Privacy Policy

Last updated: 9th December, 2025

This Privacy Policy explains how NeuroMoney collects, uses, shares and protects personal information in connection with (a) the public website and waitlist at neuromoney.io and (b) the NeuroMoney web application (the “App”). It is written for users in the United Kingdom, the European Union/EEA and the United States.

1. Who we are and how to contact us

NeuroMoney (“NeuroMoney”, “we”, “us”, “our”) is a project operated by Luke Henderson, based in the United Kingdom. For the purposes of UK and EU data protection law, we act as the data controller for the personal information described in this Privacy Policy.

Contact email: Support@neuromoney.io
Website: https://neuromoney.io

This Privacy Policy does not cover the privacy practices of third-party websites, retailers, or platforms that we link to (for example Amazon, eBay or Walmart). When you leave our site or app, their own privacy policies apply.

2. Who this Policy applies to

This Policy applies to:

• Visitors to neuromoney.io, including people who join our early-access waitlist;
• Registered users of the NeuroMoney web application (for example, people who create an account, log in to the App and use tools like the shopping planner, subscription radar and bills overview);
• People who contact us via email or other support channels.

Our services are intended for adults aged 18 and over. If you are under 18, you must not use NeuroMoney.

3. The information we collect

3.1 Information you provide to us directly

• Waitlist / email sign-up
  When you join the early-access list, we collect the email address you enter into the waitlist form and send to our email provider (MailerLite).
• Account registration (App)
  When you sign up for a NeuroMoney account, we currently collect:
  • Username
  • Password (stored in hashed form, not in plain text)
  • Age (e.g. selected age band/value)
  • Country / region
• Profile updates
  If you update your profile, we process the information you change (for example, password and country).
• Financial-visibility data you enter into the App
  To provide the App’s features, we process data you choose to add such as:
  • Shopping list items (e.g. retailer selection, product name, product identifier such as ASIN);
  • Subscriptions (e.g. name, cost, billing frequency, next payment date);
  • Bills (e.g. name, cost, billing frequency, next payment date);
  • Visualisation and theme preferences (e.g. dark/light mode).
  NeuroMoney is a visibility tool. You remain responsible for your financial decisions.
• Support and feedback
  If you contact us (for example by email), we process the information you send: your contact details, the content of your message and any attachments.

3.2 Information we collect automatically

When you use the website or App, we may automatically collect limited technical information, such as:

• IP address and approximate region (derived from the IP address);
• Browser type and version, operating system and device type;
• Pages or API endpoints accessed, timestamps and basic error logs;
• Rate-limiting and security-related metadata (for example, to detect abusive traffic and protect the service).

This information is collected through server logs and similar technologies. It is used primarily for security, performance monitoring and to run the service reliably.

3.3 Cookies and similar technologies

NeuroMoney currently uses only strictly necessary cookies or similar technologies (such as local storage) that are needed to:

• Keep you logged in securely while you use the App;
• Remember basic interface preferences (for example, theme).

We do not currently use analytics or advertising cookies on the public marketing site. If this changes, we will update this Policy and, where required, show you a consent banner for any non-essential cookies.

3.4 Information from our service providers and partners

• MailerLite (email and waitlist provider)
  We use MailerLite to manage the waitlist and send emails. MailerLite may collect engagement data such as:
  • whether an email was delivered or bounced;
  • whether it was opened; and
  • whether any links were clicked.
  MailerLite uses this information to provide us with aggregate statistics and to deliver emails reliably. For details, please see: https://www.mailerlite.com/legal/privacy-policy .
• Retailer & marketplace APIs (product data)
  To populate product widgets and shopping tools, we plan to integrate with retailer and marketplace APIs such as:
  • Amazon Product Advertising API / Amazon Associates
  • eBay developer APIs
  • Walmart APIs
  In these cases we typically send:
  • Product identifiers (such as ASIN) and technical request data;
  • Device and network information necessary to make the API call.
  We do not send your password, full subscription/bill history or other sensitive financial details to these providers. When you click through to a retailer’s website, that retailer may collect additional data about you under its own privacy policy (for example Amazon’s or eBay’s privacy notices).

3.5 Sensitive / special category data

Although NeuroMoney is designed with ADHD and autistic users in mind, we do not require you to tell us about any diagnosis, health condition or disability to use the service. We do not intentionally collect or ask for “special category” data (such as health information) or data about criminal offences.

