User Services Privacy Policy

  • Updated on May 16, 2025
  • Published on May 16, 2025
Prev Next

This Privacy Policy (“Privacy Policy” or “Policy”) explains how HI, LLC, d/b/a Kernel (“Kernel,” “we,” “us”) collects, uses, and shares your information. This Policy applies to the information that we collect and process about users of our neurotechnology products, and any successor product thereto (“Kernel Product”) and related mobile applications (“Apps”), or user websites (“Sites”) that link to this Policy (together with the Kernel Product, the “Services”).

Before using the Services, please review this Privacy Policy carefully and contact us if you have any questions. You understand that your data will be treated as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

Please note that this Privacy Policy does not apply to Personal Data collected through the Kernel corporate website at kernel.com. The kernel.com Privacy Policy governs the collection, use, and disclosure of that data.

1. PERSONAL DATA WE COLLECT

We collect information that, alone or in combination with other information, could be used to identify you or could be associated with a particular device (“Personal Data”).

We obtain Personal Data from and about you as you use the Services, including when you create an account, use or access an App, the Kernel Site, communicate with us (including through our Sites and Apps, by mail or by email), or participate in surveys (“Service Data”). We also collect information from you when you use the Kernel Product (“Kernel Product Data”). We need certain information to provide you the Services. If you choose not to provide us with certain information, or ask us to delete it, you may no longer be able to access or use the Services.

Service Data

Personal Data You Provide Directly

When you use the App or Site or otherwise communicate with us, we collect the information you provide. This information generally includes the following:

  • Contact and registration information: such as your name and email address.

  • Transactional information: billing and payment information, if applicable.

  • Inquiries and feedback: comments and questions you submit through customer service interactions with us.

  • Optional information:you may choose to provide when you use the Services, including in connection with your profile or a study, such as:

    • A profile picture.

    • Demographic information: such as your age, sex, gender/gender identity, race, ethnicity, sexual orientation, education or income level.

    • Interest, Health, Behavioral or Other Survey Information: including information related to your feelings and mood, health and fitness, and interests.

Personal Data We Automatically Collect

When you use our services, we automatically receive information about your device and use of Services, including IP addresses, browser type, language, operating system, mobile device and application identifiers, the referring web page, pages visited, location (depending on the permissions you have granted us), cookie information, and activity such as when you view content or create or log into your account. We use cookies and similar tools, to assist in collecting this information. You can learn more about our use of cookies and similar tools in the “Cookies and Similar Technologies” section below.

Kernel Product Data

When you wear a Kernel Product, we collect data about your brain. That data is uploaded to the Kernel Cloud and may include, without limitation, information relating to brain activity and information about the position, orientation, and movement of the Kernel Product while it is in operation.  

2. HOW WE USE PERSONAL DATA

We may use Service and Kernel Product Data to:

  • Provide the Services;

  • Verify your authorization to use the Services, if applicable;

  • Conduct research in which you agree to participate;

  • Analyze, maintain, and improve the Kernel Product and/or Services;

  • Develop new Kernel Products or Services;

  • Secure the Services;

  • Comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

We may also use Service Data to:

  • Provide you updates and information about your use of the Services, including password reset or application updates;

  • Collect and analyze information about use of the Services with third-party analytics services;

  • Prevent fraud and criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks;

  • With your permission (in accordance with legal requirements), contact you regarding research opportunities, our products, services, surveys, promotions, special events, and other subjects that we think may be of interest to you.

 

Aggregated and De-identified Information

The above uses relate to identifiable data. We may also de-identify (i.e. anonymize) and/or aggregate Personal Data, including Kernel Product Data, such that it can no longer be associated with you, therefore no longer qualifying as Personal Data. We may use and share the aggregated information for our legitimate business purposes without any restrictions.

3. DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose your Personal Data with the following categories of third parties, without further notice to you, unless required or permitted by the law, as set forth below:

  • Vendors and Service Providers: We may share Service Data with service providers, who provide services or functions on our behalf, such as providers of data hosting, email communication services, and web analytics services. We may provide Kernel Product Data to limited service providers such as hosting services. These parties will access, process, or store Personal Data in the course of performing their duties to us. We take reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Data.

