Last updated: July 14, 2026 · Operated by NeurQ AI Labs Private Limited
Related: Privacy · Security · Terms
This Data Processing Addendum ("DPA") forms part of the agreement between NeurQ AI Labs Private Limited ("Processor", "we") and the customer entity that subscribes to QS Assets ("Controller", "you"). You determine the purposes and means of processing Customer Personal Data; we process it only to provide the QS Assets service.
We process account identifiers, contact details, authentication data, asset inventory metadata, telemetry necessary for discovery/monitoring, support tickets, and related operational logs. Processing is limited to delivering, securing, supporting, and improving the Service as described in our Privacy Policy.
We process Customer Personal Data only on your documented instructions, including configuration you set in the product, unless required by applicable Indian law. Unlawful instructions may be refused with notice.
We implement appropriate technical and organizational measures including TLS in transit, access controls and MFA/SSO options, tenant isolation (application filters and Postgres RLS), encryption of secrets, vulnerability management, and audit logging. Controls operate under our SOC 2 security program. Details: qsasset.com/security.
Personnel authorized to process Customer Personal Data are bound by confidentiality obligations and receive security awareness appropriate to their role.
You authorize us to engage subprocessors needed to host and operate the SaaS offering (currently including cloud hosting and transactional email). A current summary appears on the Security Trust Center. We remain responsible for subprocessor performance and will impose data-protection obligations no less protective than this DPA.
Primary SaaS processing for Indian customers is oriented toward India/DPDP Act 2023 requirements. Where processing occurs in other regions for hosting or support, we use contractual and technical safeguards consistent with applicable law and your deployment choices (including self-host / on-premise options).
Taking into account the nature of processing, we will assist you in responding to requests from data principals / data subjects under DPDP and other applicable laws, via product features and reasonable support.
We will notify you without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and provide information reasonably available to help you meet your notification obligations.
Upon termination of the Service, we will delete or return Customer Personal Data in accordance with the product retention settings and Privacy Policy, except where retention is required by law or for secure backups that age out on a defined schedule.
Upon reasonable written request, we will make available information necessary to demonstrate compliance with this DPA, including relevant security summaries and SOC 2 program attestations under NDA where applicable.
If there is a conflict between this DPA and the Terms of Service regarding data protection, this DPA controls. For general privacy practices see the Privacy Policy. Contact: privacy@qsasset.com or contact@qsasset.com.