Privacy Policy

We at Neubit Oy, business ID 3120647-4 (“Neubit” or “Company” or “We” or “Us”), are committed to the protection of our visitor’s, user’s and client’s (also referred to as “you” or “your”) privacy, according to the GDPR, Finnish Data Protection Act and other applicable regional laws and requirements.

This Privacy Policy describes the specific policies and procedures we use to collect, utilize, disclose, share and protect your personal data when you visit the Neubit website or use the Neubit application. 

Why do we collect personal data

Neubit collects and processes the personal data of website and application users only for the following purposes:

  • To provide Neubit services 
    We process personal data to provide Neubit services and app features, such as to provide you with insights about your wellbeing and stress level.
  • To provide customer service
    We process personal data for the purpose of providing customer service and managing our customer communication.
  • To develop our products and services 
    We process data regarding your use of the Neubit website, applications, devices and platform to improve our services and features. When possible, we will do this using only pseudonymized, aggregated, or non-personally identifiable data.
  • To enable third party integrations 
    We process data to provide users who request that we share their data with certain third parties, such as research partners. This is only done with your express consent.
  • To comply with statutory obligations
    In certain cases, we must process certain data when it is required by applicable laws and regulations. Such statutory obligations are related, for example, to accounting and tax requirements, legal claims, or other legal purposes.

What personal data do we collect and from which sources

In most cases, Neubit collects personal data directly from you, such as when you register for an account or use Neubit products to collect biosignal data. We may also process data that is produced from the information you provide to us.

Neubit processes the following personal data categories about website and application users:

  • Contact information such as email address or physical address
  • User information such as gender, height and weight, user ID, and other information you may provide to us about yourself or your account
  • Device information such as IP address and location data
  • User activity and context information such as activities, notes and tags
  • Measurement data such as heart rate and heart rate variability

Please note that some of the personal data we process, including any data concerning your health, is considered special or sensitive personal data. Under applicable law, such data is processed only if you have given your express consent for processing.

Legal basis for processing personal data

Our legal basis for processing your personal data depends on the particular processing purposes, including:

  • Contract: when processing personal data for the purpose of providing Neubit services we process it on the basis of the performance of the user contract between Us and you, which is formed when you create your account and accept our terms and conditions.
  • Consent: we process your health-related data only with your express consent. We will request your express consent in connection with the registration process of your account prior to any health data being processed by Us and you may, at any time, revoke your consent.
  • Legitimate Interest: we process your personal data based on our legitimate interests when we process it for the purposes of marketing our products and services, providing our customer service and improving our products and services. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy, in compliance with applicable law.
  • Legal obligation: Neubit must process certain information to comply with statutory obligations which may vary in each country. For example, such obligations can relate to tax or accounting laws.

Who is the controller of your personal data and who can process your personal data

Neubit is the controller of your personal data. We may also outsource some parts of the processing of personal data to our third party suppliers or vendors who act as our subprocessors. In this case we ensure through contractual measures that the personal data is handled appropriately and in compliance with the applicable legislation, including the GDPR.

In certain cases we share, if necessary, your personal data with other recipients for certain purposes e.g. to fulfill legal obligations and to handle and defend legal claims. Examples of recipients are external advisors, authorities, courts, the police and potential buyers or sellers of the Neubit.

Where do we store and process your personal data

In principle, we store your personal data within the EU or the EEA. If any data is transferred outside the EU or EEA, we apply appropriate safeguards to ensure that your personal data remains protected. We do this by transferring personal data only to countries which are the subject of an adequacy decision made by the European Commission, or by using standard contractual model clauses approved by the European Commission. We require our subprocessors to process personal data in compliance with this Privacy Policy. If you wish to obtain more information about the safeguards used, please contact Us at the email address set out below.

How is the personal data protected

We use technical and organizational measures to protect personal data against unauthorized access, transfer, deletion or other processing that may compromise information security. Such methods include the use of firewalls, encryption technologies and safe server rooms, proper access control systems, the controlled provision of user rights and supervision of their use, providing instructions for data processors, and the thorough selection of competent subcontractors who comply with industry standards for information security management.

Your rights

Under applicable data protection regulations you have certain rights in relation to the processing of your personal data. We process your personal data to the extent necessary in order to fulfill your rights. Please submit requests for exercising your rights by contacting us at You have the right to:

  • Access your personal data
    You have the right to access personal data we process about you. You may request a copy of your personal data by emailing us at the address set out above. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.
  • Update your personal data
    Furthermore, you have the right to request that incorrect or incomplete personal data is corrected or completed. 
  • Withdraw consent
    To the extent we rely on your consent to process personal data you have the right to at any time withdraw your consent.
  • Object to the processing of personal data
    You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest over-rides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
  • Delete your personal data
    Under certain circumstances you have the right to request that your personal data is deleted. However, we cannot delete your personal data if we for example are obligated under law to keep the data.
  • Restrict the use of your personal data
    You have the right under certain circumstances to request that the processing of your personal data is restricted. If the processing of your personal data has been restricted we may only, besides storing the data, process your personal data with your consent, in order to establish, exercise or defend legal claims or to defend rights of others.
  • Transfer your personal data (data portability)
    Finally, you have the right to request a copy of the personal data that we store about you in a structured, commonly used and machine-readable format (data portability). The right to data portability, compared to the right to access, only comprises such personal data you yourself have provided and which we process based on certain legal grounds, e.g. your consent.


We may use cookies and other similar online technologies, such as the browser’s local data storage, to collect data from a user’s terminal. Cookies are small text files that the browser saves in the user’s device. Cookies often contain an anonymous individual identifier, which we can use to measure how many different browsers are visiting our websites, and how our online services are being used.

Changes to Privacy Policy

We are continuously developing our services and reserve the right to change this privacy policy by informing our users of such changes in our services. Changes may also be based on changes in legislation. We recommend that users read our Privacy Policy on regular basis to keep track of changes.


If there are any questions regarding this privacy policy, you can email us at

Effective date:  February 11, 2022