training data via support.

If you believe we are mishandling your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at ico.org.uk.

Cookies & Storage

We use local storage and cookies to enhance your experience. Here's how we categorize them:

Strictly Necessary

Essential for site functionality. Includes authentication sessions and tracking your core gameplay progress. These cannot be disabled.

Functional

Remember your preferences like theme, UI settings, and game configurations. You can disable these, but some features may not work as expected.

Analytics

Help us understand how you use our site so we can improve it. We use internal, anonymized analytics depending on your explicit consent.

Contact Us: If you have questions about this privacy policy or how we handle your data, please contact us at support@neurobuff.app