Neuromatch, Inc. (“Neuromatch”, “we”, “us", "our"), a U.S.-registered 501(c)(3) nonprofit organization, is committed to protecting your privacy and handling your personal data responsibly and transparently. This Privacy Policy explains how we collect, use, share, and retain personal data of individuals who interact with Neuromatch, including participants, volunteers, contractors, staff, donors, and partners.
This Policy applies when you access and use our website located at https://neuromatch.io/ (the “Site”) and any other website or platform (e.g., the Mexa and Mindmatch platforms) where this Policy is linked; when you interact with us; when you donate to us; or when you participate in our educational programs, research initiatives, partnerships, and community platforms. In these contexts, Neuromatch generally acts as a controller of your personal data, which means we decide why and how your personal data is processed. Certain of our programs or services may have additional privacy terms; where applicable, please review those terms before participating.
Any links that we provide to third-party websites or services are provided for your convenience. We do not own, operate or control those third party properties and therefore this Policy does not apply to them. If you visit any such third party sites or services, please review any applicable privacy policies. We are not responsible for the content, use, or privacy practices of any unaffiliated sites or services.
If the EU General Data Protection Regulation (GDPR) or the UK GDPR applies to our processing, see Section 10 for additional information.
This Policy is effective as of the date that it is posted. If we make material changes to this Policy, we will update the “Last updated” date and, where required, notify you. For questions about this Policy or to exercise your data protection rights, please contact us at: support@neuromatch.io.
2. Data We Collect
Neuromatch collects, processes, and maintains several types of information, some of which may be considered personal data under applicable data protection laws. Personal data generally means any data that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with a particular person, but does not include any information that is aggregated or de-identified.
The type of personal data we collect depends on how you interact with us. For instance, if you donate to us or purchase products or educational services, we will need different information than if you simply visit our Site for informational purposes.
As a general matter, we may collect the following categories of your personal data only when you voluntarily choose to provide them, including:
Identifiers and Contact Information
Name, email address, postal address, phone number, country of residence
Citizenship or residency status (which is collected solely to assess program eligibility and compliance requirements, including to fulfill reporting obligations and determine appropriate regionally adjusted contractor compensation rates or course tuition fees)
Social media account information (e.g., username)
Demographic data (e.g., gender, language, race/ethnicity)
Photograph and video recordings (which is provided voluntarily for program participation, promotional materials, or professional profiles)
Professional & Educational Data
Institutional affiliation, curriculum vitae or résumé details
Submitted abstracts or written materials
Public professional profiles (e.g., LinkedIn, ORCID, Google Scholar)
Financial Information (which is processed through third-party payment processors and financial platforms)
Payment information processed by our third-party payment processor (discussed below) for course fees, donations or when you purchase merchandise
Tax forms (e.g., W-8BEN, W-9, or equivalent), where required by law
Records of payments, reimbursements, and contractor payments for Teaching Assistants, Project Supervisors, and other contractors and/or staff
Participation Data
Course or program enrollment records
Feedback, attendance, and engagement metrics
Additionally, we may automatically collect certain data about you through online technologies when you visit our Site that may also be considered personal data; such information may include:
IP address, browser type, device information, operating system
Usage details, such as the date and time you visited the Site, the Internet address of the site from which you linked to the Site, the links you follow from the Site including to our payment processor, and the reading history and other analytics related to how you use and view the content on the Site
General activity information use in our and our service providers’ fraud-prevention programs
We do not knowingly collect personal data from individuals under the age of 18, nor do we generally expect to process sensitive personal data; if you provide us with sensitive personal data, or if we obtain it from a third party, we will process it only as permitted under applicable laws and regulations.