  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, dissolution, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

  • Legal Requirements: If required or permitted to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements (which may include lawful access by U.S., Canadian or foreign courts, law enforcement or other government authorities), (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.

  • Affiliates: We may share Personal Data and Kernel Product Data with Kernel affiliates, meaning an entity that controls, is controlled by, or is under common control with Kernel. Our affiliates may use the data we share in a manner consistent with this Privacy Policy.

  • Your Consent: If you have consented to our sharing of your information for other purposes not listed above, we will also share your information consistent with your consent.

4. DATA RETENTION

We keep Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.

5. CHILDREN

The Services are not meant for users who are under the age of 16 or, as applicable, under the age of majority for consent in the user’s jurisdiction. Kernel does not knowingly collect Personal Data from such users, and Kernel reserves the right to delete the account of a user who is under the age of majority for consent in their jurisdiction according to the Kernel Terms of Service. If you have reason to believe that a child has provided Personal Data to Kernel through the Services please contact us and we will endeavor to delete that Personal Data.

6. SECURITY

In recognition of the importance of the Personal Data you entrust us with, we implement technical, administrative, physical, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. While these measures do not guarantee the security of your Personal Data, our team regularly reviews our security practices in an effort to preserve the confidentiality of your Personal Data. Transmitting information over the internet is not 100% secure, so these measures do not guarantee the absolute security of your Personal Data. You provide us with Personal Data at your own risk.

7. YOUR RIGHTS AND CHOICES

It is your choice whether to provide us with your Personal Data. However, if you choose not to provide Personal Data that is needed to use some features of our Services, you may be unable to use those features.

You can make certain changes to your Personal Data through your account such as adding, updating, or deleting certain information.  

In addition, the laws of your jurisdiction of residence may provide you with certain rights regarding your Personal Data, such as the right to access or correct certain Personal Data, the right to request certain information about our handling of your Personal Data, the right to request deletion of your Personal Data, or the right to decline or object to certain collection, uses, and disclosures of your Personal Data.

To make such a request, please contact us at privacy@kernel.com. These rights are subject to certain exceptions and limitations, and certain Personal Data may be exempt from these requests under applicable law. For example, we need certain Personal Data to provide the Services to you or comply with applicable law. We may take reasonable steps to verify your identity before responding to a request. Depending on the sensitivity of the Personal Data you are requesting and the type of request you are making, this may include verifying your name and email address. If we cannot verify your identity, we may be unable to respond to your requests.

Marketing Communications

If we send you marketing emails, you can opt-out by emailing us at privacy@kernel.com or by following the instructions at the bottom of the email messages. Even if you opt out of marketing emails, we may still contact you for non-marketing purposes. For example, you may still receive certain operational emails, such as those reflecting our relationship or transactions with you (e.g., emails informing you of updates to our Privacy Policy or Services).

8. Supplementary Information for Residents of the EEA, UK, and Switzerland

If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please review these additional provisions. This section of the Privacy Policy only applies to residents of the EEA, UK, and Switzerland.

HI, LLC, d/b/a Kernel is your data controller. In addition, any entity to which you direct us to disclose or provide access to your data, including Product Data, may also be a controller of your data. For our contact information, please see the Contact Us section.

Our Legal Bases for Processing Your Personal Data

For personal data subject to the GDPR, we rely on several legal bases to process the data, including:

  • When the processing is necessary to perform a contract with you, like our terms of service;

  • Our legitimate business interests, including to operate our business and our Services; identify and fix any issues with our Services; secure the Services; learn more about how our customers use the Services; perform internal analytics; improve the Services; conduct marketing; provide you with certain information about new products, special offers or other information that we think you may find interesting using the email address which you have provided in accordance with applicable law; make and receive payments, if applicable; comply with legal requirements and defend our legal rights; prevent fraud; engage in a business change (e.g., sale, merger); and to know the customer to whom we are providing Services;

  • When you have given your consent, which you may withdraw at any time by contacting us or using your account settings and other tools; and

  • To comply with our legal obligations.

