Navigation
PlatformModules
Pages
SecurityPricingDocsBlogContact
Legal · DPA

Data Processing Addendum

Last updated: July 14, 2026 · Operated by NeurQ AI Labs Private Limited

Related: Privacy · Security · Terms

1. Parties & roles

This Data Processing Addendum ("DPA") forms part of the agreement between NeurQ AI Labs Private Limited ("Processor", "we") and the customer entity that subscribes to QS Assets ("Controller", "you"). You determine the purposes and means of processing Customer Personal Data; we process it only to provide the QS Assets service.

2. Scope of processing

We process account identifiers, contact details, authentication data, asset inventory metadata, telemetry necessary for discovery/monitoring, support tickets, and related operational logs. Processing is limited to delivering, securing, supporting, and improving the Service as described in our Privacy Policy.

3. Documented instructions

We process Customer Personal Data only on your documented instructions, including configuration you set in the product, unless required by applicable Indian law. Unlawful instructions may be refused with notice.

4. Security measures

We implement appropriate technical and organizational measures including TLS in transit, access controls and MFA/SSO options, tenant isolation (application filters and Postgres RLS), encryption of secrets, vulnerability management, and audit logging. Controls operate under our SOC 2 security program. Details: qsasset.com/security.

5. Personnel

Personnel authorized to process Customer Personal Data are bound by confidentiality obligations and receive security awareness appropriate to their role.

6. Subprocessors

You authorize us to engage subprocessors needed to host and operate the SaaS offering (currently including cloud hosting and transactional email). A current summary appears on the Security Trust Center. We remain responsible for subprocessor performance and will impose data-protection obligations no less protective than this DPA.

7. International transfers

Primary SaaS processing for Indian customers is oriented toward India/DPDP Act 2023 requirements. Where processing occurs in other regions for hosting or support, we use contractual and technical safeguards consistent with applicable law and your deployment choices (including self-host / on-premise options).

8. Data subject rights & assistance

Taking into account the nature of processing, we will assist you in responding to requests from data principals / data subjects under DPDP and other applicable laws, via product features and reasonable support.

9. Personal data breach

We will notify you without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and provide information reasonably available to help you meet your notification obligations.

10. Return & deletion

Upon termination of the Service, we will delete or return Customer Personal Data in accordance with the product retention settings and Privacy Policy, except where retention is required by law or for secure backups that age out on a defined schedule.

11. Audit & information

Upon reasonable written request, we will make available information necessary to demonstrate compliance with this DPA, including relevant security summaries and SOC 2 program attestations under NDA where applicable.

12. Precedence

If there is a conflict between this DPA and the Terms of Service regarding data protection, this DPA controls. For general privacy practices see the Privacy Policy. Contact: privacy@qsasset.com or contact@qsasset.com.