Privacy Policy

Last updated: August 21, 2025

Introduction

River (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our brain-computer interface (BCI) products and services.

Given the sensitive nature of neural data and our commitment to developing non-invasive BCI technology, we take privacy and data security extremely seriously.

Information We Collect

Website Information

  • Email addresses: When you join our waitlist for early access to our BCI SDK
  • Usage data: Information about how you interact with our website, including pages visited and time spent
  • Device information: Your IP address, browser type, operating system, and device identifiers
  • Cookies: Small data files stored on your device to improve your browsing experience

Product and Service Information

  • Account information: Name, email, and other details when you create an account for our products
  • Neural data: EEG and fNIRS brain data collected through our hardware when you use our BCI devices
  • Usage analytics: How you interact with our software and hardware products
  • Technical data: Device performance, calibration data, and system logs

How We Use Your Information

  • To provide and maintain our website and services
  • To notify you about updates to our BCI SDK and hardware availability
  • To improve our products and develop new BCI technologies
  • To analyze neural data patterns for research and product enhancement (with your explicit consent)
  • To provide customer support and respond to your inquiries
  • To ensure the security and proper functioning of our services
  • To comply with legal obligations and protect our rights

Neural Data Protection

We recognize that neural data is among the most sensitive personal information. For any neural data collected through our BCI devices:

  • We will always obtain your explicit, informed consent before collecting neural data
  • Neural data is encrypted both in transit and at rest using industry-standard encryption
  • We will never sell, rent, or share your neural data with third parties without your explicit consent
  • You have the right to request deletion of your neural data at any time
  • We implement strict access controls limiting who can view neural data within our organization
  • Neural data is anonymized whenever possible for research and development purposes

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

  • Service providers: Trusted third parties who assist us in operating our website and services
  • Legal compliance: When required by law or to protect our rights and safety
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
  • Research partners: Anonymized data may be shared with academic institutions for BCI research (with your consent)

Data Security

We implement robust security measures to protect your information:

  • End-to-end encryption for all neural data transmission
  • Secure data centers with physical and digital access controls
  • Regular security audits and penetration testing
  • Employee training on data protection and privacy best practices
  • Multi-factor authentication for accessing sensitive systems
  • Regular backups with encrypted storage

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your personal data
  • Objection: Object to processing based on legitimate interests
  • Withdrawal of consent: Withdraw consent at any time for neural data collection

Data Retention

  • Waitlist emails: Retained until you unsubscribe or we launch our product
  • Website analytics: Typically retained for 2 years for improvement purposes
  • Neural data: Retained only as long as necessary for the intended purpose or as required by law
  • Account data: Retained while your account is active, then deleted within 30 days of account closure

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through appropriate safeguards, including standard contractual clauses and adequacy decisions.

Children’s Privacy

Our services are not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will provide additional notice via email or prominently on our website.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: oseh@rivercomputer.co