Privacy Policy
Last updated: March 30, 2026
Neuropsych ("we," "us," "our") operates the website neuropsych.io. This policy explains what data we collect, why, how we store it, and your rights.
1. What We Collect
| Data | When | Why |
|---|
| Email address | Account creation | Authentication, account recovery |
| Display name | Account creation (optional) | Personalization |
| Date of birth | Post-signup onboarding | Age-matched normative comparisons |
| Gender | Post-signup onboarding | Gender-stratified normative data |
| Test responses | During assessments | Scoring, profile generation, research |
| Newsletter email | Footer subscription | Product updates (no third-party sharing) |
We do not collect: real names (unless you enter one), physical addresses, phone numbers, payment card details (no payments yet), IP addresses for tracking, or any data from your device beyond what the browser provides for test execution.
2. How We Use Your Data
- Assessment scoring: Your test responses are processed to generate cognitive domain scores and, if requested, a Cognitive Profile Report.
- Normative comparisons: Your age and gender are used solely to compare your scores against published normative datasets (e.g., NEURONORMA, WAIS-V norms).
- Research (aggregate only): De-identified, aggregate data may be used to develop normative benchmarks. Individual data is never shared without explicit consent.
- Communication: If you subscribe to our newsletter, we send periodic updates about new tests and validation studies. We do not share your email with third parties.
3. Anonymous Users
You can take up to 5 tests without creating an account. Anonymous test data is stored only in your browser's localStorage and is not sent to our servers. We have no way to identify or contact you. If you clear your browser data, these results are permanently lost.
4. Where Data Is Stored
- Authentication and user data: Supabase (hosted on AWS, US region). Encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Website hosting: Cloudflare Pages (global CDN). No server-side data processing beyond static file delivery.
- AI Report generation: When you request a Cognitive Profile Report, your test scores (not personal identifiers) are processed by a locally-hosted AI model. Report content is stored in Supabase linked to your user ID.
5. Data Sharing
We do not sell, rent, or share your personal data with third parties. Period.
The only third-party services with access to any user data are:
- Supabase: Database and authentication provider. Subject to their privacy policy.
- Google OAuth: If you sign in with Google, Google provides us your email and profile picture. We do not receive your Google password or access any other Google data.
6. Data Retention
- Account data is retained as long as your account exists.
- Test results are retained as long as your account exists.
- Newsletter subscriptions are retained until you unsubscribe (email us at the address below).
- When you delete your account, all associated data (profile, test results, report requests) is permanently deleted within 30 days.
7. Your Rights
Regardless of where you live, you can:
- Access your data: View your profile and all test results at any time through the platform.
- Export your data: Request a full export of your data by emailing us.
- Delete your data: Delete your account from the Profile menu. This is immediate and irreversible.
- Correct your data: Update your profile information at any time.
- Withdraw consent: Stop using the platform at any time. Your existing data will be retained unless you delete your account.
If you are in the EU/EEA, you have additional rights under GDPR including the right to lodge a complaint with your local supervisory authority.
8. Children
Neuropsych is designed for adults (18+). We do not knowingly collect data from children under 16. If you believe a child has created an account, please contact us and we will delete it.
9. Cookies and Local Storage
We use:
- Authentication cookies: Set by Supabase to maintain your login session. These are strictly necessary and cannot be disabled.
- localStorage: Used to store anonymous test results, UI preferences, and session cache. No tracking or analytics cookies are used.
We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.
10. Security
We implement industry-standard security measures including:
- TLS encryption for all data in transit
- AES-256 encryption at rest (Supabase/AWS)
- Row-level security policies restricting data access to the owning user
- No plaintext storage of passwords (handled by Supabase Auth with bcrypt)
Neuropsych is not HIPAA-compliant. It is a cognitive screening tool, not a covered healthcare entity. If you are a healthcare provider considering clinical use, please contact us to discuss requirements.
11. Changes to This Policy
We may update this policy as our platform evolves. Material changes will be communicated via a banner on the website. The "Last updated" date at the top reflects the most recent revision.
12. Contact
For privacy inquiries, data export requests, or concerns:
Email: [email protected]
Website: neuropsych.io