Back to Home
Privacy Policy for NeuroRadX
Effective Date: July 1, 2025

Your privacy is our priority. This Privacy Policy explains in detail what personal data we collect, why we collect it, and how we use it when you use NeuroRadX, in full compliance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The entity responsible for the processing of your personal data is:

Andres Pinta
Strasse 1
74078 Heilbronn
Germany
Email: support@neuroradx.de

2. Data We Process, Purposes, and Legal Basis

We have structured the data we process into clear categories for your understanding.

2.1. Account and Subscription Information

This is the basic information required to create and manage your account.

  • Data Collected: First Name, Last Name, Full Name, Email Address, a unique Firebase user ID (uid), account status (e.g., 'approved'), your role (e.g., 'user'), your subscriptionLevel (e.g., 'Premium'), and the account createdAt date.
  • Purpose: To create and secure your account, authenticate you, manage your subscription, and communicate with you about the Service.
  • Legal Basis: Art. 6(1)(b) GDPR – processing is necessary for the performance of the contract (our Terms of Use) between you and us.

2.2. Optional Profile Information

This information is entirely voluntary and you can use the app without providing it.

  • Data Collected: country, institution, avatarUrl, userDeclaredSpecialization, and profession.
  • Purpose: To allow you to personalize your user profile. We may also use this data in a completely anonymized and aggregated form for statistical analysis to better understand our user base.
  • Legal Basis: Art. 6(1)(a) GDPR – your explicit consent, which you provide by voluntarily entering this information. You can withdraw this consent at any time by removing the information from your profile.

2.3. Activity and Progress Data

This data is generated as you use the app and is essential for the app's core learning functionality.

  • Data Collected:
    • quiz_sessions: A history of your study sessions, including exam settings, scores, and which questions you answered correctly or incorrectly.
    • userQuestions: A record of every question you interact with, tracking how many times you've seen it, answered it correctly/incorrectly, or "mastered" it.
    • bookmarkedQuestions: A list of questions you've saved for future review.
    • questionNotes: Your personal annotations on specific questions.
    • seenFacts: A record of which "Did you know..." facts you've seen to avoid repetition.
  • Purpose: This data is the engine behind your personalized learning experience. We process it to track your progress, identify your strengths and weaknesses, provide tailored recommendations, and enable you to review your activity. This is the central feature of the NeuroRadX service.
  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest). Our legitimate interest is to provide the core, adaptive, and personalized educational features that are the central promise of the Service. This processing is inseparable from the service you signed up for.

2.4. Technical Data

  • Data Collected: IP address, device type, and operating system.
  • Purpose: To ensure the technical functionality, stability, and security of our Service.
  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest).

3. Data Recipients

We do not sell your personal data. We may share data with third-party service providers who help us operate our Service, such as cloud hosting providers (e.g., Google Firebase). These providers are contractually bound to process data only on our behalf.

4. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion, your personal data will be erased in accordance with our data deletion processes, unless we are legally required to retain it for a longer period (e.g., under German commercial or tax law).

5. Your Rights as a Data Subject

You have comprehensive rights under the GDPR:

  • Right of Access (Art. 15): To request a copy of your data.
  • Right to Rectification (Art. 16): To correct inaccurate data.
  • Right to Erasure (Art. 17): To have your data deleted.
  • Right to Restriction of Processing (Art. 18): To limit how we use your data.
  • Right to Data Portability (Art. 20): To receive your data in a portable format.
  • Right to Object (Art. 21): You have the right to object to our processing of your data based on legitimate interests (as described in sections 2.3 and 2.4). If you object, we will no longer process your data for these purposes unless we can demonstrate compelling legitimate grounds which override your interests.
  • Right to Lodge a Complaint (Art. 77): To complain to a supervisory authority.

To exercise these rights, please contact us at the address listed in Section 1 or via email.