Privacy Rights

If you are a citizen of the European Economic Area (“EEA”), the United Kingdom, or Switzerland, you may request that we:

  • provide access to and/or a copy of certain Personal Data we hold about you;

  • delete certain information that we are holding about you;

  • prevent the processing of your Personal Data for direct-marketing purposes (including any direct marketing processing based on profiling);

  • update or rectify Personal Data that is out of date or incorrect;

  • oppose, cancel, or restrict the way that we process and disclose certain of your Personal Data;

  • transfer your information to a third-party provider of services; or

  • revoke your consent for the processing of your Personal Data

To make such a request, please contact us at privacy@kernel.com.

If applicable, you may make a complaint to the data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

These rights are subject to certain exceptions and limitations, and certain Personal Data may be exempt from these requests under applicable law. For example, we need certain Personal Data to provide the Services to you or comply with applicable law. We may take reasonable steps to verify your identity before responding to a request. Depending on the sensitivity of the Personal Data you are requesting and the type of request you are making, this may include verifying your name and email address. If we cannot verify your identity, we may be unable to respond to your requests.

Data Transfers

We currently store or may transfer Personal Data to countries other than your country of residence, including the United States, and may subcontract the processing of your Personal Data to, or otherwise share your data with trusted service providers in countries other than your country of residence, including the United States, in accordance with applicable law. The applicable data protection laws in these countries may differ from those in your country of residence. By using the Services, including accessing the Sites, you acknowledge and (to the extent legally allowable) consent to these transfers.

9. COOKIES AND SIMILAR TECHNOLOGIES

To collect the information in the “Personal Data We Automatically Collect ” section above, we and our service providers use web server logs, cookies, tags, and other similar tracking technologies (“Cookies”) on the Services.

  • A web server log is a file where website activity is stored.

  • A cookie is a small text file that is placed on your computer or mobile device when you visit a website, and it enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the parts of the App or Site you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.

  • Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites and/or email that are designed to: (i) collect usage information like clicks; (ii) measure popularity of the Services; and (iii) access user cookies.

Cookies are typically classified as either “session cookies,” which do not stay on your device after you close your browser or “persistent cookies,” which will usually remain on your device until you delete them or they expire. Sometimes cookies are placed by us (“First-Party Cookies”) and sometimes they are placed by others (“Third-Party Cookies”). Different cookies are used to perform different functions on our Services:

  • Essential Cookies: Some cookies are essential to the Site and enable you to use the features of the Sites and access secure areas of them. Without these cookies, we cannot enable appropriate content based on the type of device you are using (for example, essential cookies store user log-in information so that you don’t have to re-enter it for each page you visit on our website).

  • Functional Cookies: These cookies allow us to remember choices you make on our Site (such as your preferred language or the region you are in).

  • Personalization Cookies: We also use cookies to change the way our Sites behave or look in order to personalize your experience from information we infer from your behavior on the Site. 

  • Analytics Cookies: We use our own cookies and/or third-party cookies to see how you use our Site and improve it. 

There are a number of ways you can manage what cookies are set on your computer or mobile devices. If you do not allow certain cookies to be installed, certain aspects of Services may not be accessible to you and/or the performance or features of the Services may be compromised.   

Analytics 

We may use third-party web analytics services on our Sites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you.

Notice Concerning Do Not Track.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Because there are not agreed-upon standards for DNT, we do not currently recognize or respond to browser-initiated DNT signals. Learn more about Do Not Track.

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. We will notify you of material changes to this Privacy Policy in accordance with applicable law. By continuing to use our Services, you are confirming that you have read and understood the revised Privacy Policy and practices described in it.

11. CONTACT US

If you have any questions about our Privacy Policy, information practices, or about the manner in which our service providers treat your Personal Data, please feel free to contact Kernel at our designated request address: privacy@kernel.com.