Data Processing Agreement (DPA)

Last Updated: 27 May, 2025

Applies to: All customers, users, and partners of Nebrow (a product of Ifow Technologies Private Limited)

This Data Processing Agreement ("DPA") is part of Nebrow's commitment to protecting your data under global privacy regulations, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). It defines how we collect, process, store, and secure your data when you use our services.

1. Definitions

  • Data Controller: You, the customer, who determines the purposes and means of data processing.
  • Data Processor: Nebrow (Ifow Technologies Pvt Ltd), which processes data on your behalf.
  • Personal Data: Any data relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data (collection, storage, usage, etc.).

2. Scope of Data Processing

Nebrow processes data strictly to:

  • Deliver our digital services (e.g., online store, automation tools)
  • Improve product performance and customer experience
  • Comply with legal obligations (e.g., fraud prevention)

We do not sell personal data, ever.

3. Roles & Responsibilities

Your Responsibilities (Data Controller)

  • Ensure your use of Nebrow complies with applicable privacy laws
  • Collect only necessary data and use it legally
  • Respond to data subject requests (Nebrow will assist as needed)

Our Responsibilities (Data Processor)

  • Process data only per your instructions
  • Maintain industry-grade technical and organizational safeguards
  • Assist in responding to data subject requests and audits

4. Subprocessors

Nebrow may use trusted third-party subprocessors (e.g., for hosting, analytics, payments). A full list is available on request. All subprocessors are bound by contractual obligations of data protection.

5. Data Transfers

Nebrow operates global infrastructure (US, EU, Asia) and may transfer data internationally. All transfers comply with:

  • Standard Contractual Clauses (SCCs) for EU data
  • Adequate protection under applicable data laws worldwide

6. Data Subject Rights

Nebrow enables you to fulfill data subjects' rights under GDPR/CCPA, including:

  • Right to access, correct, or delete personal data
  • Right to data portability
  • Right to object to processing or restrict it
  • Right to opt out of sale (CCPA)

Requests can be initiated by contacting: care@nebrow.com

7. Security Measures

We implement and maintain:

  • End-to-end encryption for sensitive data
  • ISO-ready controls
  • Role-based access and multi-factor authentication
  • Real-time monitoring and incident response

8. Data Retention & Deletion

  • Data is retained only for as long as necessary (or legally required)
  • You may request permanent deletion at any time
  • Backup data is deleted on a rolling basis per retention policy

9. Breach Notification

In the unlikely event of a breach, Nebrow will:

  • Notify affected customers within 72 hours
  • Provide actionable details and status updates
  • Cooperate fully with authorities and customer inquiries

10. Contact & Dispute Resolution

Questions or concerns? Contact our Data Protection Officer (DPO) at: care@nebrow.com

In case of dispute, both parties agree to seek resolution in good faith before pursuing legal channels.

Nebrow is committed to data ethics, user rights, and global privacy-first innovation.