1 About this policy
This Privacy Policy explains how NEU Wellbeing Ltd ("NEU", "we", "us", or "our"), operating under NEU Platforms, collects, uses, and safeguards your personal data when you use any of our applications and services, including the NEU Community Wellbeing App and associated platforms.
By using our apps or services you agree to the practices described in this policy. If you do not agree, please do not use our services.
We are committed to keeping your data private, minimal, and secure. We do not sell personal data to third parties.
2 Who we are
NEU Wellbeing Ltd is a Community Interest Company (CIC) registered in England and Wales. We operate digital platforms and mobile applications designed to support community wellbeing.
3 Data we collect
We collect only the information needed to provide our services. Depending on how you use our apps, this may include:
- Account information: name, email address, city, and optionally phone number, when you create an account.
- Wellbeing check-in data: your responses to the NWI (NEU Wellbeing Index) and WEMWBS (Warwick-Edinburgh Mental Wellbeing Scale) questionnaires, including scores and completion dates.
- Goals: personal goals you choose to set through the GROW goal-setting framework within the app.
- Usage data: basic app interaction data (e.g. screens visited) used to improve our services. This is anonymised.
- Device information: device type, operating system version, and app version, for technical support purposes only.
We do not collect payment information, location data, contact lists, camera or microphone access, or any sensitive personal data beyond what you explicitly provide in the wellbeing questionnaires.
4 How we use your data
We use the information we collect to:
- Provide, operate, and improve our apps and services.
- Store and display your wellbeing check-in history and trends.
- Enable support staff (where authorised by your organisation) to identify users who may benefit from follow-up wellbeing support.
- Send you account-related communications (e.g. password resets) — we do not send marketing emails without explicit consent.
- Comply with legal obligations.
We process your data on the following legal bases under UK GDPR: contract performance (to provide the service you signed up for), legitimate interests (to improve and secure our services), and consent (for optional features).
5 Data sharing
We do not sell, trade, or rent your personal data. We may share data only in the following limited circumstances:
- Service providers: trusted third-party providers who help us operate our platform (e.g. cloud hosting). These are bound by data processing agreements and may not use your data for their own purposes.
- Authorised organisations: if you use NEU through a partner organisation (such as a CIC or charity), authorised staff within that organisation may access aggregated or individual wellbeing data to provide support. This is disclosed to you at the point of use.
- Legal requirements: where required by law, court order, or to protect the safety of individuals.
We never share or sell your wellbeing data to advertisers, data brokers, or any commercial third parties.
6 Data retention
We retain your personal data for as long as your account is active or as needed to provide services. Specifically:
- Account data is retained until you request deletion or close your account.
- Check-in data is retained until you delete it or close your account.
- Goal data is retained until you delete it or close your account.
- Usage logs are retained for up to 12 months for security and improvement purposes.
You can request deletion of your data at any time by contacting us (see section 9).
7 Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include:
- Encrypted data transmission (HTTPS/TLS) for all communications.
- Token-based authentication for API access.
- Access controls limiting who can view personal data within our team.
- Regular security reviews of our infrastructure.
No method of transmission over the internet is 100% secure. If you have reason to believe your account has been compromised, contact us immediately.
8 Your rights
Under UK data protection law (UK GDPR), you have the following rights regarding your personal data:
9 Cookies and local storage
Our mobile applications use on-device storage (local storage) to save your preferences, check-in state, and authentication tokens. This data stays on your device and is not used for advertising or tracking.
Our web-based admin portals uses session cookies required for authentication. No third-party advertising or analytics cookies are used.
10 Children's privacy
Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
For users aged 13–17, we encourage parental awareness and oversight of wellbeing app usage.
11 Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users via the app or by email. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
12 Contact us
If you have any questions about this Privacy Policy, want to exercise your rights, or have a concern about how we handle your data, please get in touch.
[email protected]