NeuroChiro LogoNEUROCHIRO

Privacy Policy

Last Updated: April 8, 2026

Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights. NeuroChiro is committed to protecting the personal and health-related information of all users.

1. Information We Collect

We collect information you provide directly:

  • Account information: Name, email, password, phone number, role (doctor/student/patient)
  • Doctor profiles: Clinic name, address, specialties, bio, license information, photos
  • Health tracking data: Daily log entries (energy, pain, sleep levels) submitted by patients
  • Contact form submissions: Name, email, and message content
  • Payment information: Processed securely through Stripe. We do not store credit card numbers.

We automatically collect:

  • Browser type, IP address, and device information
  • Pages visited and actions taken on the platform
  • Location data (timezone-based region detection only, not GPS)

2. How We Use Your Data

  • To operate the directory and connect patients with doctors
  • To display doctor profiles publicly in search results
  • To process payments and manage subscriptions
  • To send account-related notifications (email, SMS with consent)
  • To improve the platform based on usage patterns
  • To respond to support requests and contact form submissions

3. Health Data Protection

NeuroChiro takes the protection of health-related data seriously. Patient daily log data (energy, pain, and sleep tracking) is:

  • Encrypted in transit using TLS/SSL encryption
  • Stored securely in our database with row-level security policies
  • Visible only to the patient who created it β€” no doctors, admins, or third parties can access individual patient health logs
  • Never sold to advertisers, data brokers, or any third party
  • Deletable at any time by the patient through their account settings

HIPAA Compliance Note: NeuroChiro is a directory and wellness tracking platform, not a healthcare provider. We do not create, receive, or maintain protected health information (PHI) as defined by HIPAA. However, we apply HIPAA-aligned security practices to all health-related data as a matter of principle, including encryption, access controls, and audit logging.

4. Third-Party Services

We use the following third-party services:

  • Supabase: Database hosting and authentication (data stored in US data centers)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Vercel: Website hosting and deployment
  • Resend: Transactional email delivery
  • Google Maps: Map display and review integration

We do not sell, rent, or share your personal data with any other third parties.

5. Data Retention

  • Active accounts: Data is retained for as long as your account is active
  • Deleted accounts: Personal data is removed within 30 days of account deletion
  • Doctor profiles: Removed from the public directory immediately upon cancellation
  • Health logs: Deleted when the patient deletes their account or requests deletion
  • Email leads: Retained for up to 12 months, then automatically purged

6. Cookies

We use essential cookies for authentication and session management. We use analytics cookies to understand how users interact with the platform. You can disable non-essential cookies through our consent banner or your browser settings.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Opt out of marketing communications at any time
  • Export your data in a portable format

To exercise any of these rights, contact us at privacy@neurochiro.com.

8. International Users

NeuroChiro serves users globally. If you are located outside the United States:

  • European Union (GDPR): You have the right to access, rectify, erase, restrict processing, and port your data. You may also object to processing and lodge a complaint with your local data protection authority. We process your data based on consent and legitimate interest.
  • Australia (Privacy Act 1988): We comply with the Australian Privacy Principles (APPs). You have the right to access and correct your personal information. We do not transfer personal data outside Australia without appropriate safeguards. Complaints can be directed to the Office of the Australian Information Commissioner (OAIC).
  • Canada (PIPEDA): We collect, use, and disclose your personal information only with your consent and for identified purposes. You may withdraw consent at any time.
  • United Kingdom (UK GDPR): Your rights mirror those under EU GDPR. Contact us to exercise them.
  • New Zealand (Privacy Act 2020): You have the right to access and correct your personal information held by us.

9. Contact

For privacy-related questions or concerns, email privacy@neurochiro.com. We will respond within 5 business days.