Updated: January 1, 2023
This Privacy Policy applies to you if you create a BrainHQ account on or after January 1st, 2022. If you created your BrainHQ account before that date, this Privacy Policy will apply to you if you continue to use your account on or after January 31st, 2022.
This privacy policy ("Privacy Policy") applies to users of Posit Science's Apps, and explains how your personal information is collected, used, and disclosed by Posit Science.
For this Privacy Policy, the following definitions apply:
"Apps" means Posit Science's websites, including www.BrainHQ.com, and our BrainHQ applications on the web, mobile phones, or tablets. The Apps are copyrighted works belonging to Posit Science.
"Posit Science," "we," "us," or "our" means Posit Science Corporation.
"Personal Information" means information that allows someone to identify or contact you, including for example your name, address, telephone number, and email address.
"Anonymous Information" means data that is not associated with or linked to your Personal Information; Anonymous Information does not, by itself, permit the identification of individual persons.
"Applicable Data Protection Laws" means all applicable federal, state, provincial and local laws, rules, regulations, directives, and governmental requirements currently in effect and as they become effective relating in any way to the privacy, confidentiality, or security of personal information, including the California Consumer Privacy Act ("CCPA") and EU General Data Protection Regulation ("GDPR") and regulations governing general data protection and all applicable industry standards concerning privacy, data protection, confidentiality, or information security. See Section 6 below for specific details as well as compliance with other international data protection and privacy laws.
"Data Subjects" means any individual person who can be identified, directly or indirectly, via an identifier such as a name, email address, phone number, an ID number, location data, or via factors specific to the persons physical, physiological, genetic, mental, economic, cultural, or social identity.
Capitalized terms used in this Privacy Policy but not defined in this Privacy Policy have the meanings given to them in the BrainHQ Terms and Conditions https://www.brainhq.com/terms (the "Terms and Conditions").
By registering with us or using our Apps, you expressly consent to the information handling practices in this Privacy Policy. If you reside outside the United States, you understand that your Personal Information will be processed in the United States, where laws regarding processing Personal Information may be different than in your country of residence.
- Information That We Collect About You.
- Information About You That We Collect From You.
- When you register for our newsletter, we ask you for and collect your name and email address.
- When you register for one of our Apps, we ask you for and collect your name, email address, and password for your Account.
- If you choose to register for one of our Apps with single-sign-on (SSO) provider, we will collect your name and email address from the SSO provier, and any other information provided or disclosed to you during the SSO registration process.
- Specific Apps may ask you for and collect additional information, such as your date of birth or your insurance policy number.
- If you choose to add information to your user profile, we will collect that information, such as your mailing address, your date of birth, or your geographical location.
- If you choose to use our “invite a friend” service, we will ask you for your friend’s contact information (for example, their name, email address, or mobile phone number). We may offer you the option of logging into and using a third-party social network or your address book to provide your friends’ contact information. We will automatically send your friend a one-time invitation to visit or use our Apps. We store the information about your friend for the purpose of sending this one-time invitation and tracking the success of our referral program. Your friend may contact us at [email protected] to request that we remove this information from our database.
- If you choose to participate in a survey, we may ask for and collect other requested information, such as your opinion of BrainHQ or your phone number.
- If you choose to contact us, for example by phone, email, fax, or letter, we collect your contact information as provided in that contact, for example your phone number, email address, fax number, or mailing address, and any information contained in the contact, for example a recording of the phone call, or the contents of the email, fax, or letter.
- When you pay for one of our Apps, we collect your complete credit card or other payment method information.
- Information About You That We Collect From Organizations That Provide You With Our Apps. We work with certain organizations that provide our Apps to their members as part of the service they offer to their members. In some cases, you can register for one of our Apps with that organization, and that organization will, as a result of your action, pass Personal Information about you to us so that we can register you for one of our Apps. The information passed to us will be disclosed to you by that organization when you register for one of our Apps through that organization.
- Information About You That Is Created When You Use Our Apps.
- When you use our Apps, we record certain information automatically, for example your Internet protocol ("IP") address, browser type and plugins, operating systems, screen size and resolution, the time and date at which you access our Apps, and an estimate of your geographical location.
- When you use our Apps, we record actions you have taken in our Apps, for example what buttons you click; events that occur, for example when you start a training exercise; and your usage, progress, and performance data.
- Information About You That Is Created When You Read Our Emails. Our emails to you use email beacons or tracking pixels. Email beacons and tracking pixels are small electronic images that tell us if an email has been opened and acted upon.
- How We Store and Transmit Information About You.
- Our Apps encrypt information before sending it to us over the internet. We follow current guidance regarding encryption standards from the National Institute of Standards and Technology (NIST).
- Our website uses “Cookies” and similar technologies. For more information on our use of cookies, see our Cookie Policy.
