We know your privacy is important to you, and we value the trust you put in us to help improve your brain performance! To provide our services, we ask for important personal data, including information about you and your health. Please review this Privacy Policy (the “Policy”) to understand how we collect, use, and share your personal data, as well as your choices and rights with respect to this information.

Who We Are

This is the Policy of Brain Resource, Inc. d/b/a Total Brain (“Total Brain,” “us,” “our,” or “we”), a California corporation. You can contact us here.

Applicability

This Policy applies to our “Services”, which includes:

• our brain performance and mental health analysis software and mobile application (the “Mobile App(s)” and together with other software we may offer, the “Platform”);
• our client reporting services (the “Reporting Services”); and
• our corporate website at totalbrain.com, and other websites that link to/post this Policy (including any subdomains or mobile versions the “Corporate Site(s)”).

Agreement

This Policy is incorporated into the Terms of Use governing your use of any of our Services. Any capitalized terms not defined in this Policy will have the definitions provided in our Terms of Use.

Following notice to you or your acknowledgement of this Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Policy.

Changes to Our Policy

We may change this Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Services following notice of any changes indicates acceptance of any changes.

Contact Us

Feel free to contact us with questions or concerns using the appropriate address below.

Email: legal@totalbrain.com

Phone: (415) 399-7990

Physical address:
Total Brain
Attn: Legal
268 Bush St.
#2633
San Francisco, CA 94104

Clients, Clinics and other Third Parties

Our Services may be provided to organizations that have entered into an agreement with us, such as an employer or a clinic (our “Clients”). When our Services are provided as part of a Client agreement, we may share certain information with our Client about that Client’s users of our Services (“Client Users”) as part of any authorized Reporting Services and/or any authorized Clinical Reporting. The extent of this reporting will vary based on the nature of the Client relationship, your consent, rights, choices, and other variables discussed further below. This Policy reflects only how we process Personal Data through our Services. This Policy does not apply to Clients’ uses of data accessed or made available through our Services.

This Policy also does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them.

Personal Data We Collect

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”), including certain Personal Data that may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation (“Special Category Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data
Personal Data about you and your identity, such as your name, username, birth date, gender, and other Personal Data you may provide on registration or purchase forms or as part of an account profile, or otherwise when you use our Services (e.g. biographical information).

Contact Data
Personal Data used to contact an individual, e.g. email address, physical address, or phone number.

Device/Network Data
Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.

Location Data
Personal Data relating to your geographic location, such as information collected from your device’s GPS, or location information you voluntarily provide to us.

Financial Data
Personal Data relating to financial accounts or services, e.g. a credit card or other financial account number, and other relevant information you provide in connection with a financial transaction.

User Content
Personal data contained in any free text or unstructured format, such as notes, comments, or other text entered into a text box, whether by you, a Client User, or provided by another third party.

Inference Data
Personal Data relating to inferences drawn from Personal Data to create a profile about you, such as predispositions, behavior, and attitudes.

Brain Performance Data
Inference Data relating to an individual’s brain performance (such as memory, cognition, attention, or similar characteristics) that is provided by or collected from a user of the Services or that is inferred or derived from an analysis of other Personal Data we collect under this Policy.

Physical Data
Personal Data relating to physical characteristics, such as your height and weight, and dominant hand (this may be classified under applicable law as Special Category Data), as well as heart rate and variability (“HRV”) data.

Mental Health Data
Personal Data, including Brain Performance Data, to the extent that data relates specifically to mental health, such as risk factors for or indicators correlated with certain mental health conditions, or other similar data (this may be classified under applicable law as Special Category Data).

Sources of Personal Data

We collect Personal Data in various ways, which vary depending on the context in which we process that Personal Data:

Data you provide to us
You may provide us or our Clients with Personal Data directly, for example, as part of account registration or when you provide information through the Platform.

Data we create or infer
We or our Clients (or third parties operating on our behalf) create and infer Personal Data such as Inference Data, Mental Health Data, or Brain Performance Data based on our observations or analysis of other Personal Data processed under this Policy.

