Last updated April 15, 2025
These Terms of Use ("Terms") apply to all users ("you" or the “User”) of the Cogmed Working Memory Training program (the "Service") provided by Neural Assembly Int AB ("Provider"). By accessing or using the Service, whether as an organization, professional user, administrator, or end-user, you agree to be bound by these Terms. If you are acting on behalf of an organization, you also accept the Provider’s Data Processing Agreement (DPA), which is attached to these Terms.
The Service consists of a digital working memory training program, including associated software, documentation, and support services. It may only be used in accordance with its intended purpose, which requires that licensed professionals coach and supervise the full duration of all their trainings.
The User is responsible for ensuring that the Service is used in compliance with applicable laws, professional ethical guidelines, and the Provider’s instructions. Each account is personal and may not be shared, and the User agrees to accept responsibility for all activities that occur under their account.
The Provider grants a limited, non-exclusive, non-transferable, revocable license to use the Service, subject to these Terms and any applicable conditions under which it was licensed. The User may not modify, copy, decompile, distribute, or sublicense the Service without the Provider’s prior written consent. You are responsible for maintaining the confidentiality and security of any login credentials.
All users and organizations using the Service are responsible for complying with these Terms and all applicable laws, regulations, professional and ethical guidelines, as well as any relevant business license rules within their jurisdiction. Furthermore, the User undertakes to obtain and maintain all applicable and necessary permits, licenses, and approvals required in the country where the Service is used, and to ensure that such use complies with local legal and regulatory requirements.
The Provider reserves the right to suspend or permanently terminate access to the Service, without prior notice, if any User:
i. breaches these Terms,
ii. violates applicable laws or regulations,
iii. acts in a manner that is unethical, abusive, discriminatory, or otherwise inconsistent with professional standards or the intended use of the Service, or
iv. if continued access to the Service is no longer lawful or technically feasible.
Upon termination, the user and/or organization must immediately cease all use of the Service. The Provider shall not be liable for any loss or damage resulting from such suspension or termination.
The Provider processes personal data in accordance with applicable data protection laws and applies appropriate technical and organizational measures to safeguard such data. A separate Data Processing Agreement (DPA), attached to these Terms, applies to the processing of personal data by organizations only. If the User is an organization, the DPA is deemed accepted through use of the Service. For more information on how the Provider processes personal data, please refer to the Provider’s Privacy Policy, which is available on the Provider’s website or upon request.
To the maximum extent permitted by law, the Provider’s liability is limited to direct damages arising from negligence, up to the amount paid by the User for the Service in the 12 months prior to the incident. The Provider shall not be liable for indirect or consequential damages, including loss of data, revenue, or goodwill. The Provider shall not be liable for any damages arising from third-party services, integrations, or user errors.
All intellectual property rights related to the Service, including but not limited to software code, methodology, structure, trademarks, design, manuals, and documentation, belong to the Provider. The User receives no rights other than those explicitly granted under these Terms. The User agrees not to copy, reproduce, develop, or exploit the Service in violation of these rights.
Planned maintenance that may affect the availability of the Service will be announced in advance where possible. The Provider reserves the right to implement updates, improvements, or modifications to the Service during the term of the agreement.
The Provider is not liable for delays or failure to fulfill their obligations under these Terms due to events beyond their reasonable control, such as war, riots, labor disputes, natural disasters, pandemics, government actions, or interruptions in power or internet services.
The Provider may engage subcontractors to fulfill its obligations under these Terms. The Provider remains fully responsible for the performance of its subcontractors. The Provider ensures that subcontractors who process personal data comply with applicable data protection laws and are bound by confidentiality and relevant safeguards.
The parties undertake not to disclose confidential information obtained under this agreement without the other party’s written consent. Confidential information includes any non-public technical, commercial, or business-sensitive information. This obligation remains for five (5) years after access to the Service ends.
The Service may include integrations with or links to third-party tools, systems, or services. The Provider is not responsible for the functionality, security, or legal compliance of such third-party services. The User is solely responsible for entering into necessary agreements with third parties and ensuring that their use is compliant with applicable laws and these Terms. The Provider is not liable for the continued availability or compatibility of third-party tools or APIs, and reserves the right to discontinue support for such tools without liability.
Users may not make any claims, statements, or representations about the Service that go beyond or differ from those explicitly made or approved by the Provider. This applies to all forms of marketing, advertising, public presentations, and other communications regarding the Service. Users may only communicate information about the Service that is consistent with the Provider’s official descriptions and marketing materials. Any attempt to promote the Service using unauthorized or embellished claims is strictly prohibited. All marketing and public communications must comply with applicable laws and regulations in all cases.
The Provider reserves the right to modify these Terms. For material changes, prominent notice will be provided as appropriate, and continued use of the Service after any updates constitutes acceptance of the revised Terms.
The User may not assign or transfer its rights or obligations under these Terms, in whole or in part, without the prior written consent of the Provider. The Provider may assign or transfer its rights and obligations under these Terms to an affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets without the User’s consent.