3. Sources of Personal Data
A. Data Collected Directly
We collect your personal data when you provide details to us directly, including through your interactions with the Site, including when you:
Sign up for one of our classes or programs or attend one of our events, such as a live Mindmatch opportunity or community webinars
Apply to become, or are selected as, one of our scholars
Subscribe to our newsletter
Become a volunteer
Apply or are engaged as a Teaching Assistant or Project Supervisor
Purchase our merchandise or make a donation
Email us or otherwise interact with us through the Site
B. Data Collected Automatically
We may also obtain information in other ways through technology, some of which may be linked to you personally. When you visit the Site, or use a third‑party website that interacts with our Site, including our payment processor, we, or third parties acting on our behalf, may automatically receive and record certain information (including personal data) from your computer, web browser, or mobile device.
For example, Neuromatch uses cookies to enhance your experience when you visit the Site. “Cookies” are small pieces of data sent to your computer browser from our web server and stored on your computer’s hard drive. This data identifies you as a unique user and facilitates your ongoing access to and use of the Site. In addition, we may also use Google Analytics or a similar service to help us analyze how users use the Site or our services. That use may be subject to the Google Analytics Terms of Use and Google Privacy Policy. Please click here
for more information about how Google uses information from sites or apps that use their services. As noted below, we rely on consent where required by law for certain cookies (e.g., analytics) and will respect your preferences.
[1]Please note that you may choose to set your web browser to refuse or delete cookies, or to alert you when cookies are set. If you choose to turn off cookies, however, some parts of the Site may not function properly. Even if you block or delete cookies, not all of the tracking that we have described in this Policy will stop.
Third parties such as advertising networks, analytics providers and widget providers may collect information, including personal data collected via cookies, about your online activities over time and across different websites when you access or use our Site or services. Currently, various browsers offer a “Do Not Track” option, but there is no standard for how “Do Not Track” should work on commercial websites. Due to the lack of such standards, our Site does not respond to “Do Not Track” consumer browser settings.
C. Data Collected From Third Parties
Finally, we may also collect personal data about you (i) when you interact with our page or account on social media, such as LinkedIn (e.g., click on our links or provide information to us via the relevant account), (ii) through other sources, including the legal entity you are part of (for example if you are designated by a legal entity with whom we have a relationship as its representative), and others who think you might be interested in our work or (iii) through third party service providers (including payment processors, discussed below) acting on our behalf.
Donors and Product Purchases. In addition to the personal data collected as described above, we may collect additional personal data from donors (including the name and address of the donor and amount of the donation) or individuals who purchase merchandise through our Site, and will use such information in addition to the uses set forth below in order to process donations or orders, issue tax or order receipts, and analyze giving or purchasing patterns.
Online donations or product purchases made through the Site are facilitated by third-party platforms and payment processors, such as Stripe, Every.org, and Spreadshop. If you choose to make a donation or make a purchase you’ll be linked to the appropriate third-party site where their privacy policies will apply. Your financial information, such as payment method (credit or debit card number and expiration date), is used and stored by the relevant payment processor, and the use and storage of that information is governed by the relevant payment processor’s terms of service and privacy policy. We urge you to familiarize yourself with such terms prior to submitting any personal data. We are not responsible for the data collection, privacy and information sharing policies and procedures or the content of such websites. We may from time to time request and receive some of your financial information from the relevant payment processor for purposes of completing transactions, fulfilling orders or protecting against or identifying possible fraudulent transactions.
4. Purposes and Legal Bases for Processing
Depending on the specific personal data concerned and the factual context, we process personal data for the following purposes and under the following legal bases where the GDPR applies:
As necessary to perform a contract: When we enter into a contract directly with you, we process your personal data to prepare and enter into the contract, as well as to perform and manage the contract (i.e., administering our programs or providing our products or services, as well as facilitating and processing payments, including to our contractors, teaching assistants or grantees, communicating with you about our Site or services, complying with contractual obligations, and related administration). Where we are relying on this legal basis, we may not be able to provide you with all services if we do not process your personal data;
With your consent: Where required by law, we rely on your prior consentfor specific optional uses, such as inclusion in public participant lists, optional demographic surveys, and subscription to Neuromatch’s newsletter and mailing lists for programmatic and organizational updates (including our external collaborative newsletter), we rely on your prior consent to engage such processing. We also rely on your prior consent in order to use certain types of cookies (e.g., analytics cookies to perform analysis of our website usage) as well as to conduct online marketing, including email marketing. You may withdraw consent at any time, including via unsubscribe links in our emails or by contacting us.