Automatic Collection
We or our Clients (or third parties operating on our behalf) may collect certain Personal Data automatically, for example, Device/Network Data is typically collected automatically through the use of cookies and similar technologies used on our Corporate Site.

Clients
We may receive Personal Data from third parties with whom we or a Client have a relationship. For example, we may receive certain Personal Data when you sign up through your employer or clinical practice.

How We Process Personal Data

We generally process your Personal Data in connection with the following activities and purposes, as well as for the Business and Commercial purposes described below.

Account Registration
When you create an account on our Services, we process certain Personal Data, which typically includes Identity Data, Device/Network Data, Contact Data, and if you choose to provide it, Location Data. Additionally, if you make a purchase or initiate or renew a paid subscription through our Services, we may process Identity Data, Financial Data, and certain Contact Data. Note, third parties typically processes these transactions on our behalf.

We use Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Additionally, we use the Transaction Data, Identity Data and Contact Data as necessary to complete and provide you with important information regarding your transaction. Financial Data is used only as necessary to process transactions that you request. We may also use Location data in developing geographic clustering of brain profiles, and in personalization or recommendation of activities within the Platform.

Brain Performance Platform
If you use our Platform, we process Personal Data such as Identity Data, Device/Network Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data. We generally process the Personal Data provided through the Platform as necessary in connection with our provision of the Platform and services you request, including to create Brain Performance Data and Mental Health Data, and related Inference Data regarding your mental performance and mental health.

For example, we may track and analyze your memory, attention and cognition at a point in time or over time, or in response to certain environmental or other circumstances, and provide you with a dashboard summarizing this analysis. Additionally, we may collect certain additional information, such as HRV, when you agree to share that data. When we collect HRV, we may require access to your camera in order to observe your pulse and detect variation in your heart rate without the use of wearable equipment. The HRV function records only heart rate and variability and does not collect biometric information such as fingerprints or heart rhythm/ECG data, video, or images.

If you are a Client User, we may also process this Personal Data in connection with Client Reporting or Clinical Reporting if you access our Service through a Client or a clinic/health care provider for Clinical Reporting.

Note: We process Mental Health Data, Brain Performance Data, Location Data and Physical Data only in accordance with your consent where your specific is consent required by applicable law. We may also process Identity Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data using AI & Automated Analysis. This processing helps us better personalize the Platform, improve the accuracy and quality of our brain performance analysis, and our assessment of mental health risk factors.

Demos, Free Modules, Referrals

We may make certain modules or features of our Services available on our Corporate Site (e.g. totalbrain.com/mental-health-test-online) as part of consumer demos, testing, or as part of partner referral engagements (“Demo Modules”). When you use a Demo Module, we may process Inference Data and Brain Performance data related to your test. While we may store test results, and use this information our internal process/service improvement, or for our AI and automated analytics (see the business purposes of processing below), we do not collect or process any Identity Data or other user-specific identifiers, and this data is stored in anonymized form. Please note, we may, from time to time, work with certain third parties, e.g. as part of referral relationships or to provide links to third party services. We do not share Personal Data with these third parties unless notified to you prior to disclosure, and we do not control the third party privacy practices. Please review any third party privacy policies before disclosing your personal data or using third party services.

Surveys and Questionnaires

We may process Identity Data, User Content and certain Contact Data if you choose to complete a customer survey, questionnaire, or similar form. Note, some surveys are operated/controlled by us, and others are operated/controlled by our third party partners. We may receive this data from third parties to the extent allowed by the applicable partner.

In certain cases, we may also offer clinical ‘Screening Assessments’ where you may answer additional questions regarding your mental health and progress, in which case we will collect additional Identity Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data. This information will be processed in the same manner and subject to the same restrictions as data collected in connection with our Platform (described above), and in some cases, may be shared with the respective clinical Client.

Promotions and Offers

We may process Identity Data and certain Contact Data if you choose to register for special promotions and offers such as sweepstakes or contests. Note, some special promotions and offers are operated/controlled by us, and others are operated/controlled by third parties. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply.

