Netallion AI Assurance Privacy Policy
Effective date: 03 February 2026
This Privacy Policy explains how Netallion AI Assurance ("Service") collects, uses, discloses, and protects personal information.
1) Who we are
Netallion AI Assurance is operated by Netallion Limited ("we", "us"). For the personal information we collect about website visitors and account administrators, we act as the data controller (or equivalent). For Customer Content processed on behalf of business customers, we generally act as a service provider/processor (see below).
2) Scope
This policy covers:
- Visitors to netallion.ai
- Account holders and Users of the Service
- Customer administrators who connect data sources (e.g., workspaces)
3) What we collect
A) Account and contact data
- Name, email address, organization name
- Role/permissions inside the Service
- Support communications
B) Technical and usage data
- Log-in events, device/browser data, IP address (where applicable)
- Feature usage and audit logs (actions within the Service)
C) Customer Content (processed on behalf of customers)
The Service may process content from customer systems to detect potential exposures. Depending on your configuration, this may include:
- redacted snippets or indicators derived from logs
- metadata (workspace identifiers, timestamps, source table names)
We design the Service to minimize sensitive content storage and generally store only hashed/masked indicators plus redacted snippets, not raw secrets.
4) How we use information
We use information to:
- Provide and secure the Service (authentication, authorization, abuse prevention)
- Run detection and generate Findings and reports
- Provide customer support
- Improve the Service (aggregated analytics and performance)
- Comply with legal obligations
5) Legal bases and compliance
We aim to comply with applicable privacy laws, including New Zealand's Privacy Act 2020 and its information privacy principles (e.g., collecting only what is necessary and safeguarding information). You may have rights to access and correct your personal information.
If you are a business customer, you are responsible for ensuring you have a lawful basis to provide Customer Content to the Service.
6) Sharing and disclosure
We may share information with:
- Infrastructure and hosting providers (to run the Service)
- Support and security tooling providers (to monitor reliability and protect the Service)
- Professional advisors (legal/accounting) where necessary
- Authorities if required by law
We do not sell personal information.
7) International transfers
Your data may be processed in regions where our infrastructure operates. Where required, we take steps designed to protect data transfers consistent with applicable law and contractual commitments.
8) Security
We maintain technical and organizational measures designed to protect information, such as access controls, encryption in transit, and key management practices.
No system is perfectly secure. You are responsible for using strong passwords/SSO controls and limiting access to authorized Users.
9) Data retention
We retain personal information and Customer Content only as long as necessary to provide the Service and for legitimate business or legal needs. For details, see Data Retention & Deletion.
10) Your rights
Depending on your location and relationship with Netallion AI Assurance, you may have rights to:
- Access your personal information
- Request correction
- Request deletion or restriction (subject to legal and contractual limits)
- Object to certain processing
To exercise rights, contact privacy@netallion.ai.
11) Cookies
We use necessary cookies and similar technologies to operate the website and Service (e.g., session/auth). Where used, analytics cookies (if enabled) may be described in a cookie notice.
12) Changes to this policy
We may update this Privacy Policy. If changes are material, we will provide reasonable notice. Continued use after the effective date indicates acceptance.
13) Contact
Privacy questions: privacy@netallion.ai