Comprehensive Privacy Notice

Alessandro Abigail Balcazar Urbina (hereinafter, the "Responsible Party"), operating under the commercial name "Neuracom" and as the provider of the "Synapse" medical software platform, domiciled at Sánchez Magallanes #114, Col. Centro, C.P. 86500, in H. Cárdenas, Municipality of Cárdenas, Tabasco, Mexico, is responsible for the processing of personal data collected from healthcare professional users (hereinafter, "the Users" or "the Doctor") who contract and use the services of the platform.

For the purposes of the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) of Mexico, information processing within the Synapse platform is divided into two natures:

1. Regarding User (Doctor) Data: The Responsible Party acts as the Data Controller regarding the personal, financial, and contact data collected directly from the Doctor to provide the software service.
2. Regarding Patient Data (Medical Record): The User (Doctor or Clinic) is the sole Data Controller of the personal and sensitive personal data (health data) of their patients. In this regard, Synapse acts exclusively as a Data Processor, providing cloud technological infrastructure, hosting, and automation tools for managing these records. Synapse does not use, commercialize, or exploit patients' medical information for its own purposes.

To carry out the purposes described in this notice, we will collect the following personal data from Users (Doctors):

* Full name.
* Email address.
* Phone number.
* Fiscal or clinic address.
* Financial and patrimonial data (credit or debit card details), which are processed securely through the Stripe payment gateway. Synapse does not directly store bank card numbers.

The personal data we collect from Users will be used for the following main purposes, which are necessary for the requested service:

* Registration, creation, and administration of the user account within the Synapse platform.
* Provision of software services, infrastructure, and medical automation.
* Payment processing, invoicing, and management of service subscriptions.
* Contact for technical support, platform update notifications, and security alerts.

To operate and maintain the availability of the Synapse platform, the Responsible Party relies on top-tier technological infrastructure providers (cloud services). Therefore, personal data and information hosted on the platform are transferred and processed through the following sub-processors:

* Vercel: For web hosting and platform interface deployment.
* Supabase: For hosting, structuring, and safeguarding databases.
* Stripe: For the secure processing of financial transactions and collections.
By accepting this Privacy Notice, the User acknowledges and agrees that the information is hosted on the servers of these providers, which operate under strict international data security and encryption standards.

Synapse implements administrative, technical, and physical security measures designed to protect your personal data and that of your patients against damage, loss, alteration, destruction, or unauthorized use, access, or processing. These measures include database encryption and secure communication protocols.

HEALTH REGULATORY COMPLIANCE (NOM-004 and NOM-024)
Synapse's architecture and security measures are designed observing the technical criteria of confidentiality, integrity, and interoperability referred to in NOM-004-SSA3-2012 (Regarding the clinical record) and NOM-024-SSA3-2012 (Electronic Health Record Information Systems). Synapse provides the technological tools aligned with these standards to facilitate clinical management; however, the User (Doctor) acknowledges and accepts that it is their exclusive responsibility the correct completion, handling, and regulatory compliance of the content of their patients' clinical records before the corresponding health authorities.

You have the right to know what personal data we have about you, what we use it for, and the conditions of our use (Access). Likewise, it is your right to request the correction of your personal information if it is outdated, inaccurate, or incomplete (Rectification); that we remove it from our records or databases when you consider that it is not being used properly (Cancellation); as well as oppose the use of your personal data for specific purposes (Opposition). These are known as ARCO rights.

To exercise any of the ARCO rights, or to revoke your consent for the processing of your data, you must submit the respective request via email to: contacto@neuracom.mx.
Your request must include your full name, the email associated with your account, and a clear description of the right you wish to exercise. We will respond to your request within the deadlines established by Law.

This privacy notice may undergo modifications, changes, or updates derived from new legal requirements; our own needs for the services we offer; our privacy practices; changes in our business model, or for other reasons.
We commit to keeping you informed about changes this privacy notice may undergo by publishing the updated version directly on the Synapse platform and notifying you via email.