Please do not submit this type of information to us unless we specifically ask for it and provide an appropriate legal basis.

4. How we use your information

We use personal information for the following purposes:

• To operate the website and App
  For example, to:
  • create and manage your NeuroMoney account;
  • authenticate you and keep your session secure;
  • store your shopping list items, subscriptions, bills and preferences;
  • display charts, summaries and other visualisations of your data.
• To run the early-access waitlist and send communications
  For example, to:
  • confirm your subscription to the waitlist;
  • send updates about the App and its launch;
  • send release notes or feature announcements after launch.
• To provide support and handle requests
  For example, when you contact us with a question, bug report, or request to exercise your privacy rights.
• To keep the service secure and reliable
  For example:
  • rate limiting and abuse/attack detection;
  • troubleshooting crashes or error logs;
  • protecting accounts from unauthorised access.
• To improve NeuroMoney
  For example:
  • analysing how often certain features are used (in an aggregated or pseudonymised way);
  • identifying usability issues and improving accessibility;
  • planning new features based on anonymised or aggregated patterns.
• To comply with legal obligations
  For example, to comply with applicable consumer, privacy, and tax laws, or to respond to lawful requests from authorities.

5. Legal bases for processing (UK & EU)

Under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, we must identify legal bases for using your personal data. Depending on the activity, we rely on:

• Performance of a contract
  We process your personal data when it is necessary to provide the NeuroMoney App or related services you have requested, for example to:
  • create and manage your account;
  • store and display your shopping lists, subscriptions and bills;
  • keep the App functioning as described.
• Consent
  We rely on your consent when:
  • you join the early-access waitlist or agree to receive product emails;
  • where required, if we use non-essential cookies or similar technologies for analytics or marketing (if introduced in future).
  You can withdraw your consent at any time, for example by clicking “unsubscribe” in our emails or contacting us.
• Legitimate interests
  We process limited data where necessary for our legitimate interests, provided these are not overridden by your rights and interests. This includes:
  • securing the App and protecting against fraud or misuse;
  • understanding how features are used (in aggregate) to improve the App;
  • maintaining logs and backups for reliability and security.
  You have the right to object to processing based on legitimate interests (see Section 11).
• Legal obligations
  In some cases we must process data to comply with laws (for example, consumer protection, accounting and tax rules, or responding to lawful requests from regulators).

6. Legal bases and rights for US residents

For visitors and users in the United States, state privacy laws such as the California Consumer Privacy Act as amended by the CPRA (together “CCPA”), Colorado Privacy Act, Virginia Consumer Data Protection Act and similar laws may provide additional rights.

Under these laws, we may collect the following categories of personal information (as defined by the CCPA and similar laws):

• Identifiers – such as username, email address, IP address, and device identifiers.
• Protected classification characteristics – we do not ask for legally protected categories (such as race or disability), but we do collect your age range and country.
• Commercial information – such as records of subscriptions, bills and products you add to your personal dashboards.
• Internet or other electronic network activity information – such as log data, IP address, and basic usage information.
• Approximate geolocation – inferred from your IP address or, when you select a country, that country.
• Inferences – such as high-level conclusions about which features are popular or which regions users come from, used only in aggregate.

We use these categories of information for the purposes listed in Section 4. We do not sell your personal information, and we do not share it for “cross-context behavioural advertising” (sometimes described as targeted advertising across different websites) as those terms are defined by applicable US state laws. If our practices change, we will update this Policy and, where required, provide opt-out mechanisms.

7. How we share your information

We do not sell or rent your personal information. We share it only with:

• Service providers (processors)
  We use trusted third-party providers to help run NeuroMoney, for example:
  • MailerLite for email and waitlist management;
  • Cloud hosting, database and infrastructure providers;
  • Error logging and security tools (if implemented).
  These providers act under our instructions and are bound by contracts that require appropriate data protection.
• Retailer and marketplace partners
  When you use product-related features, we may send product identifiers and technical data to:
  • Amazon Product Advertising API / Amazon Associates;
  • eBay developer APIs;
  • Walmart developer APIs.
  When you click a link to view a product on a retailer’s site, that retailer may know you came from NeuroMoney (for example via referral parameters) and may track your activity under its own terms and privacy policy. We may earn a commission or referral fee from some of these links; any such relationship will be clearly disclosed in the App or on the website.
• Professional advisers and legal authorities
  We may share information with professional advisers (such as lawyers or accountants) where necessary, or with law enforcement/regulators when we are legally required to do so or when it is appropriate to protect our rights or the rights of others.
• Business transfers
  If NeuroMoney is involved in a merger, acquisition, asset sale or similar transaction, personal data may be transferred as part of that transaction. We will take steps to ensure your rights continue to be protected and will notify you where required by law.

