Privacy Policy

Wavelengths
Wavelengths

Last updated February 26, 2026

 

1. WHO WE ARE

This Privacy Notice explains how Niche Biomedical, Inc. d/b/a ANEUVO (“ANEUVO”, “we”, “us”, or “our”) collects, processes, and protects your personal data when you use the ExaStim® Programmer Application (“App”), the ANEUVO User Portal (“User Portal”), and/or the ANEUVO website (collectively, “Services”).

2. SCOPE OF THIS PRIVACY POLICY

This Privacy Notice applies to:

  • Users of the ExaStim® App.
  • Users managing therapy via the ANEUVO User Portal hosted by Galen.
  • Use of the ExaStim® Stimulation System, a medical device cleared by the U.S. Food and Drug Administration (FDA) under Section 510(k) of the Federal Food, Drug, and Cosmetic Act.
  • Users of Our website.

3. HOW WE COLLECT AND USE PERSONAL DATA

When you use our Services, we collect and process the following categories of personal data:

3.1 Account and Operational Data

  • Full name or alias
  • Institutional affiliation
  • Provider number
  • Date of birth
  • Gender and other demographic data
  • Email address
  • Postal address
  • Username and password (encrypted)
  • Device ID, IMEI, and serial number
  • Device model and operating system
  • App version installed
  • Registration date and time
  • Language and region settings
  • User Portal settings and preferences
  • We do not knowingly collect precise GPS location, payment card data, or national identifiers.

Purpose: To register your account, provide access to the App and Portal, and ensure system security.

3.2 Health and Treatment Data

  • Diagnosis and treatment information
  • Therapy settings (stimulation intensity, electrode configuration)
  • Session logs (dates, durations, frequencies)
  • Symptom tracking (pain levels, spasticity reports)
  • Therapy progress notes
  • Feedback on therapy effectiveness
  • Device programming settings history
  • Adverse event reports or device-related incidents

Purpose: To deliver therapy services, enable clinician management, monitor outcomes, and fulfill legal obligations under FDA.

3.3 Website, Device and Application Usage Data

  • IP address during device registration
  • Login timestamps
  • App crash reports
  • Firmware versions
  • Connectivity and browsing information (Wi-Fi, mobile data usage, browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements)
  • Technical and diagnostic logs

Purpose: To provide technical support, secure the Services, and improve functionality.

3.4 Support and Communication Data  

  • Inquiries and service requests
  • Support case notes and troubleshooting information
  • Communication history (calls, emails, support chat logs)

Purpose: To respond to requests, solve technical issues, and improve user experience.

3.5 Aggregated, Anonymized, and De-Identified Data  

  • Aggregated stimulation performance statistics
  • De-identified usage patterns and app interactions
  • Statistical data models

Purpose: For research and development, product improvement, scientific publications, and marketing insights.

3.6 Product Safety and Regulatory Compliance Data

  • Adverse events or incidents related to the Device
  • Device performance reports
  • Data provided to regulatory authorities (if necessary)

Purpose: To comply with post-market surveillance obligations under MDR.

3.7 Voluntary Feedback and Surveys  

  • Survey responses
  • User satisfaction ratings
  • Social media profiles
  • Photographs, images, videos
  • Testimonials, comments, product reviews or other voluntary feedback

Purpose: To assess product and service quality and drive improvements.

4. HOW WE SHARE YOUR PERSONAL DATA

We may disclose your personal data to carefully selected recipients for the purposes for which you disclosed the data or as defined in this Privacy Notice.

Data recipients may include:

Recipient Category Purpose
Hosting and Cloud Providers (e.g., Galen) Hosting the User Portal, maintaining secure databases
Technical Service Providers Application support, device management, troubleshooting services
Customer Support Providers Processing service inquiries and user support
Legal Advisors and Auditors Compliance with legal obligations, audits, defending claims, corporate transactions
Regulatory Authorities (e.g., FDA, European Competent Authorities) Fulfilling obligations for post-market surveillance and safety reporting
Data Analytics Providers (only anonymized, aggregated data) Product improvement, scientific research
Emergency Services Protecting vital interests in urgent safety matters

Important: These recipients act as Business Associates under the Health Insurance Portability and Accountability Act (HIPAA) and are contractually required to:

  • Use and disclose protected health information (PHI) only as permitted by our written agreement and applicable law;
  • Implement appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of PHI;
  • Report any unauthorized use or disclosure of PHI as required by law;
  • Ensure that any subcontractors agree to the same restrictions and safeguards.