To comply with legal obligations: We process your personal data to comply with the legal obligations to which we are subject. This may include maintaining secure IT systems, detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity, audit, accounting and tax requirements, and includes compliance with applicable data protection laws.
For our legitimate interests (or those of others), where not overridden by your rights: Where such interests are not overridden by your rights, we may process your personal data based on such legitimate interests, including to (i) administer our programs and manage registration, communications, and participation in Neuromatch programs, (ii) develop, test, and improve our Site and services, (iii) ensure authentication, integrity, security, and safety of accounts and services, including detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, (iv) analyze participation, diversity, and program effectiveness (which we process primarily in aggregated or anonymized form), (v) support a merger, acquisition, bankruptcy, or other corporate transaction in which a third party assumes control of all or part of our business and (vi) comply with non-EU and non-UK laws, regulations, codes of practice, guidelines, or rules applicable to us and respond to requests from, and other communications with, competent non-EU and non-UK public, governmental, judicial, or other regulatory authorities, as well as meet our corporate and social responsibility commitments, protect our rights and property, resolve disputes, and enforce agreements. If we do not process your Personal data for these purposes, we may not be able to perform activities that are necessary for our legitimate interests, and, depending on the circumstances, provide you with our Site or services.
We do not use your personal data for automated decision-making that produces legal or similarly significant effects.
5. Data Sharing
Neuromatch shares your personal data only for limited and specific purposes as required for the purposes described in the Policy, and we do not sell your personal data for monetary consideration.
We may disclose your personal data to non-affiliated service providers and other third parties in compliance with applicable laws and regulations. Third party recipients of your personal data may include:
Service Providers: IT service providers, cloud service providers, customer relationship management system providers, payment processors, fraud screening providers, hosting and database providers and other legal and accounting providers, all of which will generally act as processors on our behalf.
Funding Agencies and Sponsors: Where required for financial reporting, payment, or program evaluation.
Other Participants or Educators: To enable collaboration through discussion forums, participant directories, mentoring relationships, or other programmatic activities, but only with appropriate consent.
Volunteers: A limited subset of volunteers may access certain personal data only where necessary to fulfil their defined responsibilities (e.g., Academy operations, wider programmatic work, or working groups with specific objectives or deliverables).
Government authorities: Law enforcement agencies, regulatory or tax authorities and other governmental or public agencies or authorities.
Other third parties: For purposes you have authorized or consented to.
We may disclose aggregated or anonymous information not linked to any personal data with third parties without restriction, including in connection with maintaining, improving, and fixing any operational errors on the Site.
6. Data Retention
Neuromatch retains personal data only for as long as necessary to fulfill the purposes for which it was collected or to meet legal, contractual, and audit obligations. In particular, we retain:
Identity, contact, and participation data while your account or participation with Neuromatch remains active or as needed for ongoing program delivery. Upon request, we delete such data unless retention is required for legal, audit, or reporting purposes (e.g., to manage accounts, verify participation history, and support ongoing program delivery).
Financial records including invoices, tax forms, and payment documentation for up to ten (10) years, or as required by audit and regulatory compliance requirements.
Contract‑related records for the duration of the agreement and for as long as necessary to establish, exercise, or defend legal claims and comply with applicable limitation periods.
Research and anonymized program data may also be retained indefinitely for statistical analysis, reporting, and the improvement of Neuromatch’s programs and operations. These records do not contain identifiable personal data.
Cookies and analytics data collected through the Site are stored for up to two (2) years, after which they are deleted or anonymized.