8. International data transfers

NeuroMoney is based in the United Kingdom. We may process and store your information in the UK, the European Economic Area (EEA), the United States or other countries where we or our service providers operate.

When we transfer personal data from the UK or EEA to countries that do not have an “adequacy decision” from the UK Government or European Commission, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent contractual protections, together with technical and organisational measures to protect the data.

For more information about MailerLite’s data protection measures, see: https://www.mailerlite.com/gdpr-compliance .

9. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy or to meet legal, regulatory, tax, accounting or reporting requirements. This typically means:

• Waitlist data – we keep your email address until you unsubscribe or we discontinue the waitlist, plus a short period afterwards in order to maintain suppression records and comply with our legal obligations.
• App account data – we keep your account data and the information you store in the App (such as subscriptions, bills and products) for as long as your account is active. If you delete your account, we will delete or anonymise associated data within a reasonable period, except where we need to retain certain records for legal or security reasons.
• Logs and security records – we keep security and server logs for a limited period (for example a few months) to ensure the integrity of the service and investigate issues, unless a longer retention period is required for a specific investigation.

Backup copies may persist for a limited time after deletion due to technical constraints, but are subject to strict access controls and routine deletion schedules.

10. Your rights (global overview)

Depending on where you live, you may have some or all of the rights below in relation to your personal data. We will not discriminate against you for exercising your rights.

• Access – to request confirmation that we process your data and to receive a copy;
• Correction – to ask us to correct inaccurate or incomplete data;
• Deletion – to ask us to delete your data in certain circumstances;
• Restriction – to ask us to restrict processing in certain circumstances;
• Objection – to object to processing based on our legitimate interests;
• Data portability – to obtain your data in a structured, commonly used format;
• Withdraw consent – where we rely on consent (for example emails), you can withdraw it at any time.

Many of these rights can be exercised directly in the App (for example, by exporting or deleting your account data) or by using the unsubscribe links in emails. You can also contact us using the details in Section 1.

10.1 UK & EU residents

If you are in the UK or EU/EEA, you have the rights described above under the UK GDPR or EU GDPR. You also have the right to lodge a complaint with your local data protection authority. For example:

• UK: Information Commissioner’s Office (ICO) – https://ico.org.uk
• EU: Your national Data Protection Authority – see list of EU/EEA DPAs .

We would appreciate the chance to address your concerns before you contact a regulator, so please consider contacting us first.

10.2 US residents

Subject to verification of your identity and the specific state laws that apply to you, you may have the right to:

• request that we disclose the categories and specific pieces of personal information we have collected about you;
• request deletion of your personal information, subject to certain exceptions;
• request correction of inaccurate personal information;
• receive your data in a portable format, where technically feasible;
• designate an authorised agent to make certain requests on your behalf.

To exercise these rights, please contact us using the details in Section 1. We may ask you for additional information to verify your identity and will respond within the time period required by applicable law.

11. Children’s privacy

NeuroMoney is intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a child has provided us with personal information, we will take steps to delete it as soon as reasonably possible.

12. Security

We use technical and organisational measures to protect personal information, including (for example) hashed passwords, limited access controls, rate-limiting and secure connections to our database. However, no online service can be completely secure, and we cannot guarantee absolute security.

You can help by choosing a strong, unique password, keeping your login details confidential, and notifying us promptly if you suspect any unauthorised access to your account.

13. Links to other sites and APIs

NeuroMoney may include links to third-party websites or services, for example:

• product pages on Amazon, eBay, Walmart or other retailers;
• resources about managing money, neurodiversity or accessibility.

We do not control and are not responsible for these third-party sites. Their own terms and privacy policies govern how they handle your data. We encourage you to review those policies before interacting with them.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time (for example, if we add new features, integrate additional third-party APIs, or if laws change). When we do, we will update the “Last updated” date at the top of this page. If changes are material, we may also provide additional notice (for example by email or in-App notifications).

Your continued use of NeuroMoney after any update means you acknowledge the revised Privacy Policy.