- Our Apps on mobile phones and tablets store information about you on your mobile phone or tablet.
- Our Apps store information about you on computer servers and databases managed by us and hosted by several third party companies.
- How We Use Information About You.
- We use your Personal Information to provide our service to you, to personalize your experience with our Apps, to improve our Apps, and to secure your Account.
- We may use your Personal Information to send you transactional emails (such as a password reset), informational emails (such as a newsletter), and promotional emails (such as a special offer). You can opt-out of these emails as described in Section 5A.
- We may use your phone number, if provided to us, and other Personal Information to call you to provide help using our Apps. We will do this only at your request, or in when an organization providing you with our Apps (a Group as described in Section 4A) asks us to call you to provide help using our Apps. You can opt-out of these calls as described in Section 5B.
- We may use your mailing address, if provided to us, and other Personal Information to send you informational physical mail (such as a newsletter, or postcards). You can opt-out of these mailings as described in Section 5C.
- We may create Anonymous Information from your Personal Information, for example by making a copy of your Training Data that is not linked to your Personal Information. We reserve the right to use and disclose Anonymous Information at our discretion.
- We may use Anonymous Information to conduct scientific studies, and we may publish the results, for example at scientific conferences or in research journals. We do not use Personal Information in such work, nor do we disclose Personal Information in the conduct of such work.
- How We Disclose Information About You. Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent, or share your Personal Information with third parties, unless you ask or authorize us to do so.
- We Disclose Information About You to Organizations That Provide You With Our Apps.
- We work with certain organizations ("Groups"), such as hospitals, sports teams, retirement communities, and scientific organizations who provide our Apps to and directly supervise the use of our Apps by their members, such as patients, team members, residents, and research study participants. If your access to our Apps has been provided by a Group, or if at your request we added you to a Group, then your personal information may be shared with that Group so that they can offer their services to you. The privacy policies of these Groups may apply to the use and disclosure of your Personal Information that we collect and disclose to such Groups. Because we do not control the privacy practices of Groups, you should read and understand their privacy policies. You can contact us at [email protected] to identify any Groups that you are a member of, and who, as a result, has access to your Personal Information. At your request, we will remove you from any Group that you are a member of; however, this may mean that you will no longer have access to our Apps as a result of your membership in the Group and that if you wish to continue to have access to our Apps you will need to purchase a personal subscription.
- We work with certain organizations ("Insurance Companies"), such as health, auto, or long-term care insurance companies, who provide our Apps to their members at no cost to the member. If your access to our Apps is provided by an Insurance Company at no cost to you, then we may provide specific information (depending on the Insurance Company) about you to that Insurance Company. In particular, we may provide your Personal Information (for example, your name, your email address, or your insurance policy number) to your Insurance Company, so that your Insurance Company can verify your eligibility for our Apps. We may provide information about the frequency with which you use our Apps (for example, the number of times you used our Apps in a month, or that you did not use our Apps in that month), so that the Insurance Company can evaluate the usage of our Apps by their members and conduct analyses that relate the usage of our Apps to their own records (for example, to determine if people who frequently use our Apps also incur fewer insurance claims). If the Insurance Company provides you with an incentive (such as an insurance discount) for completing specific goals within our Apps, for example a specific amount of brain training, then we will share with the Insurance Company the specific information required to offer the incentive to you (such as the date on which you completed the goal). We will not share your other Training Data with the Insurance Company; and specifically, we will not share your cognitive performance data with your Insurance Company. The privacy policies of these Insurance Companies may apply to the use and disclosure of the data we collect and disclose to these Insurance Companies. Because we do not control the privacy practices of these Insurance Companies, you should read and understand their privacy policies. You can contact us at [email protected] to identify any Insurance Companies that you are a member of, and who as a result has access to your Personal Information and other data. At your request, we will remove you from any Insurance Companies that you are a member of; however, this may mean that you will no longer have access to our Apps or be eligible for certain incentives and that if you wish to continue to have access to our Apps you will need to purchase a personal subscription.
- We work with certain organizations ("Distribution Partners"), such as libraries, cell phone providers, and marketing partners who provide or recommend our Apps to their members and customers but do not directly supervise the use of our Apps by those members (e.g., library patrons, cell phone subscribers, attendees of a conference). We do not disclose Personal Information to Distribution Partners. We may disclose aggregated Anonymous Information to such organizations, such as the number of people from a Distribution Partner who have registered for our Apps.
- Situations Where We Disclose Personal Information About You With Specific Protections for You to Ensure Our Apps Work and You Can Use Them.
- We may provide your Personal Information to third party service providers who work on behalf of or with us to provide functionality to our Apps, such as email services and web analytics services. These service providers are obligated to use your Personal Information only to provide services to us and not to disclose your Personal Information (except pursuant to a legal requirement such as a subpoena or warrant).
