NeuAlto Technologies Pvt. Ltd. ("NeuAlto," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. NeuAlto is a global technology services company headquartered in Bengaluru, India, with operations in the United States. We deliver engineering and IT services, DevSecOps and cloud engineering, data transformation and migration (EDI), managed AI/ML services, web and mobile application development, testing and automation, and cybersecurity consulting and vCISO services, together with the products, platforms, and solutions we build (such as the DeltaMax data-quality platform).
This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you visit www.neualto.com, engage us for professional or managed services, use any NeuAlto product, platform, or solution, or otherwise access our applications, APIs, integrations, or services — including any offerings we publish through cloud marketplaces (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of our Services.
Scope & Our Role
This Policy applies to all personal data NeuAlto processes as a data controller — including information about our website visitors, prospects, customers and their authorized users, partners and vendors, job applicants, and end users of our products and platforms.
Information We Collect
1.1 Information You Provide Directly
- Account & Contact Information: name, work email address, company name, job title, phone number, postal address, and billing details when you register, request a demo or quote, subscribe through a cloud marketplace, engage our services, or contact us.
- Authentication Credentials: usernames, hashed passwords, single sign-on (SSO) identifiers, and multi-factor authentication metadata.
- Support & Communications: messages, attachments, and feedback you submit through email, support tickets, contact forms, surveys, or community channels.
- Configuration & Project Data: connection strings, schema metadata, data-source endpoints, business rules, environment settings, and policy definitions you configure when using our products or during a services engagement. We do not require the contents of your underlying data records to operate our platforms.
- Recruitment Information: if you apply for a role with us, your CV/resume, education and employment history, contact details, and any information you choose to share during the hiring process.
1.2 Information Collected Automatically
- Usage & Telemetry: pages viewed, features used, clicks, session duration, referring URLs, error logs, and diagnostic events.
- Device & Technical Data: IP address, browser type and version, operating system, device identifiers, language preferences, and time zone.
- Cookies & Similar Technologies: see Section 6 — Cookies and Tracking Technologies.
1.3 Information From Third Parties
- Marketplace & Reseller Partners: when you subscribe through a cloud marketplace or another authorized reseller, we receive tenant IDs, subscription identifiers, plan details, and contact information necessary to provision and bill the Services.
- Identity Providers: if you sign in using Microsoft Entra ID, Google Workspace, Okta, or another identity provider, we receive the profile attributes those services share with us.
- Business & Referral Sources: publicly available information, data-enrichment providers, partners, and referrals used for lead qualification and account research.
How We Use Your Information
We use the information we collect to:
- Provide, operate, maintain, and improve our Services, products, platforms, and professional and managed-services engagements.
- Authenticate users, manage accounts and subscriptions, and prevent unauthorized access.
- Process transactions, generate invoices, and reconcile billing through cloud marketplaces or direct contracts.
- Respond to enquiries and support requests, troubleshoot incidents, and communicate service announcements.
- Monitor performance, diagnose technical issues, and develop new features and offerings.
- Evaluate and process job applications and manage recruitment.
- Send marketing communications about NeuAlto services, products, and events where permitted by law (you may unsubscribe at any time).
- Detect, investigate, and prevent fraudulent, malicious, or illegal activity.
- Comply with legal obligations, enforce our agreements, and protect our rights and the rights of our users.
Legal Bases for Processing (EEA / UK Users)
| Purpose | Legal Basis |
|---|---|
| Providing the Services you request | Performance of a contract |
| Billing, accounting, and tax compliance | Legal obligation |
| Product improvement, analytics, and security | Legitimate interests |
| Recruitment and hiring | Legitimate interests / steps prior to a contract |
| Marketing communications | Consent (where required) / legitimate interests |
| Responding to legal requests | Legal obligation |
Where you are located in India, we process personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), relying on your consent or other lawful uses permitted under that Act. For other jurisdictions, we process personal data on the lawful bases recognized by applicable local law.
How We Share Information
We share information only in the following circumstances:
- Service Providers & Subprocessors: cloud hosting (such as Microsoft Azure), analytics, customer support, billing, email delivery, and observability vendors that process data on our behalf under written agreements.
- Customers & Their Authorized Users: where you are an authorized user of a customer's account or engagement, relevant information may be made available to that customer (for example, to its administrators).
- Marketplace Operators & Resellers: cloud marketplace operators (such as Microsoft) and authorized resellers for subscription provisioning, license validation, and billing reconciliation.
