Last updated: February 9, 2026 

Your privacy is of great importance to Oy Neurosonic Finland Ltd. (Later "Neurosonic"). We have created this Privacy notice to provide you with information on how we process your personal data when you use the Neurosonic website, the Neurosonic application and Neurosonic devices. 

Personal Data Processed by Neurosonic 

When you communicate with Neurosonic: 

When you are in business with our customer support via email, telephone, online or in person, we collect personal data, such as your name, mailing address, phone number, email address and contact information; and information about the Neurosonic products you may own, such as their model and date of purchase. To get better in serving you, subject to applicable laws, we may also record and review conversations with our customer support, and analyze any feedback provided to us through voluntary customer surveys. 

When you create or sign in to an account: we process account information such as your name, email address, user ID and authentication tokens/identifiers provided by your sign-in method (e.g., Apple or Google), in order to authenticate you, maintain your account and provide the Service. 

PURPOSE AND LAWFUL BASIS: 

We use this information to provide you with customer and product support and to monitor the quality and types of customer and product support we provide to our customers. The legal ground for processing this information for these purposes is Neurosonic’slegitimate interests in providing quality product support. 

When making a purchase from Neurosonic: 

When you make a purchase from Neurosonic website or directly from one of our representatives, we collect your name, address and phone number. We do not see or store your credit card information. For payments we use a third party service provider, Checkout Finland and Finago Oy's Procountor. We recommend you to check out both Checkout Finland's privacy policy and Procountor's privacy policy. 

PURPOSE AND LAWFUL BASIS: 

We collect your name, address and phone number, to be able to fulfill your order and to make it possible for you to finalize your order. Lawful basis for using these information in these cases is a contract. We also process your personal information when detecting fraud behaviour. Lawful basis for your personal information usage in this case is that it is of Neurosonics best interest to cover Neurosonic and our customers from fraud behaviour or from someone trying such. 

When using a Neurosonic device: 

When you use a Neurosonic device with the Neurosonic application, we process analytics data as described below. In addition, if you enable the optional “Insights” feature and connect a supported provider (e.g., Apple HealthKit, Android Health Connect and/or Oura), we also process the health and wellness data you authorize us to access in order to provide Insights and to develop and improve the Service, as described in the section “Insights (Health Data)”. 

Different types of Recipients of Personal Data 

Other service providers: 

Marketing email service 

Neurosonic uses cloud services from Klaviyo to assist in sending emails. This service tracks the activities associated with emails, such as whether they were opened, whether links in the emails were clicked on, and whether purchases were made following clicks on those links. Neurosonic uses this data to analyze the level of engagement with its emails. We suggest you to familiarize yourself with Klaviyo's legal terms and policies. 

Webshop platform 

We also use cloud service from third party to run our webshop. This service provider is called Shopify. From here you can find Shopify's privacy policy. 

Payment providers 

For payments we use a third party service provider, Checkout Finland and Finago Oy's Procountor. We recommend you to check out both Checkout Finland's privacy policy and Procountor's privacy policy. 

Other disclosures: 

We may disclose personal data about you to others: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation; (c) to enforce any of our terms and conditions or policies; or (d) as necessary to pursue available legal remedies or defend legal claims. 

We may also transfer your personal data to an affiliate, a subsidiary or a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Neurosonic’s business, assets or stock, including, without limitation, in connection with any bankruptcy or similar proceeding, provided that any such entity that we transfer personal data to will not be permitted to process your personal data other than as described in this Privacy Notice without providing you notice and, if required by applicable laws, obtaining your consent. 

From where do we receive information? 

We receive data primarily from the following sources: from the data subject himself, from the population register, from the authorities, from credit information agencies, from contact information service providers and from other similar reliable sources. Additionally, in the event you choose to enable “Insights” feature that may be available to you, we will import certain health and wellness data to our Service based on your selections. For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means. 

To whom do we disclose data and do we transfer data outside of EU or EEA? 

We do not disclose data from the register to external parties. We use subcontractors listed in this privacy notice that process personal data on behalf of and for us. We do not transfer the data outside of EU or EEA. 

Cookies and Similar Technologies 

Website: 

To help analyze how you navigate the Neurosonic website, we, with assistance from third-party analytics service providers, collect certain information when you visit our site. This information includes IP address, geographic location of the device, browser type, browser language, date and time of your request, time(s) of your visit(s), page views and page elements (e.g., links) that you click. We may use cookies, pixel tags, web beacons, clear GIFs or other similar tools on our site or in our email messages to assist us in collecting and analysing such information. We use this information to provide better, more relevant content on our site, to identify and fix problems, and to improve your overall experience on our site. 

If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them. 

If you reside in the European Union or other jurisdiction that requires us to obtain your consent to use cookies on our sites, then you will have an opportunity to manage your cookie preferences on the sites; except that certain cookies are required to enable core site functionality, and you cannot choose to disable those cookies. 

Neurosonic application: 

We also collect data from users about their usage of Neurosonic application. The types of analytical information that are collected include the date and time the app accesses our servers, app version, the location of the device, language setting, what information and files have been downloaded to the app, user behavior (e.g., features used, frequency of use), device state information, device model, hardware and operating system information, and information relating to how the app functions. Neurosonic uses this data to improve the quality and functionality of the Neurosonic application; to develop and market products and features that best serve you and other users; and to help identify and fix app stability issues and other usability problems as quickly as possible. 

