Privacy Policy

Last Updated: August 20, 2025

This Privacy Policy ("Policy") describes how Neuroworx Ltd ("We," "Us," or "Neuroworx"), a company registered in England and Wales under company number 14612373, with its registered office at 22 Charterhouse Square, London, England, EC1M 6DX, collects, uses, stores, and discloses personal data in connection with our website at www.neuroworx.io (the "Site"), our Software-as-a-Service (SaaS) platform, assessments, tools, and related services (collectively, the "Service"). We are committed to protecting your privacy and handling personal data in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By accessing or using the Service, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use the Service. This Policy may be updated from time to time; we will notify you of material changes via the Site or email. Your continued use of the Service after such updates constitutes acceptance of the revised Policy.

1. Data Controller and Processor Roles

Neuroworx acts as a data controller for personal data collected directly from users of the Site and Service (e.g., employers registering accounts). When processing personal data on behalf of employers (e.g., candidate assessment data), we act as a data processor. Employers using the Service are responsible for ensuring they have a lawful basis for processing candidate data and obtaining necessary consents.

For inquiries regarding data protection, contact our Data Protection Officer at support@neuroworx.io.

2. Types of Data We Collect

We collect the following categories of personal data:

  • Account and Contact Information: Name, email address, company name, job title, billing details, and other information provided during registration or use of the Service.

  • Usage Data: Information about how you interact with the Service, including IP address, browser type, device identifiers, pages visited, and timestamps.

  • Content Data: Job descriptions, company values, assessment responses, and other materials uploaded or generated via the Service.

  • Candidate Data: When employers use the Service to assess candidates, we process data such as names, contact details, responses to assessments, skills evaluations, personality traits, and performance metrics. This may include sensitive personal data (e.g., ethnic origin or health information) if relevant to assessments and with appropriate safeguards.

  • Payment Data: Credit card details or other financial information, processed securely via third-party payment gateways (we do not store full payment card details).

  • Cookies and Tracking Data: Data collected via cookies, web beacons, and similar technologies to analyze usage and improve the Service (see Section 9 for details).

  • Marketing Data: Preferences for receiving communications, if you opt in to newsletters or promotions.

We do not knowingly collect personal data from individuals under 18 years of age.

3. How We Collect Data

  • Directly from You: When you register, upload content, complete forms, or communicate with us.

  • Automatically: Through cookies, server logs, and analytics tools when you use the Site or Service.

  • From Third Parties: From employers (for candidate data), payment processors, or analytics providers.

  • From Candidates: Via assessments sent by employers.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes, based on the legal bases under UK GDPR:

  • Providing the Service: To create accounts, generate assessments, process results, and facilitate hiring (legal basis: performance of a contract).

  • Improving the Service: Analyzing usage to enhance features, develop benchmarks, and train AI models using anonymized data (legal basis: legitimate interests).

  • Compliance and Security: Detecting fraud, ensuring data integrity, and complying with legal obligations (legal basis: legal obligation and legitimate interests).

  • Marketing and Communications: Sending updates, newsletters, or promotional materials if you opt in (legal basis: consent).

  • Payments: Processing transactions (legal basis: performance of a contract).

  • Research and Analytics: Aggregating anonymized data for internal research (legal basis: legitimate interests).

For sensitive personal data, we rely on explicit consent or other applicable legal bases, ensuring processing is necessary and proportionate.

5. Sharing of Personal Data

We may share personal data with:

  • Service Providers: Third-party vendors for hosting, analytics (e.g., Google Analytics), payment processing (e.g., Stripe), and support services, bound by data processing agreements.

  • Affiliates: Within our corporate group for operational purposes.

  • Legal Requirements: To comply with laws, respond to authorities, or protect rights (e.g., in litigation).

  • Business Transfers: In connection with mergers, acquisitions, or asset sales, with notice to affected individuals.

  • Employers and Candidates: Assessment results shared with employers; candidates may receive feedback if configured.

We do not sell personal data. International transfers (e.g., to US-based providers) are protected by UK adequacy decisions, standard contractual clauses, or other safeguards.

6. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, firewalls, and regular security audits. However, no system is entirely secure; we cannot guarantee absolute protection against breaches. In the event of a breach, we will notify affected individuals and authorities as required by law.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined above:

  • Account data: For the duration of your subscription plus 7 years for legal compliance.

  • Candidate data: As directed by employers, typically up to 2 years post-assessment or until deletion request.

  • Usage data: Up to 3 years for analytics.

  • Anonymized data: Indefinitely for research.

Data is securely deleted or anonymized when no longer needed.

8. Your Rights

Under UK GDPR, you have rights regarding your personal data:

  • Access: Request a copy of your data.

  • Rectification: Correct inaccurate data.

  • Erasure: Request deletion (subject to legal exceptions).

  • Restriction: Limit processing in certain cases.

  • Objection: Object to processing based on legitimate interests or for marketing.

  • Portability: Receive data in a structured format.

  • Withdraw Consent: Where processing relies on consent.

To exercise these rights, contact support@neuroworx.io. We respond within one month, extendable if complex. You may complain to the UK Information Commissioner's Office (ICO) if unsatisfied.

Candidates: Rights requests should be directed to the employer (data controller); we assist as processor.

9. Cookies and Tracking Technologies

We use cookies for essential functions, analytics, and marketing. Categories include:

  • Essential Cookies: For site functionality (no consent required).

  • Analytics Cookies: To track usage (e.g., Google Analytics).

  • Marketing Cookies: For targeted ads.

Manage preferences via our cookie banner.

10. Children's Privacy

The Service is not intended for children under 18. If we learn we have collected such data, we will delete it promptly.

11. Changes to This Policy

We may update this Policy; changes are effective upon posting. We encourage periodic review.

12. Contact Us

For questions or concerns, email support@neuroworx.io.