5. DATA AGGREGATION AND ANONYMIZATION

We anonymize or aggregate your data:

  • To improve device effectiveness.
  • To support research and development.
  • To generate scientific publications.
  • For market analysis without identifying individuals.

6. HOW WE PROTECT YOUR DATA

We have implemented appropriate and reasonable technical and organizational measures designed to protect the security of any personal data we process.

Our security measures include:

  • Encryption of personal data both in transit and at rest,
  • Access controls and authentication mechanisms,
  • Regular security audits and vulnerability assessments,
  • Secure software development practices,
  • Ongoing employee training in data protection and security,
  • Business continuity and disaster recovery procedures.

However, despite our safeguards and efforts to secure you’re your data, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your data. Although we will do our best to protect your personal data, transmission of personal data to and from our Services is at your own risk. You should only access the Services and Product within a secure environment.

7. HOW LONG WE STORE YOUR DATA

We store your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.

In particular, the following retention obligations apply:

  • Commercial and tax laws (e.g., US Internal Revenue Code) may require us to retain certain operational and contractual records for up to 10 years.
  • Where necessary, we may retain personal data for longer periods if required to establish, exercise, or defend legal claims.

If personal data is no longer required for the purposes for which it was collected and no legal or regulatory obligations require its continued retention, the data will be securely deleted or anonymized.

Additionally, if you have provided consent for the processing of personal data for specific extended purposes (e.g., research, analytics), we may store such data until consent is withdrawn or until it is no longer needed for those purposes.

8. YOUR RIGHTS AND CHOICES AS A DATA SUBJECT

As a data subject, you may have certain rights regarding your personal data. Even if
you do not have these rights in your jurisdiction, ANUEVO will strive to provide you with
choices about the use and disclosure of your data:

  • Know About Your Data: You can obtain information about how personal data concerning you are being processed, and access to your personal data and additional information about the processing.
  • Correction: You can request the correction of inaccurate personal data or the completion of incomplete personal data we hold about you.
  • Deletion: You can request the deletion of your personal data without undue delay, provided that the processing is no longer necessary or there are no overriding legitimate grounds for retention. In such cases, we will also instruct you to uninstall the ExaStim® App from your device to complete the deletion process.
  • Opt Out of Sale or Sharing, or Automatic Decision-Making: You can request that we not sell your personal data or share it for cross-context behavioral advertising, or that we use your data in automatic decision-making, including profiling.
  • Data Portability: You request to receive the personal data you have provided to us in a readily usable, portable format, and the right to transmit that data to another controller where technically feasible.
  • Limit Processing of Sensitive Data: You can request that we limit the use of your sensitive personal information to what is necessary for providing requested goods or services.

You may also withdraw your consent at any time, where the processing is based on your consent. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Please note that if you withdraw your consent, you may no longer be able to use the ExaStim® App, the User Portal, or the related services, to the extent that they rely on the processing of your personal data.

9. EXERCISING YOUR RIGHTS AND TELLING US YOUR CHOICES

To exercise any of your rights or to tell us of your choices, please contact us by email at:  dataprivacy@aneuvo.com

We may require you to provide appropriate proof of identity to ensure that your data is only disclosed to you or your authorized representative.

10. AGE RESTRICTIONS

The ExaStim® Programmer Application and User Portal are intended for users aged 18 years and older.

We do not knowingly collect, solicit data from, or market to users under 18 years of age, nor do we knowingly sell such personal data. By using the Services and Product, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at dataprivacy@aneuvo.com.

11. CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice as necessary to reflect changes in law, technology, or business practices.  Significant changes will be communicated in an appropriate manner before they become effective, including by posting a notice within the App.  The version date at the top of this Privacy Notice indicates when it was last updated.