New look, same mission - We've refreshed our look to better reflect what we do.

Book a demo
Legal

Privacy Policy

Last updated: June 9, 2026

Last Updated: June 9, 2026

This Privacy Policy (“Policy”) describes how Neuroworx Ltd (“We,” “Us,” or “Neuroworx”), a company registered in England and Wales under company number 14612373, with its registered office at 22 Charterhouse Square, London, England, EC1M 6DX, collects, uses, stores, and discloses personal data in connection with our website at www.neuroworx.io (the “Site”), our Software-as-a-Service (SaaS) platform, assessments, tools, and related services (collectively, the “Service”). We are committed to protecting your privacy and handling personal data in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By accessing or using the Service, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use the Service. This Policy may be updated from time to time; we will notify you of material changes via the Site or email. Your continued use of the Service after such updates constitutes acceptance of the revised Policy.

1. Data Controller and Processor Roles

Neuroworx acts as a data controller for personal data collected directly from users of the Site and Service (e.g., employers registering accounts). When processing personal data on behalf of employers (e.g., candidate assessment data), we act as a data processor. Employers using the Service are responsible for ensuring they have a lawful basis for processing candidate data and obtaining necessary consents.

For any questions about how we handle personal data, contact our data protection contact at support@neuroworx.io.

2. Types of Data We Collect

We collect the following categories of personal data:

  • Account and Contact Information: Name, email address, company name, job title, billing details, and other information provided during registration or use of the Service.
  • Usage Data: Information about how you interact with the Service, including IP address, browser type, device identifiers, pages visited, and timestamps.
  • Content Data: Job descriptions, company values, assessment responses, and other materials uploaded or generated via the Service.
  • Candidate Data: When employers use the Service to assess candidates, we process data such as names, contact details, responses to assessments, skills evaluations, personality traits, and performance metrics. This may include sensitive personal data (e.g., ethnic origin or health information) if relevant to assessments and with appropriate safeguards.
  • Payment Data: Credit card details or other financial information, processed securely via third-party payment gateways (we do not store full payment card details).
  • Cookies and Tracking Data: Data collected via cookies, web beacons, and similar technologies to analyze usage and improve the Service (see Section 10 for details).
  • Marketing Data: Preferences for receiving communications, if you opt in to newsletters or promotions.

We do not knowingly collect personal data from individuals under 18 years of age.

3. How We Collect Data

  • Directly from You: When you register, upload content, complete forms, or communicate with us.
  • Automatically: Through cookies, server logs, and analytics tools when you use the Site or Service.
  • From Third Parties: From employers (for candidate data), payment processors, or analytics providers.
  • From Candidates: Via assessments sent by employers.

We process personal data for the following purposes, based on the legal bases under UK GDPR:

  • Providing the Service: To create accounts, generate assessments, process results, and facilitate hiring (legal basis: performance of a contract).
  • Improving the Service: Analyzing usage to enhance features, develop benchmarks, and train AI models using anonymized data (legal basis: legitimate interests).
  • Compliance and Security: Detecting fraud, ensuring data integrity, and complying with legal obligations (legal basis: legal obligation and legitimate interests).
  • Marketing and Communications: Sending updates, newsletters, or promotional materials if you opt in (legal basis: consent).
  • Payments: Processing transactions (legal basis: performance of a contract).
  • Research and Analytics: Aggregating anonymized data for internal research (legal basis: legitimate interests).

For sensitive personal data, we rely on explicit consent or other applicable legal bases, ensuring processing is necessary and proportionate.

5. Sharing of Personal Data

We may share personal data with:

  • Service Providers: Third-party vendors for hosting, analytics (e.g., Google Analytics), payment processing (e.g., Stripe), and support services, each bound by a written data processing agreement. We maintain a current list of our sub-processors and will provide it on request, and we notify business customers of material changes to the sub-processors handling their data.
  • Affiliates: Within our corporate group for operational purposes.
  • Legal Requirements: To comply with laws, respond to authorities, or protect rights (e.g., in litigation).
  • Business Transfers: In connection with mergers, acquisitions, or asset sales, with notice to affected individuals.
  • Employers and Candidates: Assessment results shared with employers; candidates may receive feedback if configured.

We do not sell personal data. Where we transfer personal data outside the UK, we rely on UK adequacy regulations where they apply, and otherwise on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, supported by a transfer risk assessment.

6. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, firewalls, and regular security audits. However, no system is entirely secure; we cannot guarantee absolute protection against breaches. In the event of a breach, we will notify affected individuals and authorities as required by law.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined above:

  • Account data: For the duration of your subscription plus 7 years for legal compliance.
  • Candidate data: As directed by employers, typically up to 2 years post-assessment or until deletion request.
  • Usage data: Up to 3 years for analytics.
  • Anonymized data: Indefinitely for research.

Data is securely deleted or anonymized when no longer needed.

8. Your Rights

Under UK GDPR, you have rights regarding your personal data:

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion (subject to legal exceptions).
  • Restriction: Limit processing in certain cases.
  • Objection: Object to processing based on legitimate interests or for marketing.
  • Portability: Receive data in a structured format.
  • Withdraw Consent: Where processing relies on consent.

To exercise these rights, contact support@neuroworx.io. We respond within one month, extendable if complex. You may complain to the UK Information Commissioner’s Office (ICO) if unsatisfied.

Candidates: Rights requests should be directed to the employer (data controller); we assist as processor.

9. Automated Decision-Making and Profiling

Our assessments use algorithmic and AI-assisted scoring to evaluate responses and produce capability profiles. This constitutes profiling under UK GDPR. We do not use this scoring to take solely automated decisions that produce legal effects, or similarly significant effects, on candidates. The hiring decision is always made by the employer, with a person reviewing assessment outputs as decision support rather than as an automatic accept or reject.

Where an employer configures solely automated decisions, it does so as the data controller and is responsible for meeting the requirements of Article 22 UK GDPR, including informing candidates and providing a route to human intervention. We design our scoring to be job relevant, we monitor outcomes for adverse impact, and candidates may ask for a result to be reviewed or explained. To query how you were assessed, contact the employer that invited you, or contact us at support@neuroworx.io and we will assist in our capacity as processor.

10. Cookies and Tracking Technologies

We use cookies for essential functions, analytics, and marketing. Categories include:

  • Essential Cookies: For site functionality (no consent required).
  • Analytics Cookies: To track usage (e.g., Google Analytics).
  • Marketing Cookies: For targeted ads.

Manage preferences via our cookie banner.

11. Children’s Privacy

The Service is not intended for children under 18. If we learn we have collected such data, we will delete it promptly.

12. Changes to This Policy

We may update this Policy; changes are effective upon posting. We encourage periodic review.

13. Contact Us

For questions or concerns, email support@neuroworx.io.

Nat
Natalie Typically replies in a few mins