Privacy Policy

June 9,2020
NeuraMetrix, Inc. (“NeuraMetrix”) has implemented a privacy policy (“Privacy Policy”) to protect any personally identifiable information (“Personally Identifiable Information”) and individually identifiable health information (“Protected Health Information”) you share with us when you access our website or install and use NeuraMetrix TC. This Privacy Policy is designed to inform users how we gather and use personal information collected by us via our secure website (www.neurametrix.com), application (“NeuraMetrix TC”), and a "Dashboard" via a web secure portal (portal.neurametrix.com). We will take reasonable steps to protect user privacy consistent with the guidelines set forth in this Privacy Policy and with applicable laws.

Personally Identifiable Information


What Personally Identifiable Information do we collect?


Website: The only times we collect Personally Identifiable Information are when you:
  • opt-in to subscribe to the NeuraMetrix Newsletter where we collect your email address
  • send unsolicited inquiries via our website in which email and name are collected.
NeuraMetrix TC: If you are part of a study or are a patient enrolled by a physician, you have been assigned a User ID by your Trial Investigator or Physician. The assigned User ID is the ONLY information NeuraMetrix has regarding your registration. We have no Personally Identifiable Information such email, name, address, phone number, birth date, social security number, driver’s license number, medical record number, health plan or insurance number, credit card number or any other identifying information.

How do we use your Personally Identifiable Information?


Website: We use your email address to send out the NeuraMetrix Newsletter, if you have subscribed to receive the NeuraMetrix Newsletter. We use your email address to respond to your questions and comments. In the future, we may send you other materials relevant to your inquiry and our service. You will be able to choose to stop receiving emails by following the unsubscribe instructions included in such emails.

Dashboard: You access your online Dashboard (personal record of collected and analyzed cadence data) via a secure web portal using your User ID (not your email address or any other Personally Identifiable Information and personally selected password.

How do we protect your Personally Identifiable Information?


Email: Emails are stored on our hosted Mail servers in encrypted format. Your data is split into fragments and each fragment is then further encrypted before being stored on our disks. The keys that are used for encryption are managed with the utmost safety and reliability.
 
Newsletter: Newsletter email addresses are stored securely on our hosted Newsletter servers. We will never sell or give access to your email address to anybody else.

NeuraMetrix TC: The NeuraMetrix system is designed to identify a User only with a system-generated unique User ID, which is not connected to any Personally Identifiable Information. Clinical trial teams and physicians or a research team are the only individuals able to connect the User ID to a particular user.
 
​​​​​​​Dashboard: Your assigned User ID, not your email address, is used to access the web portal containing your Dashboard. While no Personally Identifiable Information is included on your Dashboard, you should log off the web portal after accessing your Dashboard. We recommend that you prevent unauthorized access to your Dashboard by selecting and protecting your password appropriately and limiting access to your computer or device and browser.

Protected Health Information


What Protected Health Information do we collect?


The NeuraMetrix TC client software, installed on the user’s computer, collects raw data on ‘key events’, i.e. pushing a key down or releasing it. From the data collected, the client calculates differential times, such as dwell times (how long a key is held down) and flight times (time from one key to the next). This calculated data is then sent to the NeuraMetrix server while the raw data is destroyed.
 
The NeuraMetrix server receives the data file, unpacks it and performs a series of steps to deal with outliers and calculates the typing cadence data into an overall measure of inconsistency.
 
As we collect and analyze the metadata associated with your typing cadence, we develop and record a history of your typing cadence and various scores and their trends. Additions to the Protected Health Information will also include inputs by you, any person authorized by you, or your physician via chart notes added to the Dashboard.

How do we use your Protected Health Information?


NeuraMetrix delivers the output through the NeuraMetrix portal where the User is identified only by a User ID. The dashboard displays a graph with the User’s inconsistency score over time plus average calculations of inconsistency and fluctuations. A neurologist would have access to this chart and could give the patient access.
 
We use de-identified Protected Health Information in our research efforts to correlate specific typing cadence patterns with different brain diseases and disorders. We may share de-identified health information with our partners, researchers and other interested parties.  In addition, we may share de-identified health information publicly to show trends about the use of our services.

How do we protect your Protected Health Information?


