Back to Home

Privacy Policy

Effective Date: April 6, 2026

1. Introduction and Scope

The Resilience Project ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency regarding how we collect, process, and protect your personal data. This Privacy Policy describes our data practices for the Resilience Project platform ("Platform") and related services.

This Privacy Policy applies to all users of the Platform, including healthcare professionals, researchers, clinical institutions, and authorized personnel. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), HIPAA, and other applicable data protection laws.

2. Data We Collect

2.1 Account and Authentication Data

  • Name, email address, and professional credentials
  • Organization affiliation and role
  • Authentication credentials and session tokens
  • Account preferences and settings

2.2 Clinical and Research Data

  • Patient biomarkers, clinical assessments, and medical history (de-identified)
  • Neurochemical measurements and diagnostic data
  • Intervention outcomes and treatment responses
  • Research datasets and analytical inputs

2.3 Platform Usage Data

  • Access logs and timestamps
  • Analysis requests and service utilization patterns
  • Device information and IP addresses
  • Browser type, operating system, and technical specifications

2.4 Analytics and Performance Data

  • Aggregated usage statistics and service performance metrics
  • Error logs and system diagnostics
  • Feature adoption and user engagement patterns

3. Legal Basis for Data Processing

We process personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide Platform services and fulfill our contractual obligations
  • Legal Compliance: Processing required by HIPAA, FDA regulations, and other applicable laws
  • Legitimate Interests: Processing for service improvement, security, fraud prevention, and platform optimization
  • Explicit Consent: Processing based on your affirmative consent for specific purposes (e.g., marketing communications)

For EU users, we rely on legitimate interests and contractual necessity as our primary legal bases. We do not process sensitive health data without explicit legal authorization or your informed consent.

4. How We Use Your Data

We use collected data for the following purposes:

  • Providing and improving Platform services and functionality
  • Conducting clinical analysis and generating predictive models
  • Authenticating users and maintaining account security
  • Monitoring Platform performance and detecting technical issues
  • Preventing fraud, abuse, and unauthorized access
  • Complying with legal obligations and regulatory requirements
  • Conducting de-identified research on Platform efficacy and model validation
  • Communicating service updates, security alerts, and important notices
  • Responding to user inquiries and providing customer support

We do not use your data for marketing purposes without your explicit opt-in consent. You may withdraw consent at any time by contacting us through our contact form.

5. Data Sharing and Third Parties

5.1 When We Share Data

We do not sell, rent, or lease your personal data to third parties. We may share data only in the following circumstances:

  • Service Providers: With vendors who process data on our behalf under strict data processing agreements (e.g., cloud hosting, analytics)
  • Legal Requirements: When required by law, court order, or government request
  • Safety and Security: To prevent fraud, enforce our terms, or protect the rights and safety of users and the public
  • Research Collaboration: De-identified data may be shared with research partners for validation and improvement purposes

5.2 Third-Party Services

The Platform may integrate with third-party services (e.g., payment processors, cloud providers). These third parties have their own privacy policies and data handling practices. We are not responsible for their privacy practices, and we recommend reviewing their policies independently.

6. Data Retention

We retain personal data only as long as necessary to provide services and comply with legal obligations:

  • Account Data: Retained for the duration of your account and 12 months after termination for compliance purposes
  • Clinical Data: Retained in accordance with HIPAA requirements (typically 6 years) and applicable state medical records laws
  • Usage Logs: Retained for 12 months for security and audit purposes
  • De-identified Research Data: May be retained indefinitely for research and model validation

Upon request, we will delete personal data subject to legal retention requirements. De-identified data cannot be linked back to individuals and is not subject to deletion requests.

7. Your Data Rights and Choices

7.1 GDPR Rights (EU Users)

If you are located in the European Union, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a portable, machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: Request what personal information we collect and how it is used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

7.3 Exercising Your Rights

To exercise any of these rights, please submit a request through our contact form at /contact. We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

8. Data Security

The Company implements industry-standard administrative, technical, and organizational safeguards to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Access controls and role-based permissions
  • Regular security audits and vulnerability assessments
  • Employee training on data protection and security protocols
  • Incident response procedures and breach notification protocols

However, no security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

9. Data Breach Notification

In the event of a confirmed data breach affecting personal data, we will notify affected individuals without unreasonable delay in compliance with GDPR, CCPA, and other applicable data protection laws. Notification will include:

  • Nature and scope of the breach
  • Categories and approximate number of individuals affected
  • Data categories affected
  • Likely consequences of the breach
  • Measures taken or proposed to mitigate harm
  • Contact information for further inquiries

10. Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies to enhance user experience and gather analytics. For detailed information about cookies and your choices, please refer to our Cookie Policy.

11. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete such data immediately and terminate the child's account.

12. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your home country.

For transfers from the EU to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and adequacy decisions. By using the Platform, you consent to the transfer of your data as described in this Privacy Policy.

13. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or prominent notice on the Platform. Your continued use of the Platform following notification of changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Information

For questions regarding this Privacy Policy or to exercise your data rights, please contact us through our contact form at /contact.

For EU users, you may also lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.