01 · ScopeWho this policy covers.
This policy applies to Newtral Technologies Private Limited (“Newtral”, “we”, “us”) and the Noa product, website, and related services. It explains what information we collect from website visitors, trial users, paying customers, and the authorised users of our customers.
When our customer organisations upload their own data into Noa, those organisations are the data controllers; Newtral acts as a data processor under their instructions. Our handling of that data is governed by the customer's signed agreement in addition to this policy.
02 · Data we collectWhat we collect, and why.
Information you give us
- Account data: name, work email, company, role, password (hashed).
- Billing data: billing name, address, GSTIN, and payment instrument metadata. Card details are handled by our payment processor (Razorpay) and never stored on our servers.
- Customer content: disclosures, KPI data, source documents, and other material you upload to Noa.
- Communications: emails, support tickets, and chat conversations you send us.
Information collected automatically
- Usage: pages viewed, features used, timestamps, approximate location derived from IP.
- Device: browser, operating system, screen size, language.
- Logs: IP address, request paths, response codes, error traces.
03 · How we use itPurposes of processing.
- To provide and operate the Noa product.
- To authenticate users and protect accounts.
- To bill subscriptions and process payments through Razorpay.
- To respond to support enquiries.
- To improve product performance and fix defects.
- To send service announcements, security notices, and (with consent) product updates.
- To comply with applicable laws and respond to lawful requests.
AI training. Customer content is never used to train shared or third-party models. Aggregated, de-identified usage statistics may be used to improve product behaviour.
04 · SharingWho we share data with.
We share information only with the following categories of recipients:
| Recipient | Purpose |
|---|
| Cloud infrastructure (AWS, GCP) | Hosting, storage, compute |
| Razorpay | Payment processing |
| Email & support tools | Customer communications |
| Analytics & error monitoring | Product performance |
| Auditors & legal advisors | Compliance obligations |
| Government authorities | Only where legally required |
We do not sell personal information. We do not share data with advertisers.
05 · RetentionHow long we keep data.
- Account data: for the life of the account, plus 90 days after deletion.
- Customer content: for the term of the subscription. On termination, we delete or return data within 30 days of written request.
- Billing records: retained for 8 years to comply with Indian tax law.
- Server logs: 90 days.
06 · Your rightsAccess, correction, deletion.
Subject to applicable law, you may request access to the personal information we hold about you, correction of inaccuracies, deletion, restriction of processing, or a portable copy. Most of these are self-serve from your account settings. Other requests should be sent to privacy@hirenoa.ai and will be answered within 30 days.
07 · SecurityHow we protect data.
We encrypt data in transit (TLS 1.2+) and at rest (AES-256). We maintain SOC 2 Type II compliance and undergo independent annual audits. Access to production systems is restricted, logged, and reviewed quarterly. See the Security page for a full description of controls.
08 · CookiesCookies and similar technologies.
We use strictly-necessary cookies to keep you signed in, remember your preferences, and protect against fraud. We use limited first-party analytics cookies to understand product usage. We do not place third-party advertising cookies.
09 · ChangesUpdates to this policy.
We may update this policy as the product and the law evolve. Material changes will be notified by email and posted here at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.