Privacy Policy

Neocore Health, Inc. ("Neocore," "we," "us," or "our") respects your privacy and is committed to protecting your information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use:

• Sonara (stimulus-based training platform)
• Resona (sound-based symptom management platform)
• Link (clinician-facing monitoring and management platform)
• Our websites and related services

Collectively, these are referred to as the "Services."

1. Scope

This Privacy Policy applies to information collected through:

• Our mobile applications
• Our web applications
• Our clinician dashboard (Link)
• Our website (neocorehealth.com)

It does not apply to third-party websites or services not operated by Neocore.

2. Information We Collect

2.1 Information You Provide Directly

We may collect:

• Name
• Email address
• Account credentials
• Organization affiliation
• Professional role (for Link users)
• Self-reported check-ins and feedback
• Messages submitted through support channels
• Payment information (processed via third-party processors)

2.2 Usage and Interaction Data

We may collect:

• Session activity
• Training progress
• Exercise completion
• Timestamps and engagement metrics
• Device information
• IP address
• Browser type
• Operating system
• Log data

2.3 Institutional or Clinical Use

When used by healthcare organizations:

• Users may input or upload information relating to patient engagement.
• Depending on the implementation, this information may include health-related data.
• The healthcare organization determines what data is entered into the system.

3. HIPAA and Protected Health Information

3.1 Consumer Use

If you use Sonara or Resona independently and not through a healthcare provider:

• Neocore may not be acting as a Covered Entity or Business Associate under HIPAA.
• Information you provide may not constitute Protected Health Information ("PHI") under HIPAA.
• Our practices are governed by this Privacy Policy and applicable consumer privacy laws.

3.2 Institutional Use

If the Services are used by a healthcare provider or organization:

• The provider is responsible for determining HIPAA applicability.
• Neocore may act as a Business Associate where a Business Associate Agreement (BAA) is executed.
• In such cases, PHI will be handled in accordance with the BAA and HIPAA requirements.

Neocore does not assume Covered Entity responsibilities unless a written BAA is in place.

4. How We Use Information

We use information to:

• Provide and maintain the Services
• Enable structured training and monitoring
• Authenticate users
• Improve performance and functionality
• Provide customer support
• Analyze usage trends
• Ensure security and prevent fraud
• Comply with legal obligations

We do not sell personal data.

5. How We Share Information

We may share information:

5.1 With Service Providers

Vendors that help operate the Services (e.g., hosting, analytics, payment processing), under contractual confidentiality obligations.

5.2 With Healthcare Organizations

If you use the Services through a clinic or hospital, your information may be accessible to that organization.

5.3 For Legal Compliance

If required by law, regulation, subpoena, or legal process.

5.4 In Business Transfers

In connection with mergers, acquisitions, or asset sales.

We do not sell personal data to third parties.

6. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information. These may include:

• Encryption in transit
• Role-based access controls
• Secure authentication systems
• Monitoring and logging

However, no system can guarantee absolute security.

7. Data Retention

We retain information:

• As long as necessary to provide the Services
• As required by contractual obligations
• As required by law

Healthcare organizations may control retention policies for institutional deployments.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your information
• Correct inaccurate information
• Request deletion
• Restrict processing
• Obtain a copy of your data
• Object to or opt out of certain processing where applicable

To exercise rights, contact privacy@neocorehealth.com.

If you use the Services through a healthcare provider, you may need to contact that provider directly for records they control.

California residents (CCPA / CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, including the right to know, delete, and correct certain personal information, and to limit use of sensitive personal information where applicable. We do not sell personal information as defined by California law. To submit a request, contact privacy@neocorehealth.com.

9. Children's Privacy

The Services are not intended for children under 18 unless used under supervision of a licensed provider and authorized by a parent or guardian. We do not knowingly collect personal information from children without appropriate authorization.

10. International Users

If you access the Services from outside the United States:

• Information may be transferred to and processed in the United States.
• By using the Services, you consent to such transfer.

11. Analytics and Cookies

Our website and web applications may use:

• Cookies
• Analytics tools
• Performance tracking technologies

These help us improve usability and performance. You may adjust browser settings to refuse cookies, though some features may not function properly.

12. Third-Party Integrations

If the Services integrate with third-party systems (e.g., EHR systems, messaging platforms), those systems are governed by their own privacy policies. Neocore is not responsible for third-party practices.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be reflected in the "Last updated" date. Continued use after changes constitutes acceptance where permitted by law.

14. Contact Information

Neocore Health, Inc.
privacy@neocorehealth.com