top of page
Original on transparent.png

GDPR Legal Policy

a) Flow map, providing details on data flows and payment flow:

  • The payments will be handled via Stripe. 

  • The user will sign up through the app and will have the option to pay for the diagnostic journey, e.g. Adult ADHD. 

  • Once selected, they are required to pay upfront, e.g. £1,000 for the whole assessment. 

  • They can pay with a credit or debit card, but the full amount must be paid upfront. 

  • Once payment is completed, funds will be processed via Stripe and transferred to the NeuroCheck Pro business account.

(b) Confirmation of the cloud service that will be used by the App, as this will give us insight on where the data will be stored:

  • The cloud infrastructure will be hosted on AWS using EU-West regions.

  • For information synthesis, we will be using Google Gemini or Anthropic Claude with EU data residency guarantees where available. 

(c) Outline the main security measures taken, e.g. 2FA and encryption:

  • Data will be encrypted in transit and at rest in the app and backend systems.

  • Developers will not have access to personal data. They will only see metadata around user submission completeness.

  • Clinicians will have access to the raw data as part of their assessment process. 

  • Data may be passed to AI services for summarisation.

(d) Details of user onboarding process and verifiable parental consent:

  • The app will be launched with diagnostic pathways for adults and children covering ADHD, Autism, and combined Autism and ADHD (AuDHD).

  • Users must be over 18 to sign up. There is no sign-up option for under 18s. The expected usage pattern is that a parent or carer would sign up and add their children to the app before initiating a diagnosis journey. 

(e) Details of the procedure for the change and deletion of user data:

  • During the course of the assessment, users have the option to save, update and amend their responses. Once they are satisfied with their inputs, they will have the option to submit the information.

  • Once the inputs are submitted, the responses are locked and will be passed to a clinician for review. 

  • Once the information is reviewed and the clinician has a video consultation with the user to explain the diagnosis, a full report will be available through the app. 

  • This report can be exported by the user if required. 

  • We will retain records according to legal requirements and provide options for deletion if the user chooses. 

(f) Details of where personal data may be sent to, e.g. Bangladesh:

  • No data will be sent to Bangladesh as all cloud services and data are hosted in the EU region.

bottom of page