Note: If you win a promotion, your acceptance of a prize may allow us to make certain Personal Data public, e.g. posting your name on a winner’s page. See the applicable program’s terms and conditions for details.

Cookies and Similar Tracking Technologies

We, and certain third parties, may process Identity Data, Contact Data, Location Data, and Device/Network Data when you interact with cookies and similar technologies on our Services. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.

Subject to users’ Rights and Choices, we use this information as follows:

1. for “essential” or “functional” purposes, such as to enable various features of the Services such as updating risk alerts, or staying logged in during your session;
2. for “analytics” and “personalization” purposes, consistent with our legitimate interests in how the Services are used or performs, how users engage with and navigate through the Services , what sites users visit before visiting our Services, how often they visit our Site, and other similar information, as well as to greet users by name and modify the appearance of the Service to usage history, tailor the Services based on geographic location, and understand characteristics of users in certain locations; and
3. on our Corporate Site, for “retargeting” or similar advertising purposes, so that you can see advertisements from us on other websites. These technologies and the data they collect, which may also include, may be used by advertisers to deliver ads that are more relevant to you based on content you have viewed, including content on our Corporate Site. These tracking technologies may also help prevent you from seeing the same advertisements too many times, and help us understand whether you have interacted with or viewed ads we’ve delivered to you. This collection and ad targeting takes place both on our Corporate Site and on third-party websites participating in an ad network, e.g., when our advertisements are delivered by an ad network on a third party website.

Note: Some of these technologies can be used by us and/or our third-party partners to identify you across platforms, devices, sites, and services.

Business and Commercial Purposes of Processing
The following provides additional information regarding the business and commercial purposes of processing.

Service Provision and Contractual Obligations
We process any Personal Data as is necessary to provide the Services, authenticate users and their rights to access the Services, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and Services you request.

Internal Processes and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interests in improving the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with logs and metadata relating to Services use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Data to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our users. This processing is subject to users’ Rights and Choices applicable to processing performed in accordance with our legitimate business interests.

Personalization
We process Personal Data in connection with our legitimate business interest in personalizing the Platform. For example, the Service may be customized to you so that it displays your name, reflects service preferences or to display content that we think may be of interest to you based on your interactions with our Platform, questionnaires, assessments, etc. This processing may involve the creation and use of Inference Data relating to your preferences. This processing is subject to users’ Rights and choices applicable to processing performed in accordance with our legitimate business interests.

AI & Automated Analysis

Our Platform is powered by machine learning algorithms that rely on databases, software, and other automation tools that process the data collected via our Platform. We process this data in order to develop and help us improve the accuracy and quality of our brain performance recommendations, related analytics, for Platform personalization, and to further refine and validate our assessment of mental health risk factors.

For example, we compare User data with prior outcomes and sequences of actions that have resulted in increased brain performance, indicate areas for improvement, and in connection with Screening Assessments, assess whether test results are consistent with those of individuals reporting common mental health conditions. We analyze this information to create a personalized course of action for the User that is customized to a User’s specific performance history, cognitive predispositions, and goals.

This analysis may reveal sensitive categories of personal data related to your health. We perform this assessment using automated means. Our Screening Assessments are non-diagnostic and intended only to provide you with suggestions and additional information that you may find useful as you take advantage of company benefits, in your personal life, or have discussions with healthcare professionals.

We use data collected from the training exercises and Screening Assessments to further improve our Platform, including our algorithm. We use de-identification and anonymization techniques to protect user privacy when we handle data in connection with machine learning and AI training. Training data is subject to our strict policies limiting access and re-identification. We anonymize customer information when you close your account, following certain rights requests, and if you cease using the service for an extended period of time.

Client Reporting
We process Client Users’ Identity Data, Brain Performance Data, and Mental Health Data in order to create aggregate, anonymized reports of mental health trends among the Client Users that are part of their organization. Unless you agree to have your Personal Data disclosed, these Client Reports consist of only Aggregated or Anonymized Data representing a summary of the productivity, mental health risks, and the mental/personality characteristics of Client Users in the Client’s organization.