- If you choose to use features of our Apps with other users of our Apps, for example by inviting another user to use BrainHQ, we will share your Personal Information with other users as described by that feature.
- If you use our Apps in a language that is not English, we may work with certain organizations ("Localization Partners") to provide technical support to you in that language. We may share your Personal Information with the Localization Partner so that they can provide technical support to you. These Localization Partners are obligated to use your Personal Information only to provide technical support to you and not to disclose your Personal Information (except pursuant to a legal requirement such as a subpoena or warrant). You can contact us at [email protected] to identify any Localization Partners that provide support to you, and who as a result has access to your Personal Information. At your request, we will change the language in which you use our Apps to remove you from any Localization Partners; however, this may mean that you will no longer have access to our Apps in your preferred language.
- Changes in Our Organization That May Require Us to Disclose Your Personal Information.
- We may share some or all of your Personal Information with any parent company, subsidiaries, joint ventures, or other companies under common control (collectively, "Affiliates"), in which case we will require them to honor this Privacy Policy.
- In the event of a merger or acquisition transaction or proceeding involving sale, transfer, or divestiture of all or a portion of our business or assets, we may share your Personal Information for the purpose of allowing your continued use of the Apps as managed by the merged or acquiring company. In this event, the merged or acquiring company will possess the Personal Information collected by us and will assume the rights and obligations regarding your Personal Information as described in this Privacy Policy so that they can continue to provide the Apps to you. You will be notified by email within 30 days of this event should it occur, and at your request, delivered by email within a minimum of 60 days following your notification, the merged or acquiring company will be required to delete your Personal Information as described in Section 5D of this privacy policy.
- Situations Where We Are Required To Disclose Your Personal Information. We may be required by law, or by law enforcement officers acting under the color of law, to record some or all of your communications on or through the Apps. We may, and you hereby authorize us to, disclose your Personal Information (including your Account information) and your communications through the Apps, if required by law or by law enforcement officers acting under the color of law, or if we believe in good faith that disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on us; (b) to protect and defend the rights, property or safety of us, our Affiliates, other users, or you; or (c) to investigate any violation or potential violation of the law, this Privacy Policy, the Terms and Conditions, or any other agreements between you and Posit Science. We may also disclose your Personal Information as required to do so by law, for example, in response to a subpoena or order of a court of competent jurisdiction (e.g., a bankruptcy proceeding). We may also be required to release the personal information of EU and/or Swiss individuals in response to lawful requests from public authorities including to meet national security and/or law enforcement requirements.
- Your Choices Regarding Your Personal Information. We offer you choices regarding the collection, use, and sharing of your Personal Information.
- You can manage your email preferences, indicating that you want or do not want to receive informational emails (such as a newsletter) or promotional emails (such as a special offer). If you are an EU resident, in compliance with GDPR, we will contact you to obtain your consent to receive such communications and will only send them to you thereafter if we do receive your consent. As long as you maintain an Account with us, you will receive transactional emails (such as a password reset, or notices of material changes to our Terms and Conditions or this Privacy Policy).
- You can manage your phone preferences by contacting us at [email protected] and letting us know that you would prefer we do not call you to offer help using BrainHQ.
- You can manage your physical mail preferences by contacting us at [email protected] and letting us know that you do not want to receive our physical mail.
- You can manage your browser's cookies using the tools your browser provides, and you can opt-out of third-party vendor's use of cookies (including advertising networks like Google and Bing) by visiting the Network Advertising Initiative opt-out page. You can also customize your cookie preferences by clicking the cookie icon in the lower corner of the www.brainhq.com while logged out of BrainHQ.
- You may change the information you submitted for your Account either in the Apps or by contacting us at [email protected].
- If you ask us, we will delete your Account. When we do so, we will delete your Personal Information. We may retain a copy of your Training Data as Anonymous Information that is no longer linked to your deleted Personal Information. Please note that we may be required (by law or otherwise) to keep your Personal Information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request, only after we have fulfilled such requirements). When we delete your Personal Information, it will be deleted from the active database, but may remain in our archives.
- How We Comply With Applicable Data Protection Laws. We act in accordance with all Applicable Data Protection Laws to ensure the safety and privacy of your personal data including but not limited to instituting and enacting all organizational and technical measures that ensure an adequate level of protection of your personal data.
- How We Manage Your Personal Information Under GDPR. We use privacy practices and technical security measures to ensure that customer data is protected in compliance with GDPR.
- How We Transmit Data Between the EEA and the U.S. Under GDPR Pursuant to the Standard Contractual Clauses. If you are a Data Subject domiciled in the European Economic Area ("EEA"), Switzerland, or the United Kingdom, we will transmit and process your data in compliance with the obligations set forth in the Standard Contractual Clauses ("SCCs") approved by the European Commission as they relate to Posit Science as both a data processor and a data controller and to you as a data controller. As a result, in order to use the Apps, you agree that our adherence to the obligations and standards of the SCCs satisfies our obligations with respect to the legal transmission of personal data under GDPR. If you do not agree that we have met our obligations under the GDPR's data transfer requirements by adhering to the SCCs, and you are a Data Subject domiciled in the EEA, you may not use the Apps.