- Business Transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality protections.
- Legal & Safety: when required by law, subpoena, court order, or to protect the rights, property, or safety of NeuAlto, our users, or the public.
- With Your Consent: for any other purpose disclosed at the time of collection or with your direction.
Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary based on the type of data and applicable legal requirements. When personal information is no longer needed, we securely delete, anonymize, or aggregate it. Customers may request deletion of their account or engagement data subject to the terms of their applicable agreement.
Cookies and Tracking Technologies
We use cookies and similar technologies (such as pixels, local storage, and SDKs) to operate the website, remember your preferences, analyze traffic, and measure marketing effectiveness. Cookie categories include:
- Strictly Necessary: required for authentication, security, and core functionality.
- Performance & Analytics: help us understand how users interact with the Services.
- Functional: remember settings such as language and region.
- Marketing: deliver relevant content and measure campaign performance (only with consent where required).
You can control cookies through your browser settings or our cookie banner where applicable. Disabling certain cookies may limit functionality.
Data Security
As a company with a dedicated cybersecurity practice, security is central to how we operate. We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include:
- Encryption in transit (TLS 1.2+) and at rest
- Role-based access controls and multi-factor authentication
- Secure software development practices and vulnerability management
- Logging, monitoring, and periodic security assessments
While no system can be guaranteed 100% secure, we work continuously to strengthen our security posture.
International Data Transfers
NeuAlto operates globally, with locations in India and the United States. Your information may be transferred to, stored, and processed in countries other than your country of residence — including India, the United States, and other regions where our cloud providers operate. When we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and adequacy decisions where applicable.
Your Privacy Rights
Depending on your location, you may have some or all of the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you.
- Correction — request that inaccurate or incomplete data be corrected or updated.
- Deletion / Erasure — request that we delete your personal data, subject to legal exceptions.
- Restriction & Objection — restrict or object to certain processing activities.
- Data Portability — receive your data in a structured, machine-readable format.
- Withdraw Consent — withdraw consent at any time where processing is based on consent.
- Nominate (India) — nominate another individual to exercise your rights in the event of death or incapacity, as provided under the DPDP Act, 2023.
- Grievance Redressal — raise a grievance with us regarding the handling of your personal data.
- Opt-Out of Sale/Sharing — California and certain other US state residents may opt out of the "sale" or "sharing" of personal information; we do not sell personal information.
- Non-Discrimination — we will not discriminate against you for exercising any of your privacy rights.
To exercise any of these rights, contact us at general@neualto.com (or info@neualto.com). We will verify your request and respond within the timeframes required by applicable law. EEA/UK users have the right to lodge a complaint with their local data protection authority; users in India may also escalate to the Data Protection Board of India under the DPDP Act, 2023.
Children's Privacy
Our Services are designed for business and enterprise use and are not directed to children. We do not knowingly collect personal information from children — defined as individuals under the age of 18 under India's DPDP Act, 2023, under 16 in the EEA, or as otherwise defined by applicable local law. If you believe a child has provided us with personal information, please contact us so we can delete it.
Third-Party Links and Services
The Services may contain links to third-party websites, applications, or services that are not operated by NeuAlto. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
Customer Data & Our Role as a Processor
When you engage NeuAlto for professional or managed services, or deploy a NeuAlto product within your environment, we may process personal data contained in your enterprise data solely on your behalf and under your documented instructions, as a data processor or sub-processor. In that role:
- You remain the data controller and are responsible for the lawful basis, notices, and consents relating to that data.
- Our processing is governed by the applicable MSA, SOW, and/or DPA, which set out security measures, approved sub-processors, breach-notification commitments, and our assistance with data-subject requests.
- We process such data only for the duration and purposes of the engagement, and return or securely delete it in accordance with the agreement.
If you obtained a NeuAlto product through a cloud marketplace (such as the Microsoft Azure Marketplace), the marketplace operator also processes certain transaction and account information in accordance with its own privacy statement (for example, the Microsoft Privacy Statement). NeuAlto's processing of your personal data and enterprise content is governed by this Privacy Policy together with the applicable NeuAlto subscription or services agreement and any Data Processing Addendum.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will revise the "Last Updated" date and, where appropriate, provide additional notice (such as an email or in-product announcement). Your continued use of the Services after the effective date of any updates constitutes acceptance of the revised Policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: