Privacy Policy

Gray Matter Solutions ("we", "our", "us") operates the ReCOGnAIze & RevitalAIze cognitive health platform, accessible at recognaize.health and via our clinic application. This Privacy Policy describes how we collect, use, store, and protect your personal and health information when you use our services. Please read this policy carefully. If you do not agree with its terms, please do not use our services.

1. Information We Collect

Account & Identity Data

• Email address (required for registration and login)
• Password (stored as a one-way hash; we never store your plain-text password)
• Clinic code (a 5-character code provided by your clinic to verify your enrolment)
• Display name and avatar image (optional, set by you in your profile)

Health & Cognitive Assessment Data

Because ReCOGnAIze is a cognitive rehabilitation platform, we collect sensitive health-related information to personalise your programme:

• Medical conditions — a list of conditions you select during onboarding (e.g. hypertension, diabetes).
• Baseline cognitive assessment scores — your self-reported or assessed levels across four domains: Processing Speed, Executive Function, Attention, and Working Memory (rated low / medium / high).
• Number memoisation test results — digit sequences displayed, your answers, response times, and accuracy scores.
• Storytelling assessment responses — your written answers to story-based comprehension questions and your self-described learning approach.

Brain-Training Game Performance Data

• Daily game assignments (game title, cognitive domain, difficulty level)
• Game completion status and timestamp
• Scores, total time spent, level reached, and round-by-round result details for each completed game

Progress & Engagement Data

• Programme day, streak count (consecutive days all games were completed), and longest streak
• Per-domain level, average score, XP earned, and percentage improvement from baseline
• Habit calendar — which programme days were completed or missed

Session & Technical Data

• Authentication tokens (access token and refresh token) — stored in encrypted form in your browser's localStorage. These tokens expire automatically and are cleared when you log out.
• If error tracking is enabled (see Section 5), we may also collect browser type, operating system, device memory, screen resolution, and network information for diagnostic purposes.

2. How We Use Your Information

• Programme delivery — to assign you the correct daily brain-training games based on your baseline cognitive profile and programme day.
• Progress tracking — to calculate and display your improvement across cognitive domains over your 60-, 90-, or 120-day programme.
• Clinic reporting — your clinic may access your progress data and assessment results to monitor your rehabilitation journey.
• Account management — to authenticate you, allow you to update your profile, and process password changes.
• Service improvement — aggregated, anonymised performance data may be used to improve our game algorithms and programme design.
• Error diagnosis — if error tracking is enabled, technical diagnostic data is used to identify and fix bugs (see Section 5).

3. How We Store and Protect Your Information

• Data is stored on cloud servers hosted in AWS ap-southeast-1 (Singapore), using DynamoDB (structured records) and S3 (generated reports).
• All data is transmitted over HTTPS.
• Passwords are stored as irreversible hashes; we cannot recover your plain-text password.
• Session tokens are encrypted before being saved to your browser's localStorage and are never stored on our servers in unencrypted form.
• Access to backend systems is restricted to authorised personnel only.

4. Cookies

We do not use cookies. Session management is handled entirely through encrypted tokens stored in your browser's localStorage. No tracking or advertising cookies are set by our platform.

5. Third-Party Services

Sentry (Error Tracking)

When error tracking is enabled, we use Sentry to capture application errors and performance data. Sentry may receive:

• Error messages and stack traces
• Browser, operating system, and device information
• Your user ID and email address (to help us identify affected accounts)
• Session replay data (text input is masked; media is blocked)

Sentry acts as a data processor on our behalf and is bound by a Data Processing Agreement. Their privacy policy is available at sentry.io/privacy.

Google Fonts

Our website loads fonts from Google Fonts. This establishes a standard HTTPS connection to Google's servers but does not transmit any personal data from your account to Google.

6. Sharing Your Information

We do not sell or rent your personal or health data to any third parties.

• Your clinic — your enrolled clinic can view your progress data and assessment results for the purpose of monitoring your cognitive rehabilitation.
• Sentry — diagnostic data as described in Section 5.
• Legal requirements — we may disclose your data if required by law or to protect our legal rights.

7. Data Retention

Your account data, health records, and game results are retained for as long as your account is active. When you delete your account (via Settings → Delete Account), all associated data is permanently removed from our systems. Session tokens are cleared immediately upon logout.

8. Your Data Rights

You have the following rights regarding your personal data:

• Access — you can view your profile and progress data within the application at any time.
• Rectification — you can update your name, email address, avatar, and password from your account settings.
• Erasure — you can permanently delete your account and all associated data via the account deletion function in the application.
• Restriction / Objection — if you wish to restrict or object to specific processing of your data, please contact us (see Section 10) and we will respond within 30 days.

Note: we do not currently offer a self-service data export feature. If you require a copy of your data in a portable format, please contact us directly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our services after any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

• Name: Mohammed Adnan Azam
• Address: 11 Mandalay Road, Singapore 308232
• Phone: +65 87424150
• Email: mohdadnan.azam@ntu.edu.sg
• Contact form: recognaize.health/contact-us