← SOS NeuroGround

Privacy Notice

Last updated: 17 June 2026

This Privacy Notice explains how SOS NeuroGround ("we", "us", "our") collects, uses, and shares personal data when you use the SOS NeuroGround application and website (the "Service"). We are the data controller for personal data described here.

1. Personal Data We Collect

  • Account data: email address, password (hashed), display name (optional), authentication identifiers from sign-in providers (e.g. Google).
  • Usage and content: emotional check-ins, intensity ratings, body-awareness selections, journal entries, and timestamps that you create in the app.
  • Entitlement data: whether you have purchased lifetime access, the purchase ID, environment (test or live), and timestamps. We do not store full payment card details.
  • Technical and support data: device type, operating system, app version, IP address, error reports, and messages you send to support.
  • Cookies and local storage: session tokens for sign-in, language preference, theme preference, and a local copy of your journal for offline use.

2. Purposes and Legal Bases

  • Provide the Service (account creation, save journal, unlock premium features) — performance of a contract with you.
  • Process your purchase and grant lifetime access — performance of a contract.
  • Security, fraud prevention, and abuse detection — legitimate interests.
  • Customer support — legitimate interests / performance of a contract.
  • Product improvement (aggregated, de-identified analytics) — legitimate interests.
  • Legal compliance (tax, accounting, responding to lawful requests) — legal obligation.
  • Marketing emails — only with your prior consent, which you may withdraw at any time.

3. How We Share Personal Data

We share personal data only with the following categories of recipients:

  • Paddle.com — our reseller and Merchant of Record. Paddle handles payment processing, fraud screening, tax calculation and remittance, invoicing, billing-related customer support, and refunds. See Paddle's privacy policy at paddle.com/legal/privacy.
  • Supabase (database, authentication, file storage hosting) — processes data on our behalf under a data-processing agreement.
  • Cloudflare (edge hosting and DDoS protection) — processes request data on our behalf.
  • Professional advisers (legal, accounting) — where strictly necessary and under confidentiality.
  • Authorities — where required by law, regulation, or valid legal process.

We do not sell personal data and we do not share it with advertising networks.

4. International Transfers

Some of our processors are located outside the European Economic Area / United Kingdom. Where data is transferred outside these areas, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and adequacy decisions.

5. Data Retention

  • Account and journal data: until you delete your account, then deleted within 30 days (except where retention is required by law).
  • Purchase and tax records: 7 years, as required by accounting law.
  • Support correspondence: 2 years.
  • Server and security logs: up to 90 days.

6. Your Rights

Depending on your jurisdiction, you may have the right to: access your personal data; rectify inaccurate data; erase your data; restrict or object to processing; data portability; withdraw consent; and lodge a complaint with your local supervisory authority. We respond to verified requests within one month.

To exercise these rights, email privacy@neuroground.app.

7. Security

We use industry-standard technical and organisational measures including encryption in transit (TLS), encryption at rest, row-level access control, least-privilege access for staff, and regular security reviews. No system is completely secure; please report suspected vulnerabilities to security@neuroground.app.

8. Cookies and Local Storage

We use only essential cookies and local storage entries (session, language, theme, offline journal copy). We do not use advertising or third-party tracking cookies. You can clear them at any time from your browser or device settings; doing so will sign you out.

9. Children

The Service is not directed to children under 16. If we learn we have collected personal data from a child without parental consent, we will delete it.

10. Changes

We will post any updates to this notice on this page and update the "Last updated" date. Material changes will be announced in-app or by email.

11. Contact

SOS NeuroGround
Email: privacy@neuroground.app