NEAT-O Privacy Policy

Effective date: June 6, 2025

Last updated: June 6, 2025

The NEAT-O app (Negative Emotions and Addiction Tools for Opioid Use Disorder) is a research-grade digital therapeutic developed by the University of Minnesota (“UMN,” “we,” “us,” or “our”).

This Privacy Policy explains:

  1. What information we collect
  2. How we use it
  3. When we share it
  4. How we keep it secure
  5. Your choices and rights

Because NEAT-O is used only by adults enrolled in an IRB-approved clinical study (UMN IRB protocol #32774), some provisions below are governed by your signed informed-consent form and by HIPAA.

1. Information We Collect

Category Examples Source Required?
Account Data Name, e-mail, phone, study ID Provided by you to the research team Yes
App Usage Data Module completions, time spent, clicks, error logs Automatically collected by the app Yes
Self-Reported Data Mood & craving ratings, short text notes Entered by you Optional, but study participation may require minimum entries
Device Data OS version, device model, app version Automatically collected Yes, to maintain app functionality
Protected Health Information (PHI) Medication reminders, OUD treatment status Provided by you and your treating clinician Yes, under HIPAA

We do not track your precise GPS location, contact list, photos, or microphone. No third-party advertising SDKs or social-media plugins are embedded in NEAT-O.

2. How We Use Your Information

Purpose Legal / Ethical Basis
Deliver core app functions (modules, reminders, secure sign-in) Contractual necessity (your study consent)
Monitor safety and usability Legitimate research interest & IRB oversight
Generate de-identified analytics for scientific publication Scientific research under HIPAA waiver
Communicate technical updates or study notices Legitimate interest & participant consent
Comply with legal obligations (e.g., adverse-event reporting) Legal requirement

We will not sell your data or use it for marketing.

3. When We Share Information

We share the minimum necessary information and only with:

  1. Your study team (research staff, statisticians, and the Data Safety Monitoring Board)
  2. Authorized service providers who host encrypted servers or provide audit-log tools under Business Associate Agreements (HIPAA-compliant)
  3. Regulatory bodies (e.g., UMN IRB, FDA) if required for compliance or safety review

All third-party vendors are contractually bound to keep your data confidential and secure. We do not share data with insurance companies, employers, or law-enforcement agencies unless legally compelled (e.g., court order).

4. Data Security & Retention

  • Encryption: All data in transit uses TLS 1.2+; data at rest is AES-256 encrypted.
  • Access Controls: Multi-factor authentication and role-based access limit who can view identifiable data.
  • Audit Logs: Every access event is timestamped and monitored.
  • Retention Period: Identifiable data will be held for 6 years after study completion (per NIH policy) and then securely deleted or de-identified. De-identified research datasets may be stored indefinitely.

5. Your Choices & Rights

Right How to Exercise
Access / Review your identifiable data E-mail us at anke0022@umn.edu
Correct inaccurate information Same as above
Withdraw from study / Delete account Contact the Principal Investigator (details below). Withdrawing may limit continued app use
Receive a copy of your PHI in electronic format Submit a written request; we will provide it within 30 days
File a complaint with UMN IRB or HHS OCR Instructions provided in your informed-consent form

6. Children’s Privacy

NEAT-O is not intended for anyone under 18. We do not knowingly collect data from children.

7. Changes to This Policy

Material changes will be posted in-app and on this webpage, with a new “Last updated” date. Continued use after changes constitutes acceptance.

8. Contact Us

  • Principal Investigator

    Dr. Justin Anker

    University of Minnesota, Department of Psychiatry & Behavioral Sciences

    Phone: 612-499-3461

    E-mail: anke0022@umn.edu

  • Privacy Officer

    anke0022@umn.edu

  • Postal Address

    717 Delaware St SE, Minneapolis, MN 55414, USA

    • Reviewed and approved by the University of Minnesota Institutional Review Board.

9. Account Deletion:

Steps to delete your account:

  • Go to Settings section.
  • Click on Edit profile button.
  • Press Delete My Account.
  • It asks for confirmation and press Delete My Account.

Once your deletion request is confirmed, we will:

  • Permanently delete your account and all associated data from our systems
  • Remove or anonymise any personally identifiable information (PII)