Terms of Service | Privacy Policy | Security Statement

Security Statement


NeuroTrace is dedicated to protecting all customer data using industry best practices.

Our customers demand the highest levels of data security, and have tested our services to verify that it meets their standards. In each case, we have surpassed expectations and received high praise from international organizations.

NeuroTrace’ most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems, and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. All services have quick failover points and redundant hardware, with complete backups performed nightly.

Most important is our confidential system component design. It uses multiple checks to certify that packets from one subsystem can only be received by a designated subsystem. Access to systems is severely restricted to specific individuals, whose access is monitored and audited for compliance.

Customer data are stored in a specific location; they do not float around in the "cloud." In addition, all data are processed in that location, and are never moved to another jurisdictional area. In other words, if data are collected in the U.S., all data are processed in the U.S.

NeuroTrace uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Our services are hosted by ISO 27001-certified trusted data centers that are independently audited using the industry standard SSAE-16 method.

NeuroTrace deploys the general requirements set forth by many Federal Acts, including the FISMA Act of 2002. We meet or exceed the minimum requirements as outlined in FIPS Publication 200.

Since our subscribers control their users and their data, it is important for the users to practice sound security practices by using strong account passwords and restricting access to their accounts to authorized persons

Regarding HIPAA, HITECH, and specific data types: NeuroTrace provides software and other services where all data are processed equally, without regard to how a customer might classify their data. As such, NeuroTrace cannot declare or represent any data entered into its services. Any processing of specific data types is purely incidental, and not required to use the services.

HITECH (Health Information Technology for Economic and Clinical Health Act) has updated HIPAA rules to ensure that data are properly protected and best security practices followed. NeuroTrace safeguards all customer data, and uses secure data centers to ensure the highest protection as per HITECH requirements.


Changing the Way the World Looks at EEG Testing.