Effective Date: June 10, 2026
Impirica Inc. ("we," "us," "our" or "Owner") values your ("User") privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, retain, and delete the personal information you provide when accessing and using the Neurapulse website ("Website"), Neurapulse portal ("Service"), and Neurapulse web-based application ("App").
1. Information We Collect
Test Information: When you participate in a cognitive test, we collect your test responses and results.
Device Information: We collect information about the device you use to access the App, including your IP address, device type, and browser type.
Usage Data: We collect information about how you use the App, Service, and Website including the date and time of your test, IP address, browser type, and pages visited.
Account Information: When you register for an account, we collect your name, email address, and other contact details.
Campaign Data: Information related to the cognitive testing campaigns you create and manage, including test participant information and test results.
Biometric Data:With your explicit prior consent, we collect facial feature data (biometric templates) from your government-issued ID and your device camera for one purpose only: to verify your identity and protect the integrity of the assessment process. Before any biometric data is collected, you are shown a consent screen and must affirmatively agree. You may decline. If you decline, no biometric data is collected, you may still complete the assessment, and the only consequence is that your results are reported to the requesting organization with an "ID Not Verified" status. You may withdraw consent at any time by contacting us. Biometric data is automatically and permanently destroyed no later than 30 days after collection. See Section 6. We do not sell, lease, trade, or otherwise profit from your biometric data, and we do not disclose it to anyone except as required to provide the verification service or as required by law.
We collect and process your data based on your consent and, where applicable, the legitimate interests of the organization that requested your assessment. You may withdraw your consent at any time.
2. How We Use Your Information
To provide and maintain the Service
To communicate with you about your account and campaigns
To administer and score the cognitive test
To provide your test results to the manager who requested the test
To verify your identity during the assessment, where you have consented to biometric ID verification
To improve the App, Service, and Website based on usage patterns and feedback
To comply with legal obligations and protect our legal rights
3. Data Sharing and Disclosure
With Your Employer or Potential Employer: We share your test results with the manager who requested the test.
With Test Participants: We share test results with the test participants whose tests you manage.
With Service Providers: We share information with third-party service providers who assist us in operating the App, Service, and Website. These currently include our cloud hosting provider, within the safeguards described below and an email delivery provider used to send assessment invitations and account messages. When we erase your personal information (Section 6), we also instruct our email delivery provider to erase your email address, message history, and engagement records.
With Research Partners: Redacted data may be shared with the University of Alberta for research and development purposes.
For Legal Reasons: We may disclose your information if required by law or in response to legal processes.
International Data Transfer: If we transfer personal data outside Canada, we will ensure that appropriate safeguards are in place to protect the data in accordance with applicable regulations.
4. Data Collection, Use, and Disclosure
What Will Be Released:
Neurapulse cognitive responses
All information or statements relevant to the Neurapulse assessment processes or results, including identification and any interference or refusal to comply with the assessment process
All information or statements obtained during the Neurapulse assessment process that suggest a concern for safety or fitness to work
Parties That Will Release and/or Receive Information:
Employer/Prospective Employer
Employer/Prospective Employer's designated third-party service provider involved within the Neurapulse assessment process and/or information tracking
Impirica Inc. (for evaluating assessments, producing results, and research and development)
University of Alberta (research partner using redacted data for research and development)
Authorized contacts designated by the Employer/Prospective Employer
Microsoft Azure Services
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, use, or disclosure, including encryption in transit and at rest, and tamper-evident audit logging. Biometric data is stored and transmitted using a standard of care at least as protective as that applied to other confidential and sensitive information we hold. In the event of a data breach, we will notify affected individuals and the appropriate regulators as required by legislation.
6. Data Retention
We retain personal information only as long as needed for the purposes described in this policy, and we destroy it on the schedule below.
Retention Schedule:
Biometric data (facial feature templates and ID images): permanently destroyed no later than 30 days after collection, in all cases whether or not your assessment is complete, and regardless of any other relationship between you and the organization that requested your assessment. This satisfies our obligation to destroy biometric identifiers when the purpose of collection has been satisfied, and within the maximum periods permitted by applicable biometric privacy laws.
Contact and identity information (name, email address, phone number): permanently erased 30 days after your participation ends, meaning 30 days after you are removed from all assessment programs on the platform, or 30 days after the organization that sponsored your assessment ends its relationship with us, whichever applies.
Backups: deleted and erased data ages out of our encrypted backups within 30 additional days. Backups are never used to restore data that has been erased under this policy except where required to recover from a verified disaster, in which case the erasure is re-applied.
Third-party processors: when we erase your contact information, we simultaneously instruct our email delivery provider to erase your email address, message history, suppression records, and engagement records.
What we retain after erasure
After the erasure described above, we retain the following, none of which includes your name or contact details:
your year of birth and your assessment responses and results, in de-identified form, because they are required for the scientific validity and consistency of assessment scoring;
behavioral interaction data generated during the assessment (for example, response timing patterns), in de-identified form, for assessment quality and product improvement;
audit log records of actions taken in the platform, retained on a tamper-evident, append-only ledger to meet our legal, security, and regulatory obligations. Audit records are retained even after erasure because their integrity protections do not permit modification; they are accessible only to authorized personnel for compliance and security purposes.
"De-identified" means the retained records are not labeled with your name, email address, phone number, or other personally identifiable information. They are keyed by an internal record identifier. We do not use retained de-identified records to attempt to re-identify you, and we do not share them except as redacted research data as described in Section 3.
Operational and platform logs
Infrastructure and diagnostic logs (which may include IP address and browser user-agent) are retained for a limited period for security monitoring and troubleshooting and then deleted automatically.
7. Your Rights
We collect and process your data based on your consent, which you can withdraw at any time. You have the right to access, rectify, erase, restrict processing, and to data portability. You can exercise these rights by contacting our Data Protection Officer at privacy@neurapulse.com.
Erasure requests
When you request erasure of your personal information, we execute the same permanent destruction process described in Section 6, without waiting for the scheduled retention period: your contact and identity information and any biometric data are permanently destroyed from our live systems, the erasure is propagated to our email delivery provider, and residual copies age out of encrypted backups within 30 days. The de-identified records and audit log records described in Section 6 are retained on the bases described there. We will confirm completion of your request.
The rights of Users based on the General Data Protection Regulation (GDPR)
Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to do the following, to the extent permitted by law:
Users are also entitled to learn about the legal basis for Data transfers abroad including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users' request, the Owner will inform them about those recipients.
8. Research and EthicsAs a cognitive test participant, your redacted data will be used in an academic study titled: ‘A cognitive performance application to predict driving behavior and fitness for duty.’ This study has been reviewed for its adherence to ethical guidelines by a Research Ethics Board at the University of Alberta. For questions regarding participant rights and the ethical conduct of research, please contact the Research Ethics Office at reoffice@ualberta.ca.
Ethics ID: Pro00131244
Principal Investigator: Dr. Anthony Singhal, Department of Psychology, asinghal@ualberta.ca
9. Risks and Benefits of Using the App
Risks: Other than minor fatigue, risks do not exceed those encountered in daily life.
Benefits: Improved ability for employers/potential employers to identify safe and unsafe workers, mitigate work-related injuries, and enhance workplace safety.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy, with a new effective date, on the App, Service, and Website.
Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at privacy@neurapulse.com