Privacy

Your data, on the record.

This policy explains what NeuronNurture Kids collects, why, who has access, and the rights you can exercise over it. Written in plain English, with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") as the legal floor.

Effective: 5 May 2026 Applies to: All visitors and clients of neuronurture.com and neuronurturekids.com

1. Who we are

"We", "us", or "NeuronNurture" refers to NeuronNurture Kids, a pediatric therapy practice headquartered in Bengaluru, Karnataka, India, delivering online speech, behavioural, and developmental therapy to children. For the purposes of the DPDP Act, NeuronNurture Kids is the Data Fiduciary for the personal data described in this policy.

You can reach us at admin@neuronurturekids.com or +91 7411 749 796 for any privacy-related question.

2. Data we collect

We collect only what is needed to respond to enquiries, deliver therapy, and keep clinical records.

2.1 When you enquire on our website

  • Parent or guardian name
  • Phone number
  • Child's age (optional)
  • Source page on our site (for routing — e.g. which programme you were reading)
  • Date and time of enquiry

2.2 When you become a client

  • Child's name, date of birth, gender, and contact details
  • Parent or guardian name, address, contact details
  • Health and developmental information shared during assessment (medical history, prior diagnoses, prior therapy, school reports, family-reported observations)
  • Assessment scores and clinical notes generated during sessions
  • Session schedule, attendance, and payment history

2.3 Automatic technical data

  • IP address, browser type, device type, referring URL, pages visited, session duration — collected via cookies and analytics tags described in Section 11.

We do not sell personal data, ever. We do not use your data to train AI models. We do not allow ad networks to fingerprint you across our site.

3. How we use your data

  • To call or message you back about a consultation request
  • To assess, plan, and deliver therapy
  • To produce written progress reports and clinical records
  • To process payments for sessions
  • To respond to messages, complaints, and follow-up questions
  • To improve our website and service quality (in aggregated, non-identifying form)
  • To comply with legal, tax, and regulatory obligations

We do not use your data for unrelated marketing without your explicit consent. If you opt in to a parenting-resources newsletter, you can unsubscribe at any time.

4. Lawful basis under the DPDP Act

The DPDP Act requires a Data Fiduciary to identify a lawful basis for processing. Ours, by activity:

  • Consultation requests via the website form — your consent (signified by submitting the form), which you can withdraw at any time.
  • Therapy delivery — necessary for performance of the service contract you enter into with us.
  • Payment, tax, accounting — compliance with a legal obligation.
  • Clinical record-keeping — legal obligation under medical-records norms in India.
  • Aggregated analytics for service improvement — legitimate use; identifies no individual.

5. With whom we share data

We share personal data only with the following categories of recipients, only to the extent necessary, and only under appropriate confidentiality and security commitments:

  • Therapists and paediatricians on our team, who deliver and supervise your child's plan.
  • HubSpot, Inc. — our customer relationship management system. Stores enquiry-stage information and parent contact details.
  • Google LLC — Google Forms (lead intake) and Google Analytics 4 (aggregated traffic analytics).
  • Cloudflare, Inc. — content delivery, DNS, and security at the network edge for our website.
  • Payment processors we engage to receive session payments.
  • Government, regulatory, or judicial authorities, where compelled by law.
  • Professional advisors (auditors, legal counsel) under confidentiality obligations.

We do not sell or rent your data to third parties for advertising.

6. International transfers

HubSpot, Google, and Cloudflare are headquartered in the United States and operate global infrastructure. Personal data routed through these providers may be processed outside India. We rely on those providers' published data-processing terms and security certifications (including SOC 2 and, where applicable, ISO 27001) for the protection of data in transit and at rest.

The Government of India may, by notification under the DPDP Act, restrict or prohibit transfers of personal data to specified countries. We will adjust our data flows promptly should any such restriction apply.

7. How long we keep data

  • Website enquiries that do not become clients — kept for up to 24 months from the date of enquiry, then deleted.
  • Clinical records of active and former clients — kept for the minimum period required by Indian medical-records law (currently understood to be a minimum of three years from the last treatment date for adults; for minors, three years from the date of attaining majority), or longer where retention is necessary for legal claims, complaint defence, or audit.
  • Payment and tax records — kept for the period required by Indian tax law (currently 6–8 years).
  • Marketing communications (newsletter subscribers) — kept until you unsubscribe.
  • Aggregated analytics — kept indefinitely in non-identifying form.

8. How we protect your data

Our website is served over HTTPS with HSTS preload, a strict Content-Security-Policy, and modern browser-isolation headers. Therapy sessions are delivered over end-to-end encrypted video. Clinical notes are stored in access-controlled systems with role-based permissions. Backups are encrypted at rest. Staff complete confidentiality training and sign data-handling agreements.

Despite reasonable safeguards, no transmission over the internet or storage system is perfectly secure. In the event of a personal-data breach affecting you, we will notify you and the Data Protection Board of India in accordance with the DPDP Act timelines.

9. Your rights

Under the DPDP Act, you have the right to:

  • Access a summary of personal data we hold about you.
  • Correct inaccurate or outdated personal data.
  • Erase personal data that is no longer necessary, subject to lawful retention obligations.
  • Withdraw consent for processing carried out on the basis of your consent — at any time, without affecting prior lawful processing.
  • Nominate another individual to exercise your rights in the event of your death or incapacity.
  • Lodge a grievance with us, and subsequently with the Data Protection Board of India.

To exercise any right, write to admin@neuronurturekids.com with the subject line "Data subject request — [your name]". We respond within 30 days, and within 7 days for clearly defined requests.

10. Children's data

Our service is, by design, for children. The DPDP Act treats personal data of children (under 18) and persons with disabilities as a sensitive category and requires verifiable parental or lawful-guardian consent before processing.

We collect a child's data only after the parent or lawful guardian has provided informed consent, in writing, after reading our assessment-and-consent document. We do not engage in tracking, behavioural monitoring, targeted advertising, or any processing reasonably likely to cause harm to a child. Parents may withdraw consent at any time.

11. Cookies & analytics

Our website uses a small number of cookies and tags:

  • Essential cookies — required for the site to function (set by Cloudflare for security and performance).
  • HubSpot tracking — recognises returning visitors so the team can give context to your enquiry. Drops a first-party cookie. Disabled if you do not interact with our site.
  • Google Analytics 4 — aggregated traffic measurement. IP addresses are truncated; no individual user is identified to NeuronNurture.
  • Google Ads conversion tag — fires only on lead-form submission, to attribute paid campaigns. Drops a first-party cookie linked to the click ID.

You can disable third-party cookies in your browser at any time. The site will continue to function normally without them.

12. Grievance redressal

If you believe your personal data has been mishandled, write to our Grievance Officer:

Grievance Officer
NeuronNurture Kids
Bengaluru, Karnataka, India
Email: admin@neuronurturekids.com
Phone: +91 7411 749 796

We respond to grievances within 30 days. If you are not satisfied with our response, you may approach the Data Protection Board of India under Section 27 of the DPDP Act, 2023.

13. Changes to this policy

We may update this policy from time to time. The "Effective" date at the top reflects the most recent revision. For substantive changes that affect how we use your data, we will notify active clients by email and post a notice on this page for at least 30 days.