With your consent and if permitted under our Client Agreement, we may disclose to Clients that a specific named individual has taken an assessment, the time the person has spent performing activities within the Platform, and the results of an assessment or any other Personal Data to the Client (note, in such cases, you may be required to provide your prior consent to us or the Client).

Clinical Reporting
In certain contexts and with your authorization (e.g. where our Service is used by a health care practice or clinical environment), we may provide access to complete assessments, including the Identity Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data in them, as well as additional analytics or features exclusive to a clinical offering. Certain health care providers may also provide additional Personal Data in connection with User Content they input into the Platform regarding a given user.

Anonymization & Aggregate Analytics
We will collect and aggregate or anonymize your Personal Data and information about your use of the Services in order to identify certain trends in how our Services are used, including without limitation, cognitive trends, user brain performance outcomes, geographic trends, etc. relating to our Platform (“Aggregated or Anonymized Data”). Aggregated or Anonymized Data is not Personal Data and does not contain information from which you may be personally identified, and we take steps to ensure that such information is not reasonably re-identifiable. When we process any Personal Data for this purpose, we do so subject to your consent where required by law, and at all times subject to users’ Rights & Choices.

We generally use this data in order to identify certain trends in how our Services are used, including without limitation, cognitive trends, user brain performance outcomes, geographic trends, etc. relating to our Platform. For example, we may process Brain Performance Data to determine aggregate trends in brain performance and the response to various activities, games, and other aspects of our Platform. We may also use this information in connection with AI and Automated Analysis.

We may share Aggregated or Anonymized Data with third parties, including (without limitation) for Research and Public Health purposes, or with Clients as part of Client Reporting, to give them a better understanding of our business and improve the marketability or performance of our Services.

Research and Public Health
We may also process and disclose your Personal Data for uses related to medical research, public health, and for other research and public health/safety grounds, to the extent and under the conditions allowed by applicable law.

Compliance, Health, Safety & Public Interest
Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data for purposes determined to be in the public interest, required by law, or as necessary in connection with the establishment or defense of our legal rights. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, to establish claims for violations of applicable contracts, for authorized medical or public health purposes, or as otherwise in the public interest or required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Marketing Communications
We use Personal Data as necessary to provide marketing communications, and consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for such communications or register for our Platform. We may also process Device/Network Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates.

Other Processing of Personal Data
If we process Personal Data in connection with our Service in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to users’ Rights and choices) unless otherwise stated when you provide it.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:

Clients
We process Personal Data on behalf of Clients and may share with Clients information in connection with our Reporting Services and any Clinical Reporting.

Service Providers
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests or other business purposes, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host portions of our Service or may disclose information as part of our own internal operations, such as security operations, internal analytics, product development, etc.

Affiliates
In order to streamline certain business operations and develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Marketers
In order to deliver certain advertisements, and develop better products and services, we may share with trusted third parties for marketing, advertising, or similar commercial purposes the Personal Data described in the Cookies and Similar Technology section, and any information that we may use for Marketing Communications.

Successors
Any Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures
In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime (including in connection with law enforcement or national security investigations), to investigate violations of our Terms of Use, or when in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Other Disclosures
We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, for public health and other matters in the public interest. In addition, we may disclose Personal Data to medical providers or healthcare organizations, either with your consent, or where allowed by applicable law.

Your Rights & Choices

Your Rights

Subject to the rights granted to other individuals, and our rights to limit or deny access/disclosure under applicable law, you may have some or all of the rights listed below. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. You may have additional rights under local law. Additional rights and disclosures for residents of the UK/EEA/Switzerland and California, as well as parents’ rights, are described below.

Access
You may receive a list of your Personal Data that we process to the extent required and permitted by law.

Rectification
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Services via your account settings menu.
Erasure: To the extent required by applicable law, you may request that we delete your Personal Data from our systems.

