Privacy Policy NeuroViveXR

Last updated: 26/08/2025

Reneural Technologies Limited (“Reneural”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use the NeuroViveXR system (including our VR software, tablet application, and web platform).

1. Who We Are

Reneural Technologies Limited is the data controller responsible for your personal information.

  • Company number: 11988556
  • Registered office: 14 King Street, International House, Leeds, England, LS1 2HL
  • Data Protection Lead: privacy@reneural.tech

2. What Data We Collect

When you use NeuroViveXR, we may collect and process the following categories of data:

  1. Personal Identifiers
    1. Examples: name, email address, NHS number, patient reference number.
    2. Purpose: to create and manage user accounts and ensure therapy is linked to the correct person.
  2. Health and Rehabilitation Data
    1. Examples: prescribed therapy programme, session duration, scores, outcomes, clinician notes.
    2. Purpose: to deliver rehabilitation exercises, track progress, and provide clinicians with insights.
  3. Technical and Device Data
    1. Examples: IP address, device identifiers, headset/tablet model, operating system, crash or error logs, usage analytics.
    2. Purpose: to ensure platform security, monitor system performance, and improve functionality.
  4. Communications Data
    1. Examples: feedback submitted through the system, customer support messages.
    2. Purpose: to provide technical and customer support and improve our services.
  5. Clinician and Organisation Data
    1. Examples: clinician name, email, professional role, organisation details.
    2. Purpose: to enable clinical oversight, allow therapy prescription, and manage system access within healthcare providers.

3. How We Use Your Data (Purpose and Lawful Basis)

We process your data for the following purposes, in line with the UK GDPR and Data Protection Act 2018:

  • To deliver therapy services.
  • To personalise therapy sessions and track progress.
  • To share progress with clinicians for your rehabilitation plan.
  • To ensure system functionality and security.
  • To comply with regulatory or legal requirements.
  • To improve and develop our products (using anonymised or aggregated data).

Lawful basis:

  • For personal identifiers, health and rehabilitation data → provision of healthcare (Article 9(2)(h) GDPR).
  • For optional feedback, communications, or research → consent.

4. How We Share Your Data

We may share your data with:

  • Healthcare professionals within your care team.
  • Your healthcare organisation (e.g. NHS Trust or private clinic).
  • Service providers (e.g. Microsoft Azure, hosting our UK servers).
  • Regulators or authorities where legally required.
  • In pilot studies or research collaborations, anonymised and aggregated data may be shared under Data Sharing Agreements.

We do not sell your personal data to third parties.

5. International Data Transfers

At present, all data is hosted within the UK using Microsoft Azure.

If we transfer data outside the UK/EEA in future (for example, to the United States), we will ensure that appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses or equivalent protections.

6. Data Retention

We follow NHS clinical record retention standards where data is collected as part of NHS-funded or NHS-managed care. For private care, we apply equivalent retention periods unless a different period is required by law or agreed with the provider. Technical data and support records are retained for shorter periods, usually between 12 and 24 months.” Personal identifiers and health data: retained in line with NHS clinical record retention policies.

7. Your Rights

Under UK GDPR, you have rights over your personal data, including:

  • Access – to request a copy of your data.
  • Rectification – to correct inaccurate data.
  • Erasure – to request deletion, subject to legal/clinical requirements.
  • Restriction – to limit processing in certain circumstances.
  • Portability – to request transfer of your data to another provider.
  • Objection – to processing where lawful basis is legitimate interest.

You can make a request by emailing: privacy@reneural.tech

8. Security of Your Data

We implement technical and organisational measures to protect your information, including:

  • Encryption of data in transit and at rest.
  • Access controls with role-based permissions.
  • Secure UK-based cloud hosting (Microsoft Azure).
  • Authentication: Role-based access control (RBAC) is enforced; Multi-Factor Authentication (MFA) is enabled for clinicians and administrators.
  • Data Minimisation: Personal data is minimised where possible and pseudonymised for internal development purposes.
  • Audit Logging: All user and admin activities are logged and periodically reviewed.
  • Quality and safety processes aligned with ISO 13485:2016 and UKCA Class I medical device requirements.

9. Breach Notification and Response

Any actual or suspected data breach will be escalated within 24 hours to the Data Protection Officer (DPO), with notification to stakeholders within 72 hours in compliance with GDPR Article 33.

10. Children and Vulnerable Users

NeuroViveXR is designed for adults undergoing stroke rehabilitation. It should only be used with the oversight of a qualified clinician.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be notified within the app, on our website, or by email.

12. Contact Us

You can contact our Data Protection Lead at: privacy@reneural.tech

Postal address: Reneural Technologies Limited, Incubation Centre, Enterprise Hub, De Havilland Campus, Hatfield, Hertfordshire, AL10 9EU

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. Further details are available at www.ico.org.uk.

Scroll to Top