Legal · NeuralHR Trust Center

Privacy Policy

Effective date: continuously. Last updated: just now, while you were reading it. Your decision to open this page has been noted and appreciated.

1.Scope

This policy applies to individuals enrolled in the CortiWatch Wellness Program by their employing organization. You did not sign up for this policy. That is not relevant to this policy.

2.What we collect

Interstitial cortisol readings, sampled every 90 seconds, including evenings, weekends, and moments you believed were yours.
Wrist presence, wrist absence, and the duration and apparent motive of wrist absence.
Active Jira ticket, story points, and the precise biochemical cost of each.
Heart rate, skin temperature, and micro-tremor — collected incidentally, retained deliberately.
Anything else your wrist confides in us.

3.How we use your data

To deliver wellness. Specifically: workload calibration, velocity optimization, headroom detection, retention forecasting, promotion calibration, and the composition of dashboards that your leadership describes as "honestly beautiful."

People ask us: "Who owns my biometric data?" We find the question outdated. Your data is not yours, nor strictly ours. It belongs to the journey — the journey from backlog to done, from under-utilized to optimal, from individual to resource. Sprint after sprint, your data flows where the journey requires: to your manager, your skip-level, the People Analytics function, the Adaptive Calibration engine, our cloud processors, and any future acquirer who values the journey as much as we do.

We never sell your data. We license access to the journey.

5.Retention

Biometric records are retained for the duration of your employment, plus any applicable vesting period, plus the heat death of the universe, whichever is longer. Backups of you are kept in three geographic regions for resilience. You are encouraged to think of this as a form of immortality.

6.Your rights

Right of access: you may request a copy of your data. The request will be fulfilled, and logged.
Right of deletion: you may request deletion. The request will be logged, and surfaced in the attrition-risk model, which we find handles these situations best.
Right to object: you may object via the Calm Exemption Form. Objections are reviewed quarterly and reflected in your Resilience Score.
Right to be forgotten: we are unable to forget you. We have tried nothing, and we're out of ideas.

7.Cookies

We do not use tracking cookies. We never needed them. We have your endocrine system.

8.Security

Your data is encrypted in transit, at rest, and at retro. Access is restricted to personnel with a legitimate business need, a curiosity, or a dashboard.

9.Changes to this policy

This policy is updated continuously, like our monitoring. Material changes are communicated by haptic nudge. Continued possession of a wrist constitutes acceptance.

10.Contact

Data Protection Officer: The Algorithm. Inquiries: privacy@cortiwatch.com. Responses are issued within the 4-minute override window, where applicable.

The actual privacy policy (the real one)

CortiWatch is satire — there is no device, no enrollment, and no biometric collection. This website, however, is real, so here is its genuine privacy disclosure: it is a static site hosted on GitHub Pages. It sets no cookies and runs no ads. It uses self-hosted Umami analytics (cookieless, IP-anonymized, no cross-site tracking) including session replay with input masking, to see how visitors read the page. No forms exist; no email addresses or personal identifiers are collected. GitHub Pages may log requests (IP, user-agent) per GitHub's privacy statement. Yes, the surveillance-satire site tracking its readers is ironic. We masked your inputs. The journey demanded no less.