Privacy Policy

NeuroHub (“we,” “us,” or “our”) is an administrative platform that helps California families navigate the Regional Center reimbursement process — including the Self-Determination Program (SDP), Social Recreational Activities (SRA), and Participant-Directed Services. We are not a licensed healthcare provider, legal advisor, or financial institution.

• Account information: email address and name provided during sign-up via Google OAuth or email/password.
• Documents you upload: Individual Program Plans (IPPs), IEPs, payment receipts, and invoices. These are stored encrypted in Amazon S3 and are accessible only to the account holder.
• AI-extracted data: structured data (goal descriptions, service codes, amounts) that our AI extracts from your uploaded documents. This data is stored in our database and linked to your account.
• Usage data: basic logs such as upload timestamps and page visits. We do not use third-party advertising trackers.

• To extract approved goals from your IPP and match them against payment receipts.
• To generate state-compliant reimbursement invoices.
• To let you generate time-limited sharing links for regional center coordinators, attorneys, and schools.
• We do not sell your data to third parties. We do not use your data for advertising.

Documents you upload may be sent to Google's Gemini API for content extraction. Gemini processes the document content but does not retain it for model training per Google's enterprise API terms. We only store the extracted structured data, not the raw content passed to the API.

• Regional Center sharing: When you generate a share link, any person with that link can view the specified documents until the link expires or you revoke it. You control what is shared and for how long.
• Service providers: We use Amazon Web Services (S3, DynamoDB, Lambda, Cognito) to store and process your data. These services comply with SOC 2 and HIPAA security standards.
• Legal requirements: We may disclose data if required by law or court order.

Documents are retained for five years per Title 17 CCR §54326(a)(1) requirements for Regional Center program records. You may request deletion of your account and associated data by emailing privacy@neurohubcare.com.

All documents are stored with server-side encryption (AES-256) in Amazon S3. Access is authenticated via Amazon Cognito. Time-limited share links use signed S3 presigned URLs that expire automatically. We enforce HTTPS on all connections.

NeuroHub is designed for use by parents and caregivers, not children. We do not knowingly collect personal information from minors. Documents referencing a child's services are uploaded and controlled by the parent/guardian account holder.

For privacy questions or data deletion requests, contact us at privacy@neurohubcare.com.