logo

Data Processing Agreement (DPA)

Table of contents:

Effective Date: 15th October 2024
Last Updated: 5th September 2025
This Data Processing Agreement (“DPA”) forms part of the Terms of Use or similar agreement between you (“Customer”) and Neysa Networks (“we”, “us”, or “our”), provider of digital products and services.
This DPA outlines how we handle your personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the SOC 2 Privacy Trust Services Criteria.

This DPA applies to limited personal data that we process solely for the purpose of providing and supporting our products and services. This includes:

  • Contact and business information you provide for ordering and billing
  • Customer account details managed in our systems

We do not access or manage the data you store within your dedicated tenant environments. That data is governed by our Security Shared Responsibility Model.

For the limited personal data covered under this DPA (e.g., contact and billing information), the Customer is the Data Controller and Neysa Networks acts as the Data Processor, processing such data solely on the Customer’s documented instructions, as outlined in this agreement.

We process customer personal data only for:

  • Account setup and management
  • Billing and subscription administration
  • Customer service and support
  • Legal and compliance obligations (where applicable)

We do not process any data stored by the customer within their tenant.

We use trusted technology providers to handle limited customer account and billing data:

  • Zoho – Customer Relationship Management (India)
  • Monetize360 – Subscription and billing Management (India)
  • NTT – Physical Datacenter environment (India)

All sub-processors are contractually required to meet high standards of data security and confidentiality.

Neysa Networks provides customers with secure, dedicated tenant environments as part of our offerings. Customers are solely responsible for the privacy and security of the data they store or process within their tenant. This separation of responsibilities is outlined in our Security Shared Responsibility Model, which distinguishes between:

  • Controls managed by Neysa Networks (e.g., infrastructure security)
  • Controls managed by the customer (e.g., data classification, access policies)

To protect customer contact and billing data, we ensure implementation of industry-standard security practices, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Network and system monitoring
  • Incident detection and response processes

We honour valid requests to access, correct, or delete customer data held for account administration, in accordance with applicable data protection laws.

Customer data is retained only for as long as necessary to deliver services, meet legal requirements, and fulfil contractual obligations. After service termination, such data is securely deleted or anonymized unless otherwise required by law.

For questions related to this DPA or our data protection practices, please contact infosec@neysa.ai