Privacy Policy
NNG DLP Agent
Last Updated: [Feb 9, 2026]
1. Company Information and Commitment
NNG (βNNGβ, βweβ, βourβ, or βusβ) is a software company providing enterprise-grade security solutions to protect customer intellectual property.
NNG is committed to maintaining the highest standards of privacy, data protection, and information security in accordance with applicable global regulations and industry frameworks.
This Privacy Policy describes how data is collected, processed, stored, protected, and governed when customers use the NNG DLP Agent (βServiceβ), offered through Microsoft Azure Marketplace, including via public and private offers.
2. Scope of This Policy
This policy applies to:
All customers deploying the NNG DLP Agent
All data processed by the Service
All environments in which the Service operates (endpoint, server, VM, cloud)
This policy does not override customer internal privacy policies or employment agreements.
3. Roles and Responsibilities
For purposes of global data protection laws:
Customer is the Data Controller
NNG acts strictly as a Data Processor
NNG processes data only on documented customer instructions and for the sole purpose of delivering DLP functionality.
4. Regulatory and Standards Compliance
NNG designs, operates, and maintains the Service to align with the following frameworks:
4.1 General Data Protection Regulation (GDPR)
NNG complies with GDPR (EU Regulation 2016/679), including but not limited to:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Storage limitation
Integrity and confidentiality
Accountability
NNG supports customer obligations under:
Articles 28 (Processor obligations)
Articles 32β34 (Security and breach response)
Articles 15β22 (Data subject rights)
4.2 California Consumer Privacy Act (CCPA / CPRA)
For California residents:
NNG does not sell or share personal information
NNG acts as a Service Provider / Processor
Data is used only for contractually defined security purposes
NNG supports access, deletion, and correction requests through the customer
4.3 ISO/IEC 27001 Alignment
NNGβs security program is aligned with ISO/IEC 27001 principles, including:
Information security risk management
Access control and identity management
Asset classification and protection
Incident response and business continuity
Supplier and subprocessor governance
4.4 SOC 2 Trust Services Criteria
NNG follows SOC 2 principles across:
Security
Availability
Confidentiality
Processing Integrity
Privacy
Operational controls are designed to ensure systems are protected against unauthorized access and misuse.
5. Data Categories Processed
5.1 Operational and Security Data
File metadata (name, path, size, checksum)
Policy enforcement events
DLP detection results
Audit and compliance logs
Agent health and telemetry data
5.2 User and Device Identifiers
User ID or username
Device or endpoint identifier
Tenant or organization identifier
5.3 Source Code Handling
Source code content is not stored by default
Content inspection, if enabled, is performed in-memory only
No customer source code is used for:
AI model training
Analytics beyond DLP enforcement
External sharing or resale
6. Purpose Limitation
Data is processed exclusively for:
Preventing unauthorized source code leakage
Enforcing customer-defined DLP policies
Providing audit trails and compliance evidence
Ensuring reliability and security of the Service
NNG does not use customer data for advertising, profiling, or behavioral analytics.
7. Artificial Intelligence Usage
The Service may apply AI-assisted detection techniques:
AI operates within customer policy boundaries
Models are deterministic and security-focused
No autonomous decision-making impacting legal or employment outcomes
No training on customer data
Customers retain full authority over enforcement actions.
8. Data Storage and Processing Location
Data is processed and stored in Microsoft Azure
Azure regions align with customer tenant configuration
Data residency requirements are respected
Microsoft Azure security controls are inherited where applicable
9. Data Retention and Deletion
Retention periods are configurable by customers
Default retention follows security best practices
Data is deleted or anonymized upon:
Customer request
Contract termination
Expiration of legal retention requirements
10. Subprocessors
NNG uses only vetted subprocessors, including:
Microsoft Azure infrastructure services
All subprocessors are bound by:
Confidentiality obligations
Data protection agreements
Security and audit requirements
A subprocessor list is available upon request.
11. Security Safeguards
NNG implements administrative, technical, and organizational measures, including:
Encryption at rest and in transit (TLS 1.2+)
Least-privilege access controls
Secure key management
Logging and continuous monitoring
Incident response procedures
Regular internal security reviews
12. Incident and Breach Management
NNG maintains a formal incident response process:
Security incidents are assessed promptly
Customers are notified without undue delay where required
Root cause analysis and remediation actions are performed
13. Data Subject Rights
Where personal data is processed, data subjects may have rights including:
Access
Rectification
Erasure
Restriction
Objection
Requests should be handled by the customer as Data Controller.
NNG provides reasonable assistance to support such requests.
14. Licensing and Commercial Model
Licensed per user, starting from USD $4 per user per month
Available via Azure Marketplace private offers
Pricing has no impact on privacy, security, or data ownership
15. Policy Updates
NNG may update this Privacy Policy periodically.
Material changes will be communicated through:
Azure Marketplace listing updates
Direct customer notifications where appropriate
16. Contact Information
For privacy, security, or compliance inquiries:
NNG
Email: xxx@nng.com.vn
Website: https://www.nng.com.vn
Azure Marketplace & Enterprise Compliance Status
β GDPR-ready
β CCPA / CPRA-aligned
β ISO/IEC 27001-aligned
β SOC 2-aligned
β No AI training on customer data
β Enterprise procurement safe