- How We Manage Your Personal Information Under GDPR. If you are a Data Subject domiciled in the EEA and covered by GDPR, we will provide a systematic approach to managing your personal information through our people, management processes, and information systems by applying a risk management methodology that is consistent with and in furtherance of the fundamental principles of GDPR. For more information on our GDPR compliance program, feel free to contact us at [email protected].
- How We Manage Your Personal Information Under CCPA. Effective on January 1, 2020, the CCPA allows California residents to obtain certain information collected by the business with whom they have established a business relationship and to make certain requests regarding that information. If you are a California resident, you may exercise certain rights to access, restrict, or delete your personal information stored by us by submitting a request by email to [email protected] with "CCPA Request" in the subject line.
- How We Manage Your Personal Information Under Other Regulatory Systems. We use privacy practices and technical security measures to ensure that customer data is protected in compliance with Canada's PIPEDA and PHIPA, South Africa's POPIA, Brazil's LGPD, and similar laws and regulatory systems. The technical measures and policies/procedures we implement as part of our comprehensive security policy can be reviewed at www.brainhq.com/security. If you have any questions regarding compliance with any specific law or regulatory system, please contact us at [email protected].
- Regarding Children. Our Apps are not directed to individuals under 13 and we do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at [email protected]. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information immediately.
- Do Not Track Compliance. We do track your use of the Apps over time because such tracking is required for us to track your progress through the brain training exercises and provide you with brain exercises that are tailored to you. Therefore, our Apps do not respond to Do Not Track ("DNT") signals. We do not track the users of our Apps across third party websites to provide targeted advertising directly to those websites. We do use advertising networks to present ads on third party sites, and those advertising networks and those third party sites may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. (For more information, see Section 2 above.) If you are visiting such advertising networks or third party sites, your browser allows you to set the DNT signal so those groups (particularly advertisers) know you do not want to be tracked. You can find out more about your browser's tracking capabilities and procedures for asking not to be tracked by contacting the developer or distributor of your particular browser.
- Third Party Websites, Products, Services, Content, and Links. Please be aware that the terms of our Privacy Policy do not apply to third party websites, products, services, or content or to links provided for the foregoing on our Sites or Apps. Third party providers of such third party websites, products, services, or content, may collect (via tracking technologies like Cookies or web beacons) and use information regarding your interaction with the third party website, product, service, or content that they deliver and with which you interact.
- Security.
- We make reasonable efforts to protect your Personal Information, but no company, including Posit Science, can fully eliminate security risks connected to handling information on the internet.
- You acknowledge that security safeguards, by their nature, are capable of circumvention and Post Science does not and cannot guarantee your personal information will not be accessed by unauthorized persons capable of overcoming such safeguards. In particular, our Apps may be used to access and transfer information, including your personal information, over the internet. You acknowledge and agree that Posit Science does not operate or control the internet and that unauthorized users (such as hackers) may use viruses, worms, trojan horses, and other undesirable data and software to obtain access to or damage our sites, apps, or your personal information.
- Furthermore, we cannot be responsible for any of your Personal Information that you release on your own, or that you request or authorize us to release.
- Protected Health Information. "Protected Health Information" or "PHI" means "individually identifiable health information" that we create or receive as a "business associate" of a health insurance plan or other "covered entity," as those terms are defined in the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Notwithstanding anything to the contrary in this Privacy Policy, Posit Science will use and disclose your PHI only as permitted by those rules and other applicable law.
- Amendment. This Privacy Policy may be amended by Posit Science from time to time. If we make material changes to this Privacy Policy, we will notify you by posting the revised Privacy Policy on our Sites or notifying you at the email address you used to register your Account. You are responsible at all times for updating your Account to provide to us your most current email address. If the last email address that you have provided to us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. Any changes to this Privacy Policy will be effective immediately for new users of our Apps; otherwise these changes will be effective upon the earlier of thirty (30) calendar days following our dispatch of an email notice to you or thirty (30) calendar days following our posting of a notice on our Apps. Your continued use of our Apps thirty (30) calendar days after the changes are first notified by Posit Science as described above will constitute your agreement to such changes. If you object to any change, your sole recourse shall be to immediately terminate your Account and cease using the Apps. Except as otherwise provided in this Section, no amendment to this Privacy Policy will be valid.
- Our Contact Information. If you have any questions about this Privacy Policy, please contact us by email at [email protected] or by writing to us at Posit Science Corporation, 160 Pine Street, Suite 200, San Francisco, CA 94111, in each case marking the message "Attention: Privacy Policy."