NewInstance, Inc. ("NewInstance", "we", "us") operates the NewInstance platform — a customer-support workspace that connects support tickets, live & AI chat, customer portals, Bug Watch error monitoring, Secret Manager, the Docs Portal, and developer APIs (the "Service"). This policy explains what personal data we collect, how we use it, and the choices you have.

For personal data contained in the content our customers manage through the Service — such as their end users' details inside tickets and chat transcripts — the customer is the data controller and NewInstance acts as a processor on their instructions. For data about our own users and website visitors, NewInstance is the controller. Contact details are in section 12.

We collect the following categories of data when you use the Service:

We use the data described above to provide, operate, and secure the Service; to respond to your support requests; to prevent abuse, fraud, and misuse; to analyze usage so we can improve the product; and to send service communications such as security, billing, and feature notices.

We do not use the content of your tickets, chats, secrets, or documentation for advertising.

We process personal data in accordance with the Nigeria Data Protection Act 2023 (NDPA) and, where it applies, the EU/UK General Data Protection Regulation (GDPR). Our legal bases are: performance of a contract (providing the workspace you signed up for); our legitimate interests (keeping the Service secure, preventing abuse, and improving the product), balanced against your rights and freedoms; your consent, where required — for example for certain marketing communications; and compliance with legal obligations to which we are subject.

We share personal data only as needed to run the Service: with infrastructure and hosting providers that store and process data on our behalf; with the email providers you choose to connect (such as Gmail, Outlook, or your own SMTP server) so that email-to-ticket and outbound replies work; and with payment processors that handle billing.

We do not sell personal data. A current list of our subprocessors is available on request via the contact details in section 12.

We retain personal data for as long as your account is active and as needed to provide the Service.

After an account is terminated, customer content is deleted or anonymized within 90 days, unless a longer retention period is required by law — for example for billing and tax records. Residual copies held in encrypted backups age out on a rolling schedule.

We protect data with encryption in transit and at rest, AES-256 encryption for Secret Manager values, role-based access controls, and audit logging across the platform.

No method of transmission or storage is 100% secure. If a breach affecting your personal data occurs, we will notify you and the relevant authorities as required by applicable law.

We may process and store data in countries other than the one in which you live. Where personal data is transferred internationally from the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

Depending on where you live, you may have the following rights over your personal data:

To exercise any of these rights, contact us using the details in section 12. If your request concerns data controlled by one of our customers, we may redirect you to them or forward your request on. You also have the right to lodge a complaint with your local supervisory authority, including the Nigeria Data Protection Commission (NDPC).

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will remove it.

We may update this policy from time to time. We will post the updated version on this page and revise the "Last updated" date above; if a change is material, we will notify you by email or through the Service before it takes effect.

For privacy questions or data-protection requests, contact us at privacy@newinstance.cloud. We respond to verified requests within the timelines required by applicable law.