Privacy Policy

Last Updated: March 23, 2026

Effective Date: September 10, 2018

1. Introduction

NeuralFrame, Inc. (“us”, “we”, or “our”) operates the https://www.neuralframe.com website and the KACI® Platform (collectively, the “Service”).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use, accessible from https://www.neuralframe.com/terms-of-use/.

2. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Cookies and Usage Data

Protected Health Information (PHI)

For clinical users and partners, we process data in accordance with our Business Associate Agreements (BAAs) and HIPAA regulations. This includes medical records and health-related data provided through our platform.

Usage Data

We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

  • Session Cookies: We use Session Cookies to operate our Service.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes.
  • Opt-Out: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you do not accept cookies, you may not be able to use some portions of our Service.

3. Use of Data

NeuralFrame, Inc. uses the collected data for various purposes:

  • To provide and maintain the Service (including the KACI Platform).
  • To notify you about changes to our Service.
  • To allow you to participate in interactive features of our Service when you choose to do so.
  • To provide customer care and support.
  • To provide analysis or valuable information so that we can improve the Service.
  • To monitor the usage of the Service.
  • To detect, prevent and address technical and security issues.

4. Data Retention

NeuralFrame retains Personal Data and PHI only for as long as is necessary for the purposes set out in this Privacy Policy.

  • Personal Data: We retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.
  • Usage Data: Generally retained for a period of 12 months, except when this data is used to strengthen security or improve functionality.
  • PHI: Retained in accordance with the specific terms of our Business Associate Agreements (BAAs) and state-specific medical record retention laws, typically ranging from 6 to 10 years.

5. Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction. If you are located in the European Economic Area (EEA) or the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Adequacy Decisions: We transfer your personal data to countries that have been deemed to provide an adequate level of protection.
  • Standard Contractual Clauses (SCCs): Where we use certain service providers, we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

6. Disclosure of Data

Service Providers & Third-Party Risk

We employ third party companies and individuals to facilitate our Service (“Service Providers”). We conduct thorough security and privacy assessments of all sub-processors prior to engagement and monitor their compliance through annual reviews. These third parties have access to your Personal Data only to perform these tasks on our behalf and are contractually obligated to maintain safeguards that meet or exceed SOC 2 and HIPAA requirements.

Analytics

We use Google Analytics to monitor and analyze the use of our Service. Google uses the data collected to track and monitor the use of our Service. You can opt-out by installing the Google Analytics opt-out browser add-on.

Legal Requirements

NeuralFrame, Inc. may disclose your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation, protect the rights of NeuralFrame, or protect personal safety.

7. Security of Data (SOC 2 & HIPAA Compliance)

In alignment with our SOC 2 Type 2 audit, we implement:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Access Control: Multi-factor authentication (MFA) and “least privilege” access models.
  • Monitoring: Regular vulnerability assessments and 24/7 security monitoring.
  • Breach Notification: In the event of a discovery of a data breach involving PHI or sensitive Personal Data, we will notify affected individuals and regulatory bodies without unreasonable delay and in no case later than 60 days following the discovery, as required by HIPAA and applicable state laws.

8. Your Rights & California Privacy Rights

You have the right to request access to, correction of, or deletion of your personal and medical records.

How to Exercise Your Rights

To submit a request, please email info@neuralframe.com. We will verify your identity by matching the email address of your request with our internal records or requesting additional proof of identity. We respond to all verified requests within 30 days.

California Residents (CCPA/CPRA)

  • Do Not Sell or Share: NeuralFrame does not sell or share your personal information with third parties for their direct marketing purposes or for cross-context behavioral advertising.
  • Right to Limit Use: You have the right to limit the use of your sensitive personal information to that which is necessary to perform our services.
  • Minors: Users who are minors may request deletion of certain posted content under California Business and Professions Code Section 22581.

9. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “effective date” at the top of this policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact our Privacy Office:

NeuralFrame, Inc.

Attn: Privacy Officer

777 West Putnam Ave, Suite 300

Greenwich, CT 06830

Email: info@neuralframe.com

Phone: 855.494.5900

This website uses cookies to improve your experience. If you continue to use this site, you agree with it. Privacy Policy