Data Processing Agreement (DPA)
Table of contents:
- Scope of This DPA
- Roles of the Parties
- Nature and Purpose of Processing
- Data Storage and Sub-Processors
- Customer Tenant Data and Shared Responsibility
- Security Measures
- Data Subject Rights
- Data Retention
- Contact Information
Effective Date: 15th October 2024
Last Updated: 5th September 2025
This Data Processing Agreement (“DPAâ€) forms part of the Terms of Use or similar agreement between you (“Customerâ€) and Neysa Networks (“weâ€, “usâ€, or “ourâ€), provider of digital products and services.
This DPA outlines how we handle your personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the SOC 2 Privacy Trust Services Criteria.
Scope of This DPA
This DPA applies to limited personal data that we process solely for the purpose of providing and supporting our products and services. This includes:
- Contact and business information you provide for ordering and billing
- Customer account details managed in our systems
We do not access or manage the data you store within your dedicated tenant environments. That data is governed by our Security Shared Responsibility Model.
Roles of the Parties
For the limited personal data covered under this DPA (e.g., contact and billing information), the Customer is the Data Controller and Neysa Networks acts as the Data Processor, processing such data solely on the Customer’s documented instructions, as outlined in this agreement.
Nature and Purpose of Processing
We process customer personal data only for:
- Account setup and management
- Billing and subscription administration
- Customer service and support
- Legal and compliance obligations (where applicable)
We do not process any data stored by the customer within their tenant.
Data Storage and Sub-Processors
We use trusted technology providers to handle limited customer account and billing data:
- Zoho – Customer Relationship Management (India)
- Monetize360 – Subscription and billing Management (India)
- NTT – Physical Datacenter environment (India)
All sub-processors are contractually required to meet high standards of data security and confidentiality.
Customer Tenant Data and Shared Responsibility
Neysa Networks provides customers with secure, dedicated tenant environments as part of our offerings. Customers are solely responsible for the privacy and security of the data they store or process within their tenant. This separation of responsibilities is outlined in our Security Shared Responsibility Model, which distinguishes between:
- Controls managed by Neysa Networks (e.g., infrastructure security)
- Controls managed by the customer (e.g., data classification, access policies)
Security Measures
To protect customer contact and billing data, we ensure implementation of industry-standard security practices, including:
- Encryption in transit and at rest
- Role-based access controls
- Network and system monitoring
- Incident detection and response processes
Data Subject Rights
We honour valid requests to access, correct, or delete customer data held for account administration, in accordance with applicable data protection laws.
Data Retention
Customer data is retained only for as long as necessary to deliver services, meet legal requirements, and fulfil contractual obligations. After service termination, such data is securely deleted or anonymized unless otherwise required by law.
Contact Information
For questions related to this DPA or our data protection practices, please contact infosec@neysa.ai
