Last updated: April 2026
NEIGH Consulting LTD ("NEIGH", "we", "us", or "our") operates the NEIGHPalm platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
We may collect the following types of information:
You retain ownership of all content and data you submit to NEIGHPalm. We process your data solely to provide the service. We retain your data for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements.
We do not sell your personal data. We may share information only in the following circumstances: (a) with your consent; (b) to comply with legal obligations; (c) to protect the rights, safety, or property of NEIGH, our users, or the public; (d) with service providers who assist in operating the platform under strict confidentiality agreements.
We implement appropriate technical and organisational measures to protect your data. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
Depending on your jurisdiction, you may have rights to access, correct, delete, or export your data, or to object to or restrict certain processing. To exercise these rights, contact us at the address below.
Your data may be processed in jurisdictions outside your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.
We rely on the following lawful bases under GDPR Article 6: (a) Contract — to provide the NEIGHPalm service to your organisation; (b) Legitimate interests — to secure, monitor, and improve the platform (system logs, audit logs, abuse prevention); (c) Legal obligation — to comply with regulatory record-keeping demands (audit trails, breach notifications); (d) Consent — for any optional analytics or marketing communications. Where processing relies on consent, you may withdraw it at any time without affecting prior processing.
You may request access to, rectification of, erasure of, restriction of, or portability of your personal data, and you may object to processing based on legitimate interests. To exercise any of these rights, email privacy@neigh.io or open a request from the in-app Privacy Requests page. We respond within one calendar month (Article 12(3)). You also have the right to lodge a complaint with your supervisory authority — for EU residents, the relevant Data Protection Authority of your Member State; for UK residents, the Information Commissioner’s Office.
The platform’s “AI vCISO” assistant uses Anthropic’s Claude models to generate responses based on the policy text and live platform data of your tenant. AI-generated text is informational and does not constitute legal advice. We do not use your prompts or tenant data to train any third-party model — Anthropic processes data under its zero-retention enterprise terms.
The platform uses a small set of sub-processors. Each is bound by a Data Processing Agreement and either (a) is established in the EEA or (b) relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers outside the EEA. The current list, with purpose, jurisdiction, and transfer mechanism, is published at neigh.io/sub-processors and updated whenever it changes.
Customers can subscribe to change notifications by emailing privacy@neigh.io. We commit to announcing new sub-processors at least 30 days before they begin processing customer data.
Privacy enquiries, DSARs, and complaints: privacy@neigh.io.
General contact: operations@neigh.io.
Data Controller: NEIGH Consulting LTD, registered in Israel. EEA representative: see /sub-processors § EEA representative for the current appointment status. Until a representative is formally appointed, EEA data subjects can reach us at the privacy address above.