Privacy policy.

Who we are

This site is operated by Neuro Scan AI Solutions Oy (Y-tunnus 3437722-8), a private limited company registered in Espoo, Finland. We are the data controller for any personal data collected through nsai.fi. Reach our data-protection contact at clinical@nsai.fi.

What we collect

When you contact us

Your name, email address, employer or institution, role, and the content of your message. We need this to respond and to file the conversation under the right working relationship.

When you visit the site

Standard server logs: IP address, browser user agent, requested URL, timestamp, referring URL. We retain these for 90 days for security purposes and then anonymize.

What we do not collect on this site

We do not collect patient health data, EEG recordings, or any special-category personal data via this website. Clinical data handling is governed by separate Data Processing Agreements with our hospital and research partners.

Cookies & similar technologies

This site uses only strictly necessary cookies — those required for the page to function (for example, remembering a closed cookie banner if one is shown). We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral profiling.

If we later add privacy-respecting analytics (such as a self-hosted Plausible or similar EU-based analytics platform), we will update this section and request consent where required.

How we use your data

• To answer the question you asked us.
• To deliver services agreed under contract.
• To meet legal obligations (accounting, regulatory, medical-device record-keeping).
• To protect our systems and prevent abuse.

Who we share data with

We share personal data only with:

• Service providers that operate our infrastructure (email delivery, hosting). These act on our instructions under a data processing agreement.
• Professional advisors (legal, accounting, audit) when strictly necessary.
• Authorities when legally required.

We do not sell personal data. We do not share personal data for marketing purposes outside our own.

Where data is processed

Primary processing happens within the European Economic Area. Where a sub-processor sits outside the EEA, we rely on European Commission Standard Contractual Clauses, supplemented by encryption and access controls. See our GDPR statement for the formal basis.

How long we keep data

• Inbound inquiries: 24 months after the last meaningful exchange.
• Contractual relationships: duration of the contract plus the retention period required by Finnish law (typically 10 years for accounting records).
• Server logs: 90 days, then anonymized.

Your rights

You can ask us to: show you what we hold; correct it; delete it; restrict how we use it; export it in a portable format; or object to a specific use. Email clinical@nsai.fi. We respond within 30 days.

If you are unhappy with our response, you can complain to the Finnish Data Protection Ombudsman at tietosuoja.fi or your local EU supervisory authority.

Children

This site is not directed at children under 16. We do not knowingly collect personal data from anyone in that age group through the website. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

If we change how we use personal data, we will update this page and revise the effective date. Material changes will also be announced via the appropriate contractual channels for active partners.