Legal · 1 May 2025

Privacy Policy & Cookie Policy

This Privacy Policy explains how NM Cloud Technologies Private Limited (“NM Cloud Technologies”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our website (nmcloudtech.com) and our products. It also explains your rights under applicable data protection law.

Effective date: 1 May 2025 · Governing law: India (DPDP Act 2023) · GDPR-aligned where applicable.

1. Who We Are

NM Cloud Technologies Private Limited is registered in India as a Private Limited company. We are the data controller for personal data collected through nmcloudtech.com and the operator for personal data processed within our products (Hospyron, ProjectAR, NM Cloud Flow, Revise) on behalf of our enterprise clients.

Data Controller

NM Cloud Technologies Private Limited
Nellore, Andhra Pradesh — 524001, India
Email: privacy@nmcloudtech.com

2. Data We Collect

We collect personal data in the following contexts:

Website visitors

–IP address and general location (country/city)
–Browser type, version, and operating system
–Pages visited, referral URL, time on page
–Device type (desktop, mobile, tablet)
–Anonymised interaction events (clicks, scroll depth)

Contact & sales enquiries

–Full name and professional email address
–Company name, job title, phone number (if provided)
–Message content and enquiry details
–Time and source of submission

Product users (via enterprise client deployments)

–User account details (name, work email, role)
–Activity logs within the product (timestamps, actions)
–Content created or uploaded within the product
–No product user data is processed without an active Data Processing Agreement with the enterprise client

We do not collect sensitive personal data (health records, financial data, biometrics) through this website. Sensitive data processed within Hospyron is covered by a separate Data Processing Agreement with each hospital client.

3. How We Use Your Data

→

Responding to sales and support enquiries

Contact form submissions, email correspondence

→

Improving website performance and user experience

Anonymised analytics, heatmaps, A/B testing

→

Marketing communications

Only with explicit opt-in consent; unsubscribe available on every message

→

Product delivery and support

For enterprise clients under a signed contract and DPA

→

Legal compliance

Tax records, regulatory filings, responding to lawful authority requests

→

Fraud and security monitoring

Detecting abuse, protecting against attacks

4. Legal Basis for Processing

Under India's DPDP Act 2023 and GDPR (where applicable), we process personal data under one of the following lawful bases:

Consent

Marketing emails, non-essential analytics cookies. You may withdraw consent at any time.

Contract

Delivering services to enterprise clients under a signed agreement.

Legal obligation

Tax filings, regulatory compliance, lawful authority requests.

Legitimate interest

Website security, fraud prevention, improving our products. Interests balanced against your rights.

5. Data Retention

Website analytics dataAnonymised after 26 months; raw IP logs deleted after 90 days

Contact form submissions3 years from last interaction, then securely deleted

Enterprise client dataRetained for the duration of the contract + 7 years for legal/audit purposes, then deleted per the DPA schedule

Marketing opt-in recordsRetained for 5 years as proof of consent, deleted on unsubscribe + 30 days

Server access logs90 days for security monitoring, then auto-deleted

7. Cookie Policy

Last reviewed: 1 May 2025

This website (nmcloudtech.com) is a static website hosted on Amazon S3 and served via Amazon CloudFront. It does not run server-side code, does not set server-side session cookies, and does not use a database. The cookies and storage mechanisms used are strictly limited.

Cookies We Set

Cookie Name	Type	Purpose	Duration	Consent Required
__nmct_consent	Strictly necessary	Stores your cookie consent preference so you are not re-asked on every page visit	1 year	No — set on first visit to record your choice
__nmct_theme	Functional	Remembers your light/dark mode preference	1 year	No — functional, not tracking
_ga, _ga_*	Analytics (optional)	Google Analytics — aggregate traffic analysis. Only set if you accept analytics cookies	2 years / 90 days	Yes — opt-in only

Local Storage

We use browser localStorage for the following non-tracking purposes:

nmct:consentYour cookie consent choice (accepted / declined / pending)
nmct:themeUI theme preference (dark / light)
nmct:lenis-scrollSmooth scroll position (session-only, cleared on tab close)

Managing Cookies

You can manage or delete cookies at any time through your browser settings. Disabling strictly necessary cookies will not affect site functionality. Disabling analytics cookies will stop aggregate traffic measurement — no other consequence. Third-party cookie opt-out links: Google Analytics Opt-Out.

8. Cache Settings

This website is served through Amazon CloudFront (CDN). Cache behaviour is configured as follows — these settings govern how long your browser and CloudFront edge nodes store pages and assets:

Asset Type	Cache-Control Header	CDN TTL	Browser TTL
HTML pages (/*.html)	no-cache, no-store, must-revalidate	0s	0s — always fetches fresh
JS/CSS bundles (/_next/static/)	public, max-age=31536000, immutable	1 year	1 year — content-hashed filenames change on deploy
Images (/public/images/)	public, max-age=86400, s-maxage=604800	7 days	24 hours
Fonts (/_next/static/media/)	public, max-age=31536000, immutable	1 year	1 year
sitemap.xml / robots.txt	public, max-age=3600, s-maxage=86400	24 hours	1 hour
API responses (if any)	no-store	None	None

On each new deployment, CloudFront invalidations are triggered for /* to ensure all users receive the latest version immediately. Content-hashed static assets (_next/static/) are cached aggressively because their filenames change on every deployment — making cache invalidation of those files unnecessary.

9. International Transfers

Our primary infrastructure runs in AWS Mumbai (ap-south-1) and GCP Mumbai (asia-south1), keeping Indian user data in India by default. For international visitors or clients requiring alternative data residency, data may be processed in other AWS/GCP regions. Any such transfers are subject to appropriate contractual protections (Standard Contractual Clauses for EU data; equivalent mechanisms for other jurisdictions).

10. Your Rights

Under India's DPDP Act 2023 and, where applicable, GDPR, you have the following rights:

Access

Request a copy of the personal data we hold about you.

Correction

Request correction of inaccurate or incomplete personal data.

Erasure

Request deletion of your personal data, subject to legal retention obligations.

Withdrawal of consent

Withdraw marketing consent at any time; withdrawal does not affect prior lawful processing.

Grievance redressal

Lodge a complaint with us or with the Data Protection Board of India.

Portability (GDPR)

Receive your data in a structured, machine-readable format.

To exercise any right, email privacy@nmcloudtech.com. We will respond within 30 days (DPDP Act) or 30 days (GDPR).

11. Security

We implement AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, multi-factor authentication for all admin access, and complete audit trails. Our security programme follows ISO 27001 principles and includes regular penetration testing. Full security documentation is available at our Trust Centre.

12. Children

This website is not directed at children under 18. We do not knowingly collect personal data from anyone under 18 through this website. Our Revise product (used in schools) processes student data exclusively under the authority and control of the school institution, which acts as the data controller and holds parental consent. We act as data processor only.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active contacts and announced on this page with the updated effective date. Continued use of our website or products after notification constitutes acceptance of the updated policy.

14. Contact & Complaints

Privacy Officer

NM Cloud Technologies Private Limited
Nellore, Andhra Pradesh — 524001
India

privacy@nmcloudtech.com

Regulatory Authority

If you are not satisfied with our response, you may lodge a complaint with:

Data Protection Board of India

Ministry of Electronics and IT, Government of India