Data Export
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

Regulator Contact
You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

Note: As described above, we generally do not share Personal Data with Clients (except as part of Clinical Reporting. Accordingly, we are unable to directly fulfill rights requests regarding Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client to the extent necessary in the fulfillment of your request. You may exercise your rights by contacting us at the address set forth below in the Contact Us section.

Your Choices
You have the following choices regarding the Personal Data we process:

Consent
If you consent to processing, you may withdraw your consent at any time, to the extent required by law. You may opt out of HRV data by disabling Total Brain’s camera access via the OS settings menu. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of the service.

Direct Marketing
You have the choice to opt-out of or withdraw your consent to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Cookies & Similar Tech
If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out. To learn more about how to opt out of Google’s use of cookies for advertising or retargeting, visit Google’s Ads Settings, here. Please note, at this time, our Services do not respond to your browser’s do-not-track request.

Automated Processing
To the extent we process Mental Health Data, Physical Data, Biometric Data, Brain Performance or other Personal Data relating to health conditions by automated means, you may opt-out of, or revoke your consent, to this processing or elect to have an individual review any of the results of processing.

Research and Public Health
You may request that Total Brain not use Personal Data gathered through your use of the Services for these purposes and Total Brain will promptly comply with any such request.

Other Processing
You may have the right under applicable law to object to our processing of your Personal Data for certain purposes, including without limitation, situations where we process in accordance with our legitimate interests. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.

COPPA compliance and the rights of parents

Our Service is generally not directed at children under the age of 18. In limited cases, however, we may collect Personal Information subject to the Children Online Privacy Protection Act (“COPPA”). We do not knowingly collect information from children under the age of 13 without first obtaining verifiable parental consent.

Where COPPA applies to your child’s Personal Information, we will not collect more Personal Information than reasonably necessary to participate in any given activity. Parents and guardians may also access and delete the Personal Information we hold about their child, and may revoke their consent, or refuse to permit future collection of Personal Information from their children, at any time. Further, if we allow sharing of their child’s Personal Information (e.g. to a clinical Client), parents or guardians may elect to disallow sharing while allowing our collection and use of their child’s information, provided that the availability or certain features of the Service may be affected if sharing is a requirement in your agreement with the Client. Note that our Service does not allow Users to make information publicly available. Please contact us at the address below to exercise any of the rights granted to you as a parent or guardian under COPPA.

Security

Across all of our Services, we implement and maintain reasonable security measures to safeguard the Personal Data you provide us. Additionally, we protect data collected through the Platform by implementing TLS to encrypt data in transit, and we store that data on encrypted servers in data centers required to adhere to strict security standards. While we strive to keep our Services secure, we cannot warrant perfect security and so we do not provide any guarantees that your Personal Data or any other information you provide us will remain secure. Note, we sometimes share Personal Data with third parties as noted above, and though we may require them to meet certain security requirements, we do not have control over third parties’ security processes.

Data Retention

We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.

International Transfers

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the Standard Contractual Clauses (e.g. eligibility data from Clients), or other adequacy mechanisms, or pursuant to exemptions provided under EU law (e.g. if you consent when you register). Contact us for additional information regarding the mechanisms to ensure adequate protection of data subject to EU Law.

Your California Privacy Rights

Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request (see below for verification requirements):

Submission of Requests
You may submit requests, as follows (see below for summary of required verification information):

Verification of Requests
All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

Data Processing
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data; Contact Data; Device/Network Data; Location Data; Financial Data; User Content; Inference Data; Brain Performance Data; Physical Data; Mental Health Data.

No Data Sale
For the purposes of the CCPA, we do not “sell” your Personal Data.

Right to Know

Legal bases for processing
The legal bases for our processing of your Personal Data are described in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at privacy@totalbrain.com.

Rights of UK/EEA/Swiss Users

In addition to the rights set forth above, EU users have the following additional rights

Right to Object
Where we process Personal Data on the basis of our legitimate interests, you can object to that processing to extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise, or defense of a legal claim. 

Right to Restrict
You may have the right to restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.