Privacy Policy

This Privacy Policy describes how Necora Pte. Ltd. ("Necora", "PodIQ", "we", "us", or "our") collects, uses, discloses, and protects information when you visit our website at necora.io, use the PodIQ platform, or interact with us through any other channel. By accessing or using our services, you acknowledge that you have read and understood this policy. If you do not agree with these practices, please do not use our services.

We collect information in the following categories: Account information — Name, work email address, phone number, company name, job title, company size, and country provided when you submit a contact form, join our waitlist, or create an account. Operational telemetry metadata — When you connect PodIQ to your facility systems (BMS, DCIM, EPMS), we ingest time-series signals, alarm events, and equipment metadata in read-only mode. We do not collect personally identifiable information from facility telemetry streams. Usage analytics — Information about how you interact with the PodIQ platform, including pages visited, features used, session duration, browser type, device type, IP address, and referring URLs. Cookies and similar technologies — We use strictly necessary cookies for authentication and session management. We use optional analytics cookies only with your consent. You may manage cookie preferences through your browser settings. Communications — Records of correspondence when you contact us for support, sales inquiries, or feedback.

We use collected information for the following purposes: Service delivery — To provide anomaly detection, cross-domain causal reasoning, root-cause ranking, and SOP-aligned operator guidance. Account management — To create and manage your account, authenticate users, and communicate service updates. Service improvement — Aggregated and anonymised operational insights help us improve model accuracy, reasoning quality, and platform reliability. Individual customer telemetry is never shared with other customers. Communication — To respond to inquiries, send transactional notifications, and share product updates you have opted into. Security — To detect, prevent, and respond to fraud, abuse, or security incidents. Legal compliance — To comply with applicable laws, regulations, and legal processes.

We process personal data on the following legal bases: Contractual necessity — Processing required to deliver the PodIQ service under your subscription agreement. Legitimate interest — Processing for service improvement, security, and fraud prevention, where our interests do not override your fundamental rights. Consent — Where you have explicitly opted in, such as for marketing communications or optional analytics. You may withdraw consent at any time. Legal obligation — Where processing is required to comply with applicable law.

We do not sell, rent, or trade your personal information or operational telemetry to third parties. We may share information with: Infrastructure providers — Cloud hosting and database services (e.g., Supabase, Vercel) that process data on our behalf under strict data processing agreements. Professional advisors — Legal counsel, auditors, or accountants when necessary to protect our rights or comply with legal obligations. Law enforcement — When required by law, subpoena, court order, or governmental regulation. Business transfers — In connection with a merger, acquisition, reorganisation, or sale of assets, where your data would remain subject to the protections of this policy. We require all third-party processors to maintain appropriate security measures and process data only as instructed by us.

Storage — Data is stored in secure, access-controlled cloud environments with encryption at rest (AES-256) and in transit (TLS 1.2+). Infrastructure is hosted in regions aligned with your contractual requirements. Security measures — We implement role-based access controls, audit logging, vulnerability scanning, and incident response procedures. Access to customer telemetry is restricted to authorised personnel on a need-to-know basis. Retention — Account information is retained for the duration of your subscription plus 90 days for wind-down purposes, unless a longer period is required by law. Operational telemetry is retained according to your plan tier and contractual agreement. Waitlist and contact form submissions are retained for 24 months or until you request deletion. You may request early deletion at any time.

Depending on your jurisdiction, you may have the following rights: Access — Request a copy of the personal data we hold about you. Rectification — Request correction of inaccurate or incomplete data. Erasure — Request deletion of your personal data, subject to legal retention requirements. Restriction — Request that we limit processing of your data in certain circumstances. Portability — Request your data in a structured, machine-readable format. Objection — Object to processing based on legitimate interests. Withdrawal of consent — Withdraw consent for any processing based on consent, without affecting the lawfulness of prior processing. To exercise any of these rights, contact us at privacy@necora.io. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with your local data protection authority.

If we transfer personal data outside of your jurisdiction, we ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant authorities or other legally recognised transfer mechanisms. We honour industrial data sovereignty requirements and will work with enterprise customers to ensure telemetry data remains within specified geographic boundaries where contractually agreed.

PodIQ is a B2B enterprise product and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete it.

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect. The "Last updated" date at the bottom of this page indicates when the policy was most recently revised. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: Necora Pte. Ltd. Email: privacy@necora.io Website: necora.io/contact