Privacy Policy

This Privacy Policy describes how NeuDayAI Technologies Private Limited ("NeuDayAI", "we", "us", or "our") collects, uses, stores, and protects personal data when you use the NeuDocIQ platform, APIs, and related services (collectively, the "Service").

This policy is compliant with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable provisions of the Information Technology Act, 2000 and its rules.

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.

We collect the following categories of personal data:

Account data: When you create an account, we collect your name, email address, organisation name, phone number, and billing information.

Usage data: We collect information about how you interact with the Service, including API call logs, processing volumes, feature usage, and access timestamps.

Document data: Documents you submit for processing are temporarily held in memory for the duration of the processing pipeline. Unless you explicitly enable document storage in your account settings, documents are not persisted after processing is complete.

Extracted data: Structured data extracted from your documents is stored and accessible via your account until deleted by you or upon account termination.

Communication data: If you contact us for support or sales enquiries, we retain those communications.

Technical data: IP addresses, browser type, operating system, and device identifiers collected through standard server and application logs.

We use the data we collect for the following purposes:

— To provide, operate, and maintain the Service — To process documents you submit through the API or Studio — To authenticate users and enforce access controls — To send transactional communications (billing, security alerts, service updates) — To respond to customer support requests — To generate aggregate, anonymised analytics about platform performance — To comply with legal obligations, including obligations under the DPDP Act and IT Act

We do not use your document data or extracted data to train, fine-tune, or improve our AI models. Model training uses only synthetic and licensed datasets.

We do not sell your personal data. We share data only in the following limited circumstances:

Service providers: We use third-party vendors to support infrastructure, billing, and communications. These include cloud infrastructure (AWS Mumbai region), payment processors, and transactional email providers. All sub-processors are contractually required to protect data consistent with this policy.

Legal requirements: We may disclose data when required by law, court order, or a lawful government authority request.

Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

With your consent: We may share data for other purposes with your explicit consent.

A current list of sub-processors is available on request at privacy@neudayai.com.

We retain personal data for as long as is necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.

Account data is retained for the life of your account and for 90 days after account termination.

Document data (when storage is enabled) is retained until deleted by you, or for 30 days after account termination, whichever is earlier.

Extracted data is retained until deleted by you, or for 30 days after account termination.

Usage and audit logs are retained for a minimum of 1 year.

You may request deletion of your data at any time by contacting privacy@neudayai.com. Deletion requests are processed within 30 days.

Under India's Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

Right to access: You may request a summary of the personal data we hold about you and how it is being processed.

Right to correction: You may request correction of inaccurate or incomplete personal data.

Right to erasure: You may request deletion of your personal data, subject to our legal retention obligations.

Right to grievance redressal: You have the right to have your grievances addressed. Our Grievance Officer is reachable at privacy@neudayai.com.

Right to nominate: You may nominate an individual to exercise your rights in the event of your death or incapacity.

Right to withdraw consent: Where we process data on the basis of consent, you may withdraw that consent at any time. Withdrawal does not affect processing carried out prior to withdrawal.

To exercise any of these rights, contact our Data Protection Officer at privacy@neudayai.com. We will respond within 30 days.

We implement industry-standard technical and organisational measures to protect your data, including:

— AES-256 encryption for data at rest — TLS 1.3 for data in transit — Role-based access control (RBAC) limiting internal access to personal data — Immutable audit logs for all data access events — Regular vulnerability assessments and penetration testing — Incident response procedures with notification obligations

Despite these measures, no system is completely secure. If you believe your account or data has been compromised, contact us immediately at security@neudayai.com.

Our cloud infrastructure is hosted in AWS Mumbai (ap-south-1), ensuring document data and personal data remain within India's borders for cloud deployments.

Where we use sub-processors that may involve cross-border transfers (such as billing or email services), we ensure appropriate safeguards are in place consistent with DPDP Act requirements.

Enterprise and government customers deploying NeuDocIQ on-premise retain full control over data residency.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us at privacy@neudayai.com and we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on the Service at least 14 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy enquiries, data subject requests, or grievances:

Data Protection Officer / Grievance Officer NeuDayAI Technologies Private Limited Pune, Maharashtra, India Email: privacy@neudayai.com

We aim to acknowledge all privacy enquiries within 3 business days and resolve them within 30 days, in accordance with the DPDP Act.