7. Data Security
We implement administrative, technical, and physical safeguards to protect personal data against loss, misuse, or unauthorized access. These include encryption, secure cloud storage, limited access rights, and regular review of data-handling procedures.
However, no security measures are perfect or impenetrable, so we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We are not responsible for circumvention of any privacy settings or security measures. Even after removal, copies of information that you have posted may remain viewable in cached and archived pages or if other users have copied or stored such information.
8. Your Rights
You may decline to share certain information with us, in which case some of the features and functionality of the Site or certain of our services may not be available.
Once you have registered for an account, depending on the platform and timing, you may update or correct your profile information and preferences by accessing your profile page located at:
And you can email support@neuromatch.io at any time for edits or to request that your account be deleted.
If you do not wish to receive newsletters from us, you can opt out of receiving email information from us (except for emails related to your donations, your purchase of goods or services, and other communications essential to program administration or your transactions through the Site) by using the unsubscribe process at the bottom of the email, or by contacting us directly at support@neuromatch.io. Should you opt out, we will promptly honor your request, though we may retain certain information you submit (including in backups or archives) for a variety of purposes, including analytics, the prevention of fraud or abuse and compliance with our legal or regulatory obligations.
Notice for California Residents. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal data that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact us via email at support@neuromatch.io.
Notice for Nevada Residents. Please note that we do not currently sell your personal data as sales are defined in Nevada Revised Statutes Chapter 603A.
9. Our Commitment to Children’s Privacy
Protecting the privacy of young children and minors is especially important. For that reason, we do not allow children under 18 years of age to use the Site or our services, we do not knowingly collect or maintain information from persons under 18 years of age, and no part of the Site or our services are directed to persons under 18 years of age. If you are under 18 years of age, then please do not use or access the Site or our services at any time or in any manner.
If you discover that a child under 18 years of age has provided us with information, please alert us at support@neuromatch.io.
10. European Data Protection Specific Information
The following disclosures apply solely where our processing is subject to the GDPR or the UK GDPR.
A.Your Rights
Your rights in relation to your personal data processed by us as a controller specifically include:
Right of access and/or portability: You have the right to access any personal data that we hold about you and, in some circumstances, have that data provided to you or transfer that data to another provider;
Right of erasure: In certain circumstances, you have the right to request deletion of personal data that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected);
Please note that properly anonymized or de-identified data used for research, analytics, and program evaluation cannot be altered or removed in response to a deletion request, as this data has been processed to ensure individuals cannot be re-identified and therefore no longer constitutes personal data under applicable privacy laws.
Right to object to processing: In certain circumstances, you have the right to request that we stop processing your personal data;
Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal data;
Right to restrict processing: You have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
To exercise your rights or if you have any other questions about our use of your personal data, please contact us by email at support@neuromatch.io from your registered email address (if appliable). Please note that we may request you to provide us with additional information in order to confirm your identity and ensure that you are entitled to exercise your rights.
You also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.
B. International Data Transfers
Your Personal data may be transferred, stored (for example, in a data center), and processed outside of the country or region where it was initially collected where we or our service providers have customers or facilities, including in countries outside of the European Economic Area and the UK. Such countries may have data protection rules that are different and less protective than those of your country.
Where Personal data of individuals in the EU or the UK is being transferred to a recipient located in a country outside the European Economic Area or the UK which has not been recognized as having an adequate level of data protection, we ensure that there is a transfer solution in place to legitimize such transfer (such as the European Commission’s standard contractual clauses under Article 46(2) of the GDPR). Please contact us if you would like to receive a copy of such standard contractual clauses or request further information in that respect. Where relevant and permissible under the applicable data protection law, we may also rely on one of the derogations under Article 49 of the GDPR or the UK GDPR to transfer your personal data (such as transfer of data that is necessary for the performance of our contract with you).
11. Contact
For questions about this Policy or to exercise your data protection rights, please contact us at: support@neuromatch.io.