NeuraMetrix TC: To maximize data security and privacy, two key techniques have been incorporated:
  • The software installed on the user’s PC stores typing timing data ONLY in working memory - never on disk. Stealing the data from working memory is considerably more difficult than obtaining it from the hard drive.
  • The software collects data on 1000 keystrokes and then prepares to send a data file to the NeuraMetrix server. As part of the preprocessing, the local software deletes all the original clock stamps. Thus, the sequence of the original typing is eliminated and the data sent to the server cannot be reconstructed into text, protecting privacy.
Everything else occurring while data is being recorded would be due to hardware problems or the operating system.
 
Dashboard: ​​​​​​​The Protected Health Information which is accessible via the secure web portal is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. If it is provided to researchers, it will not be associated with any Personally Identifiable Information; it will only be associated with the User ID. If your physician or health care provider has access to your Dashboard, your Protected Health Information will be part of the Personally Identifiable Information within the electronic medical record only which is part of the secure operating system of your health care provider.

International Transfers


Your information may be processed on servers located outside of the country where you live. We maintain servers in the European Union for users that are European Union residents and for all other users we maintain servers in the United States. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy.

Research


We may use and disclose de-identified Protected Health Information for research purposes. No Personally Identifiable Information will be included with any of the Protected Health Information that may be disclosed. All research projects are subject to a special approval process by us and shall be at our sole discretion. This process evaluates a proposed research project and its use of Protected Health Information, trying to balance the research needs with subjects’ need for privacy of their Protected Health Information. Before we use or disclose de-identified Protected Health Information for research, the project will have been approved through this research approval process. In the event a researcher requests any Personally Identifiable Information, we will require your specific permission. You will have the right to decline to participate in such medical research or share such Personally Identifiable Information with the researcher.

Tracking Technologies

​​​​​​​
We use cookies, which are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enable the site’s or service provider’s systems to recognize your browser and capture and remember certain information. We use cookies to help us compile aggregate data about service use and website traffic so that we can improve service experiences. We may use trusted third-party services that track this information on our behalf. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. If you disable cookies, it will not affect your experience visiting our site.

Third Party Disclosure


We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information or Protected Health Information. However, website hosting partners and other parties who assist us in operating our services, website, or conducting our business, will have access to de-identified Personally Identifiable Information and Protected Health Information so long as such parties agree to keep such information confidential. We may release your Personally Identifiable Information when we believe release is required to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

Communications


We may use your email to respond to your email requests or inquiries and to improve our services. We may also use your email address, if you signed up for our Newsletter, to send updates and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Your Security


We take reasonable steps to ensure that your Personally Identifiable Information and Protected Health Information is kept safe from loss, unauthorized access, modification or disclosure. However, due to the nature of wireless technology and potential security breaches, we cannot ensure the security or privacy of information you submit electronically, including Personally Identifiable Information and Protected Health Information. Please remember that you control what Personally Identifiable Information and Protected Health Information you provide while using NeuraMetrix TC. Ultimately, you are responsible for maintaining the secrecy of your Personally Identifiable Information and Protected Health Information in your possession. Always be careful and responsible regarding your Personally Identifiable Information and Protected Health Information. We are not responsible for, and cannot control, the use by others of any information which you provide to them or make public in any way and you should use caution in selecting the Personally Identifiable Information and Protected Health Information you provide to others.

Consent


By providing Personally Identifiable Information and Protected Health Information to us, and installing and using NeuraMetrix TC you voluntarily consent to the collection, use and disclosure of Personally Identifiable Information and Protected Health Information as specified in this Privacy Policy. Without limiting the foregoing, we may on occasion ask you to consent when we collect, use, or disclose your Personally Identifiable Information and Protected Health Information in specific circumstances. Sometimes we may imply your consent through your conduct with us, and rely on that, if the purpose of the collection, use or disclosure is obvious and you voluntarily provide the information.

​​​​​​​You may revoke any and/or all consents you have given to us; in order to revoke such consent(s), please contact our Privacy Officer in writing at the address listed at the end of these terms and allow 30 days for such revocation to be effective. Please note, however, that revocation of any consent does not have retroactive effect.

Changes to This Privacy Policy


This Privacy Policy is effective as of June 9, 2020 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page. We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of NeuraMetrix TC after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy. If we make any material changes to this Privacy Policy, we will notify you either by email, by in-application message, by placing a prominent notice on our website, and/or by some other means.

Feedback and Complaints


You can contact us about this Privacy Policy in writing or by email to us at the address below. If you believe that there has been a third-party violation of this Privacy Policy, we request that you contact us immediately with the details of the violation.

NeuraMetrix, Inc.
182 Howard Street, Unit 245, San Francisco, CA 94105-1611, U.S.A.
email: privacy@neurametrix.com