top of page
huru logo

Privacy Policy

Last updated: July 2025

​

1. Who We Are
​

We are Huru Ltd, a UK-based medical technology company developing clinical and research tools for monitoring brain activity. In addition, we provide electrographic monitoring services for clinical and research partners.

 

Our services include a public-facing website, and a smartphone app provided to research participants.

​

We are registered in England and Wales under company number 13022222, with a registered office at: 20-22 Wenlock Road, London, N1 7GU, United Kingdom.

 

You can contact us at contact@hurulabs.com for any questions related to privacy or data protection.

​

2. What This Notice Covers
​

Depending on the study setup, we may act as a Data Controller (when determining research use of data) or as a Data Processor (when acting on behalf of a healthcare provider or research sponsor).

​

This Privacy Notice explains how we collect, use, store, and protect your personal data when you:

  • Visit our website

  • Use our research app as a participant in a study

​​

We also explain your rights under UK GDPR, EU GDPR, and applicable US laws.

​

3. What Data We Collect
​
a) When You Visit Our Website
​

We may collect:

  • Technical data (IP address, browser type, cookies)

  • Contact details if you use a contact form

  • Website usage data (via analytics tools such as Google Analytics)

​​

We do not sell your data or use it for profiling or advertising.

​

b) When You Use the Research App
​

We may collect:

  • Personal data (e.g. initials, contact details) where provided by your research sponsor

  • Non-clinical personal data (e.g. questionnaire responses, timestamps)

  • Device metadata (device type, operating system, app usage)

  • Data may be pseudonymised or anonymised, depending on the study setup

​​

We do not collect location data, microphone/audio, or access your contacts, photos, or messages.

​

4. Why We Collect Your Data

​

We use your data to:

  • Provide and support our research services

  • Enable secure access to the app or research dashboards

  • Improve app performance and ensure system security

  • Comply with legal obligations and research ethics requirements

​

​

5. Lawful Basis for Processing
​

We process your data on the following legal bases:​

​

​

​

​

 

 

 

 

For US participants, we also follow HIPAA-aligned security standards where relevant. Where we process health-related data for US residents in partnership with a healthcare provider, we follow HIPAA requirements and act as a Business Associate when applicable.

​

6. Where Your Data Is Stored
​

We store all data in the country of origin:

  • UK and EU participants → stored on servers in the UK or EU

  • US participants → stored on servers located in the US

​​

We do not transfer your data internationally unless required and protected by standard contractual clauses or equivalent safeguards.

​

7. Who We Share Data With
​

We only share data:

  • With approved Service Providers (e.g. AWS, analytics tools) under strict confidentiality

  • With the research sponsor or healthcare provider responsible for your study

  • As required by law or to protect legal rights

We do not sell or rent personal data to third parties.

Anonymised research data may be shared for scientific purposes, but it cannot identify you.

​

8. How Long We Keep Your Data
​

We keep personal data only as long as necessary for:

  • The research project

  • Regulatory and legal obligations

  • Security and audit requirements

Data is then securely deleted or anonymised, as set out in our internal Data Minimisation and Retention Policy.

​

9. Your Rights
​

You have the right to:

  • Access your personal data

  • Correct inaccuracies

  • Request erasure (where applicable)

  • Object to processing (if based on legitimate interest)

  • Withdraw consent (if used as a legal basis)

  • Lodge a complaint with a data protection authority (e.g. ICO in the UK)

​

For US users, you may also:

  • Request access or deletion of data you’ve shared with us

  • Contact your healthcare provider or research sponsor regarding HIPAA rights

​

To exercise your rights, contact contact@hurulabs.com.

​

10. Security Measures
​

We apply industry-standard protections, including:

  • End-to-end encryption

  • Access controls (role-based)

  • Secure cloud infrastructure (AWS)

  • Internal breach response procedures

If a data breach affects you, we will notify you promptly, in line with GDPR and HIPAA timelines.

​

11. Changes to This Notice
​

We may update this Privacy Notice occasionally. Significant changes will be communicated via email or in-app notification. The latest version will always be available on our website and inside the app.

​

​

​

Privacy - legal basis.png

© 2025 by huru

bottom of page