These Terms shall be governed by and construed in accordance with the laws of Sweden.
This Data Processing Agreement ("Agreement") forms an integral part of the Terms of Use for the Cogmed Working Memory Training program ("Service") provided by Neural Assembly Int AB ("Provider") and is automatically entered into by the relevant organization by using the Service.
i. Controller:
Neural Assembly Int AB, a company incorporated under the laws of Sweden, corporate identity number 559190-7984.
ii. Processor:
The organization who uses the Service in a capacity that involves processing personal data on behalf of the Controller ("Processor").
Each a "Party" and together the "Parties".
This Agreement sets out the terms and conditions under which the Processor processes personal data on behalf of the Controller within the framework of the Service. The Controller, as the entity determining the purposes and means of processing, authorizes the Processor to process personal data in accordance with this Agreement and any documented instructions.
The Agreement aims to ensure compliance with applicable data protection laws and that all processing activities are carried out securely, lawfully, and transparently. This Agreement is deemed accepted by the Processor through the act of using the Service and governs all data processing carried out in the context of such use.
Since the Service is provided as a SaaS solution, where all personal data is entered directly into the system and processed according to the structure and purposes defined by the Provider, Neural Assembly Int AB acts as the Controller for all personal data processing carried out within the Service.
This Agreement is effective from the date the Processor begins using the Service and shall remain in force for as long as the Processor continues to process personal data on behalf of the Controller. The obligations under this Agreement apply to all processing of personal data carried out within the scope of the Service, including any future features, updates, or functionalities involving personal data, unless explicitly agreed otherwise in writing.
The Processor performs processing activities such as user support, data entry, administrative configurations, and onboarding support as part of enabling access to the Service. The personal data processed may include identifiers and user activity data, relating to categories such as end-users, customers, or patients. The duration of processing corresponds to the period during which the Processor uses the Service. The Controller’s handling of personal data is made in accordance with the Controller’s Privacy Policy. For more details on the categories of data, the types of personal data processed, and the purposes for which they are used, the Processor shall refer to the Provider's Privacy Policy, which is available on the Provider’s website or upon request.
- To ensure that personal data is collected and processed based on a valid legal ground under applicable law;
- To provide the Processor with clear and documented instructions on the scope, purpose, and duration of the processing;
- To monitor the Processor's compliance with the instructions and applicable laws;
- To immediately notify the Processor of any identified non-compliance, inaccuracies, or irregularities in the data or the processing activities;
- To ensure that the data subjects' rights are respected and that any data shared is relevant and limited to what is necessary for the intended processing purpose.
- Process personal data only on instructions from the Controller, including those included in this Agreement and the Terms of Use;
- Not use the personal data for its own purposes or disclose it to unauthorized third parties;
- Ensure that personnel authorized to process personal data are bound by confidentiality obligations, either through contractual agreement or statutory requirement;
- Implement and maintain appropriate technical and organizational measures to safeguard personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage;
- Promptly inform the Controller if an instruction infringes applicable data protection laws.
The Processor shall support the Controller in fulfilling its obligations to respond to requests from data subjects under applicable laws. This includes, but is not limited to, requests for access, rectification, erasure, restriction of processing, data portability, and objections to processing.
The Processor shall:
- Implement appropriate technical and organizational measures to facilitate data subject rights;
- Promptly notify the Controller upon receipt of any request from a data subject;
- Not respond directly to the data subject unless explicitly instructed by the Controller;
- Cooperate fully with the Controller to meet legal response deadlines.
The Processor shall maintain internal procedures for the detection, handling, and reporting of personal data breaches. In the event of a breach affecting the data processed under this Agreement, the Processor shall:
- Notify the Controller without undue delay, and no later than 24 hours after becoming aware of the breach;
- Assist the Controller in meeting any legal obligations related to the breach, including communications to supervisory authorities and affected individuals, if applicable;
- Cooperate with any investigation or remediation efforts undertaken by the Controller or relevant authorities.
The Controller may audit the Processor’s compliance with this Agreement and applicable data protection laws. Such audits may be conducted by the Controller or by a third-party auditor mandated by the Controller, provided that such auditor is bound by confidentiality obligations.
Audits shall be:
- Conducted with at least ten (10) business days’ prior written notice;
- Performed during normal business hours and in a manner that avoids unreasonable disruption to the Processor’s operations;
- Limited to information directly relevant to the data processing covered by this Agreement.
The Processor shall cooperate fully and grant access to relevant systems, documentation, and personnel as required to demonstrate compliance.
Each Party is liable for direct damages caused by its breach of this Agreement or applicable data protection law.
Neither Party shall be liable for indirect damages, except in cases of willful misconduct, gross negligence, breach of confidentiality, or violations of data protection law leading to fines or third-party claims.
This Agreement forms part of and is incorporated by reference into the Terms of Use. In case of conflict, the provisions of this Agreement shall prevail with respect to personal data processing. If any provision is deemed invalid or unenforceable, the remaining provisions shall remain in full force and effect.
This Agreement shall be governed by and interpreted in accordance with the laws of Sweden.
