NeliteNine
Back to Legal Hub

Privacy Policy

Last Updated: February 2026

1. Data Controller

The entity responsible for the processing of your data is:

NeliteNine
Copenhagen, Denmark
Registration (CVR): 42940380
Email: contact@nelitenine.com

2. Cognitive Biometric Data

Unlike standard SaaS platforms, NeliteNine collects specialized performance metrics (Fluid Intelligence estimations, Reaction Time latency, Working Memory capacity).

We classify this as Sensitive Cognitive Data (GDPR Art. 9). We treat this data with higher security standards than standard user analytics.

Data Isolation Protocol

Your cognitive performance data is logically isolated from your billing identity. We do not sell your identifiable cognitive profile to third-party advertisers.

3. Information We Collect & Legal Basis

  • Identity Data: Email address, encrypted password, and Username (Gamer Tag).
    Legal Basis: Contract Performance (GDPR Art. 6.1.b).
  • Telemetry Data: Game scores, millisecond-precision reaction times, session duration, and device metadata.
    Legal Basis: Legitimate Interest (GDPR Art. 6.1.f) for service optimization; Consent (GDPR Art. 6.1.a) for research.
  • Subscription Data: Payment status (processed securely via Stripe/Apple/Google; we do not store full credit card numbers).
    Legal Basis: Legal Obligation (GDPR Art. 6.1.c) for tax/accounting.

4. Usage for Scientific Research

NeliteNine is committed to advancing the understanding of Fluid Intelligence (Gf). With your explicit consent, we process your data for scientific research purposes under GDPR Art. 89(1).

Data Points Processed:

  • Reaction Time Latency: Millisecond-precision logs of response times to stimuli.
  • Accuracy Metrics: Correct/Incorrect response ratios and error patterns.
  • Session Metadata: Time of day, session duration, and device type (for normalization).
  • Cognitive Load: Performance degradation over time during high-intensity tasks (N-Back).

Safeguards & Retention:

  • Pseudonymization: Research datasets are stripped of direct identifiers (Email, IP) and replaced with a unique Research ID.
  • Aggregation: Data is analyzed in aggregate to identify population-level trends, ensuring no individual can be singled out in published results.
  • Strict Access: Only authorized data scientists have access to the raw research datasets.
  • Retention Period: Research data is retained for up to 5 years to support longitudinal studies, after which it is permanently anonymized or deleted.

Right to Withdraw:

You have the right to withdraw your consent for research participation at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can manage this preference in your Account Settings or by contacting our DPO.

5. Security & Third Parties

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We utilize Supabase for enterprise-grade database security.

Trusted Processors: Supabase (DB), Vercel (Hosting), Stripe (Payments).

6. Global Rights (GDPR & CCPA)

You retain full ownership of your data.

EU Users (GDPR)

  • Right to Access (Art. 15)
  • Right to Rectification (Art. 16)
  • Right to Erasure ("Right to be Forgotten") (Art. 17)
  • Right to Data Portability (Art. 20)

California Users (CCPA)

  • Right to Know what personal info is collected.
  • Right to Delete personal info.
  • Right to Opt-Out of Sale: We do not sell your personal data.
  • Non-Discrimination for exercising rights.

Exercise Your Rights

Visit our Data Rights Portal or contact contact@nelitenine.com.