Privacy Statement

What Personal Information We Collect

1.1 Information You Provide to Us

When you register for and use the Service, we may collect personal information you provide directly including:

• Full name, job title, and professional contact details
• Work email address
• Company or organisation name and industry
• Billing information and payment details (processed through our payment provider)
• Account preferences, settings, and any information submitted via support requests

1.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information including your IP address, browser type and version, device identifiers, pages visited within the platform, session duration, and usage patterns. This information is used to operate, secure, and improve the Service and is not used to identify you personally beyond what is necessary for these purposes.

1.3 Information from Connected Third-Party Platforms

Where you connect third-party advertising platforms, AI services, or CRM systems to NeoLook.ai during setup, we collect and process data from those platforms on your behalf to deliver the Service. The nature of this data depends on the platforms you connect and the permissions you grant. It may include advertising account data, campaign performance data, audience data, CRM records, and related identifiers. Specific data access terms for Google and Meta are set out in Sections 3 and 4 below.

How We Use the Information We Collect

NeoLook.ai uses the personal information we collect for the following purposes only:

• Service delivery — to operate the platform, process your instructions, generate insights and reports, and deliver all features included in your subscription plan.
• Account management — to manage your account, process payments, send billing communications, and respond to support or enquiry requests.
• Platform improvement — to analyse usage patterns, identify bugs, and develop platform features. Where customer data is used for platform improvement, it is used only in aggregated and anonymised form and is not attributable to any individual customer or campaign.
• Communications — to send onboarding guidance, feature updates, product announcements, and service notifications. You may opt out of non-essential communications at any time.
• Legal and compliance — to comply with applicable Indian law including the Digital Personal Data Protection Act 2023, and to respond to lawful requests from regulatory or enforcement authorities.
• Security — to detect, investigate, and respond to fraud, abuse, security incidents, and unauthorised access.

We do not use your personal information for purposes beyond those described above without your prior, explicit consent. We do not use any personal information — including data received from Google or Meta APIs — to develop, improve, or train any generalised artificial intelligence or machine learning model.

Google Services — Data Access and Limited Use

Meta Services — Data Access and Limited Use

How We Share Personal Information

Personal information about our users is not sold, rented, or traded to any third party. We share personal information only in the circumstances described below.

5.1 Service Providers and Sub-Processors

We engage third-party service providers and sub-processors to help us operate and deliver the Service. These providers are given access only to the personal information necessary for the specific tasks they perform on our behalf and are contractually required to handle it in accordance with applicable data protection law and, where applicable, Meta's Developer Data Use Policy and Google's API Services User Data Policy. A current list of our sub-processors is available in the Sub-Processor List.

5.2 Connected Platform Partners

Where you connect a third-party platform — such as Meta, Google, Anthropic, OpenAI, or Google DeepMind — data is shared with that platform only to the extent necessary to deliver the Service features associated with that connection. Each platform's own privacy policy and data processing terms apply to their handling of shared data.

5.3 Agency Customers and Client Brands

Where you use the Service as an agency on behalf of Client Brands, data from Client Brand accounts is accessible to you as the agency subscriber within the permissions structure of your NeoLook.ai account. NeoLook.ai does not independently share Client Brand data with third parties beyond the sub-processors necessary to operate the Service. As a Tech Provider, NeoLook.ai will notify agency subscribers of any data subject rights requests received from Meta or other platforms.

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of the assets of Mtalkz Mobility Services Private Limited, personal information held by NeoLook.ai may be transferred to the relevant successor entity. We will notify affected users of any such transfer no later than required by applicable law.

5.5 Legal and Regulatory Disclosure

We may disclose personal information to government authorities, regulatory bodies, law enforcement agencies, or courts where required by applicable Indian law, by a lawful order, or where reasonably necessary to protect the rights, property, or safety of NeoLook.ai, its users, or others. We will, where permitted by law, notify you of any such disclosure.

5.6 With Your Consent

Beyond the circumstances described above, we will not share your personal information with any third party without your prior, explicit, and informed consent.

Data Retention

Active account and usage data is retained for the duration of your subscription and for 12 months thereafter. Where you request deletion of your data, active data is deleted and confirmed to you in writing, and a copy is transferred to secure deep storage for audit and legal compliance purposes for up to 7 years.

Data received from Google and Meta APIs is retained only for as long as necessary to deliver the Service. Upon disconnection of a Google or Meta account, API-sourced data from those platforms is deleted without undue delay. You may request deletion at any time by contacting [email protected].

Children

The Service is intended exclusively for business users and is not directed at or designed for use by individuals under the age of 18. NeoLook.ai does not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete it. If you believe a minor has provided personal information to us, please contact [email protected].

Third-Party Links and Applications

The Service may contain links to third-party websites, tools, or applications. These are not operated or controlled by NeoLook.ai, and this Privacy Statement does not apply to them. We are not responsible for the privacy practices, data handling, or content of any third-party website or application. You access such destinations at your own risk and should review their privacy policies independently.

Your Rights and Access to Your Information

9.1 Rights under the DPDP Act 2023 🇮🇳 India

9.2 Rights under GDPR (EU/EEA users)

For users whose personal data falls within the scope of the General Data Protection Regulation (EU) 2016/679, NeoLook.ai honours the following rights. To exercise any of these rights, contact [email protected].

9.3 Exercising Your Rights

To exercise any of the rights described above, please contact us at the addresses below. We will acknowledge your request within 5 business days and respond within the timeframe required by applicable law.

Security

NeoLook.ai implements appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. These measures meet or exceed industry standards given the sensitivity of the data processed, including advertising account data received via Google and Meta APIs. Details of our security practices are set out in our Security Policy. In the event of a personal data breach affecting your information, we will notify you in accordance with our obligations under applicable law.

Cookies and Tracking Technologies

NeoLook.ai uses cookies and similar tracking technologies on the platform to support core functionality, remember your preferences, analyse usage patterns, and improve the Service. A separate Cookie Policy detailing the specific cookies used, their purpose, and how to manage your preferences is available at Cookie Policy.

Changes to This Privacy Statement

NeoLook.ai may update this Privacy Statement from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by posting the updated Privacy Statement on the NeoLook.ai website and, where practicable, by sending a notification to your registered email address. Your continued use of the Service after the updated Privacy Statement takes effect constitutes your acceptance of the revised terms.

Governing Law and Jurisdiction

This Privacy Statement is governed by the laws of India including the Digital Personal Data Protection Act 2023. Any dispute arising in connection with this Privacy Statement shall be subject to the exclusive jurisdiction of the courts at New Delhi, India.

Contact and Grievance Redressal

For any questions, concerns, or requests relating to this Privacy Statement or the handling of your personal information, please contact us. Under the DPDP Act 2023, you have the right to raise a grievance with us regarding the handling of your personal data. We will respond to all grievances within the timeframe required by applicable law. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once it is constituted and operational.