The lawful basis for processing this analytical information is our legitimate interest in understanding how our customers interact with our products, apps and websites so we can enhance the user experience and functionality of our products, apps and websites. 

Here are examples of third-party providers of analytics and similar services we currently use: 

Analytics Services: 

• Google: Google Analytics is used to track our site and user demographics, and behaviour on websites. Find out how this analytics information may be used, how to control use of your information, and how to opt-out from Google Analytics.  

Insights (Health Data) 

What we collect If you enable Insights, we may collect and process health and wellness data from the provider(s) you connect (such as Apple HealthKit, Android Health Connect and/or Oura). The exact data types depend on what you choose to share in the provider permission screen. This may include, for example: sleep metrics, heart rate, resting heart rate, heart rate variability, blood oxygen saturation, respiratory rate, body measurements, readiness/stress indicators and other related health signals. 

Special categories of data Some health data may be considered sensitive (special category) data under applicable law. We process this data only when you choose to enable Insights and provide your explicit consent through the app and the provider permission flow. 

How we use it We use Insights health data to: 

• provide the Insights functionality (generate your stats and trends inside the app); 
• synchronize your Insights across devices and maintain your account; 
• secure, troubleshoot, and improve the Service; and 
• develop and improve algorithms and features (we use aggregated and/or de-identified data where reasonably possible). 

Sync frequency and storage When enabled, Insights data may be synchronized in the background (typically no more than once per day) and stored on Neurosonic servers for processing and display in the app. 

Your choices (disconnect & delete) You can disconnect a provider and disable Insights at any time in the app settings. You may also request deletion of the Insights data we have collected. We will delete it without undue delay; some residual copies may remain in backups for a limited period. 

No advertising / no sale We do not use health data for targeted advertising and we do not sell your health data. 

Sharing We may use service providers (sub-processors) to host and process Insights data on our behalf, under contractual confidentiality and security obligations. We do not share Insights health data with third parties for their own marketing purposes. 

Children 

Our Service is not directed or suitable for children under the age of 18. We do not knowingly collect any Personal Data from children under 18. If you are aware of a user under the age of 18 using the Service, please contact us immediately. We reserve the right to deleteany account if we suspect the account holder is a child under the age of 18. 

Changes in the Privacy Notice 

Should we make amendments to this privacy notice we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit out webpage and notice possible amendments to this privacy notice. review these privacy protection principles from time to time to ensure you are aware of any amendments made. 

How do we protect the data and how long do we store them? 

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons. 

We store the personal data for as long as is necessary considering the purpose of the processing, provided however that we delete the personal data at latest within one year from the termination of customer relationship. 

We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay. 

Data Controller 

Oy Neurosonic Finland Ltd, Rantakatu 3., FI-90100 Oulu, Finland privacy@neurosonic.fi 

Who can you be in contact with? All contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned above. 

What are your rights as a data subject? 

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent. As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data. For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our customer relationship with you. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds. As a data subject you have the right to object to processing at any time free of charge, including profiling in so far as it relates to direct marketing. 

In case of any privacy related questions : privacy@neurosonic.fi 

Marketing data register and privacy statement 

Oy Neurosonic Finland Ltd, 
Rantakatu 3, 90100 Oulu 
+358 10 201 1610 
info@neurosonic.fi 
 
Name of the data controller 
Oy Neurosonic Finland Ltd 
Business ID: 2370999-5 
Address: Rantakatu 3, 90100 Oulu 
 
Contacts regarding matters concerning the register 
+358 45 844 8863 
info@neurosonic.fi 
 
Register name 
Oy Neurosonic Finland Ltd's marketing register 
 
Purpose of processing personal data 
The person's contact information in the register is used for the purpose of promoting the sales of Oy Neurosonic Finland Ltd. The information is also used for marketing measures and other information. 
 
Data content of the register 
The data content of the register consists of the following information. Depending on the purpose of use, some of the information is mandatory to provide so that the matter can be processed in a manner that is appropriate. 
• Person's name 
• Person's contact information (phone number, email address) 
• Additional information (additional information left by the person, such as a free-form message or feedback) 
• Other identifying information (including the person's public IP address) 
• Tracking data (tracking data for electronic marketing activities) 
• Cookie information (read more __in our cookie policy__ ) 
 
Regular data sources 
Information provided with the person's own consent, either on forms in the online service or at sales and presentation events, as well as material automatically collected by the online service to support the analysis and development of the online service. 
 
Data processing, disclosure and retention period 
The data is processed within EU or EEA, except otherwise stated in the other documents. The data is not disclosed for use by anyone other than Oy Neurosonic Finland Ltd. The data is retained as long as the customer relationship can be considered valid and for a reasonable period after the customer relationship has ended. 
 
Principles of register protection 
The data in the register is located in protected environments in accordance with the Electronic Communications Data Protection Act. 
 
Right of inspection and correction 
Every person who has submitted their information to the register has the right to inspect their own information stored in the register and to demand its correction. A correction request is made by email to the contact person's email address. By default, the request is targeted to the personal data attached to the email address of the person sending the request, unless the person sending the request is identified in some other way. 
 
Other rights related to the processing of personal data 
The person has the right to prohibit the controller from processing data concerning him or her for the purposes of direct advertising, distance selling, other direct marketing or market and opinion research. If the person wishes to prohibit such activities, he or she can do so by contacting the controller by email.