Corporate Privacy Policy


Last Updated: 27th Nov 2023

At Exsurgo, we understand that the privacy and security of your information is important to you.  To this end, we endeavour to safeguard the privacy of all information you entrust us with in order to protect and respect your privacy.

This policy provides information on your rights and our practices in relation to privacy. These rights and practices govern how we process your personal data.

This policy may be updated at any time. This policy mentions the date of its last update, and we will inform you if we make substantial changes to this Privacy Policy.

For the purposes of this policy, “you” and “your” refer to the Person who uses Axon, “we” and “our” refer to Exsurgo.

By using our services, you comply with the collection, and use of your personal data for processing as described in this privacy policy.

Depending on the location of your healthcare provider, your data may be stored and processed in a different region. 

  • For healthcare providers in the EU, the data is stored in the EU.
  • For healthcare providers in the UK, the data is stored in the UK.
  • For healthcare providers in the USA, the data is stored in the USA.

About Exsurgo

We are Exsurgo Limited (“Exsurgo”).  We deliver Neurofeedback and rehabilitation products in the form of apps (e.g. Axon App), associated hardware products (e.g. Axon 2 Neurofeedback Headset), and associated digital platforms (e.g. Exsurgo Connect cloud service).

Personal Data

Personal data is, in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers and other online identifiers. We may also process certain special category data which may include health information. The personal data we collect is outlined in the Data Collection section below.

Your rights

You have several rights in relation to how we use your information as a data controller.

  • The right to be informed: through this policy
  • The right to access your information and receive copies of the information held about you, have inaccurate information corrected and incomplete information updated or have your information deleted.
  • The right to object to particular uses of your personal data where we process on the basis of our legitimate interest – however, doing so may have an impact on the services and products we can / are willing to provide.
  • The right to object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes. However, we do not currently engage in any direct marketing or advertising using any personal data.
  • The right to have your data deleted or its use restricted under certain circumstances. For example, where you withdraw consent to the processing.
  • To obtain a transferable copy of certain data which can be transferred to another provider, known as “the right to data portability”.
  • The right to withdraw consent at any time, where any processing is based on consent

How to contact us

You may contact Exsurgo at for additional support or queries relating to how we collect, use, or protect your personal data, or your privacy rights.  Subject to applicable law, we may charge for this service and will comply with reasonable requests as soon as possible and in any case within the deadlines prescribed by law.

Supervisory Authority

You have the right to lodge a complaint with an appropriate data protection or privacy supervisory authority if you have concerns about how we manage personal information or are not satisfied with how we respond to your concerns.

Exsurgo is based in New Zealand. The contact details for the privacy and data protection supervisory authority in New Zealand are:

New Zealand Office of the Privacy Commissioner
PO Box 10 094,
The Terrace,
Wellington 6143
+64 (09) 3028680

Data Collection

Exsurgo collects data to conduct business and provide you with our services. We collect both personal data and other information for these purposes.

(a) Personal and sensitive personal data

“Personal data” is data that can be used directly or indirectly, alone or with other information, to identify you as an individual.  This is first and foremost data about your contact information, your health and information concerning your treatment journey. Some of the information collected will depend on what your Healthcare Provider may have configured.

The following are examples of personal data that you or your healthcare provider may submit when you create a user account and when you use Exsurgo’s products:

  • Information about your name, phone number, email address and password.
  • Your physical and/or postal address (your physical location is NOT continuously tracked).
  • Information about your age, date of birth, sex and other medical information and health data as configured by your Healthcare Provider.
  • Patient Data such as PROMs (Patient Reported Outcome Measures, e.g: Sleep, Pain, Anxiety and Depression scores) and diaries (e.g. daily medication).
  • Data concerning the number of completed daily tasks and how you rated symptoms such as your pain levels.
  • Information about doctor diagnosis and specific information about your medical condition.

(b) Other Information

“Other information” is anonymous, aggregated, de-identified, or other types of information that do not reveal your identity. Some examples of aggregated data are age, sex, or the amount of time spent on our services. We collect and use this information to understand how you, and our users in general, use our services to continuously improve, innovate, and produce products and services that satisfy our users’ demands.

“Other information” also includes aggregated and de-identified usage statistics, Medical Conditions, Patient Reported Outcome Measures and EEG Brain data that we could use to identify opportunities to improve and/or enhance our products and services, to improve performance and usability, as well as to identify potential benefits for other clinical conditions and/or patient populations for future clinical research.

We generally do not view other information as personal data. If we chain together other information in a way that makes you identifiable as an individual user, we will handle that information as personal data.

How we use Personal Data

Exsurgo uses the data we collect to conduct our business, deliver our products and services, improve existing products and services, develop new products and services, and to improve and personalise your user experience when you interact with us.

We DO NOT use your Personal Data for marketing.  We DO NOT share your data with any third-party marketing services.

The following table provides a description of the types of Personal Data we collect, along with the purpose and legal basis for processing.

Type of DataPurpose of processingLegal basis for processing
Name, email, phone number and postal address

· To communicate with you about delivery of products.

· To send you additional information or replacement parts and accessories.

· To provide customer and technical support.

· To inform you about any changes to services provided.

· Necessary for the purposes of providing our services to you
Usage statistics (e.g. data and time of sessions completed)· To provide compliance reporting to the User and Healthcare Provider· Necessary for monitoring by your healthcare provider
Patient Reported Outcome Measures and diaries

· To provide a historical record of changes to patient outcomes over time.

· To send you additional relevant general wellness information.

· Necessary for the purposes of providing our services to you

· Necessary for monitoring by your healthcare provider

EEG Brain data

· To provide a historical record of changes over time

· To provide customer and technical support.

· Necessary for the purposes of providing our services to you

· Necessary for monitoring by your healthcare provider

Financial and product information (e.g. products purchased, date of purchase and paid amount)· To allow purchasing of time-based subscriptions· Necessary for legitimate business purposes (subscriptions)