Data Processing Addendum - Needle Data Protection
Last updated: May 17, 2026
1. Introduction
This Data Processing Addendum ("DPA") supplements our Privacy Policy and Terms of Service. It describes how VS NextGen Solutions ("we," "our," or "us") processes personal data in compliance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023, and other relevant regulations.
Important: This DPA applies to all personal data processing activities conducted through our Needle platform.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Data Subject: The natural person to whom personal data relates
- Data Controller: The entity that determines the purposes and means of processing personal data
- Data Processor: The entity that processes personal data on behalf of the controller
- Processing: Any operation performed on personal data, including collection, storage, use, and deletion
3. Data Processing Details
3.1 Categories of Personal Data
We process the following categories of personal data:
- Account Information: Email address; and when the user signs in with Google, display name and profile photo from their Google account (when they sign in with email link, only email is used)
- Authentication Data: Sign-in method (Google sign-in or email link sign-in) and associated account identifiers
- Usage Data: Search queries, platform preferences, usage patterns
- Search History: Encrypted search keywords and results stored securely
- Technical Data: IP address, browser type, device information
- Plan Information: Subscription details and usage limits
- Communication Data: Support requests and correspondence
3.2 Purposes of Processing
We process personal data for the following purposes:
- Providing and maintaining the Needle product (Search, dashboard analytics, Trending Problems)
- User authentication and account management
- Processing search requests and delivering results from social platforms
- Storing encrypted search history securely
- Improving our algorithms and service quality
- Tracking usage limits and plan enforcement
- Customer support and communication
- Legal compliance and regulatory requirements
3.3 Legal Basis for Processing
We process personal data based on the following legal grounds:
- Consent: When you explicitly agree to data processing
- Contract Performance: To fulfill our service obligations
- Legitimate Interest: To improve our service and prevent fraud
- Legal Obligation: To comply with applicable laws
4. Data Subject Rights
Under applicable data protection laws, you have the following rights:
- Right of Access: Request information about your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to certain types of processing
- Right to Withdraw Consent: Withdraw consent at any time
5. Data Security Measures
We implement appropriate technical and organizational measures to protect personal data:
5.1 Technical Safeguards
- Cloud security rules and authentication
- Encryption of sensitive search data before storage
- Secure HTTPS connections for all data transmission
- Database security rules preventing unauthorized access
- Regular security audits and vulnerability assessments
- Rate limiting to prevent abuse
5.2 Organizational Safeguards
- Employee training on data protection
- Confidentiality agreements and access restrictions
- Data protection impact assessments
- Incident response and breach notification procedures
- Regular policy reviews and updates
6. Data Retention
We retain personal data only for as long as necessary. We have implemented automatic data retention policies to manage data lifecycle:
- Account Data: Until account deletion or 3 years of inactivity (user profiles, authentication data, plan information)
- Search activity and saved discovery results: Public material you materialize in Needle is kept on a rolling basis - by default about three months - unless your subscription includes a longer retention window we advertise for comparable data, in which case we apply that longer period. Automated cleanup runs on a regular schedule.
- Brand and automation settings: Configuration you save stays with your account while it remains active unless you delete it; run history and stored posts tied to those features follow the same rolling schedule as search activity above.
- Analytics Data: Aggregated data retained for up to 2 years
- Support Communications: 3 years for service improvement
- Usage Statistics: Stored securely for plan enforcement
- Trending Data: Daily trending problems and statistics retained for 6 months for trend analysis
- Legal Compliance: As required by applicable laws
Automatic Deletion: Our system automatically deletes old user data (searches, Auto Search and brand profile data) older than the configured retention period. This process runs daily to ensure data is not retained longer than necessary. Retention periods are configurable per data type and may be adjusted by administrators. You will be notified if retention policies change significantly.
7. Data Transfers
We may transfer personal data to third parties in the following circumstances:
- Service Providers: Cloud services, analytics providers, AI services
- Data Storage: Secure cloud database for user data and search history
- Caching Services: Performance optimization services
- Analytics: Usage tracking and performance monitoring
- Legal Requirements: When required by law or court order
- Business Transfers: In case of merger or acquisition
- Consent: When you explicitly consent to the transfer
International Transfers: We ensure adequate protection for any international data transfers through appropriate safeguards.
8. Data Breach Notification
In the event of a data breach that may affect your personal data:
- We will notify affected users within 72 hours
- We will report to relevant authorities as required by law
- We will provide details about the breach and mitigation steps
- We will offer guidance on protective measures you can take
9. Business Information
Needle is operated by the business identified below. Details are published in good faith for transparency and support. If you believe any item is incorrect or out of date, email support@useneedle.net and we will correct this page after verification where appropriate.
Business Details
- Business Name: VS NextGen Solutions
- Parent Company: Needle is a product of VS NextGen Solutions (https://vsnextgensolutions.com/)
- Business Structure: Sole Proprietorship
- Registration: Udyam Registered (MSME) – Govt. of India
- MSME Certificate Number: UDYAM-KR-03-0578420
- MSME Registration Date: 05-08-2025
- MSME Category: Micro Enterprise
- Business Address: Bengaluru, Karnataka, India
- Contact: support@useneedle.net
10. Changes to This Addendum
We may update this Data Processing Addendum from time to time. We will notify users of material changes by posting the new addendum on this page and updating the "Last updated" date. Your continued use of our service after such changes constitutes your acceptance of the new addendum.
11. Related Policies
For more information about our policies and practices, please review our other legal documents:
12. Contact Information
For any questions about this Data Processing Addendum or to exercise your data protection rights, please contact us at support@useneedle.net