Privacy Policy

Pion Global Private Limited (“Pion Global”, “we”, “us”, or “our”) respects your privacy and is committed to protecting the personal information and customer data entrusted to us. This Privacy Policy explains how we collect, use, process, store, share, retain, and protect information when you access the NexGenQE product website at https://www.nexgenqe.com, use NexGenQE services powered by the PIEDAP platform at https://www.piedap.io, visit https://www.pionglobal.com, or interact with related Pion Global websites, product pages, support channels, events, forms, and communications.

NexGenQE is an AI-powered Quality Engineering platform that helps teams accelerate testing, improve defect detection, optimize test coverage, automate quality workflows, and deliver reliable software with greater confidence. NexGenQE is a proprietary product owned and operated by Pion Global Private Limited, an Indian IT products and services company offering technology consulting, product engineering, digital transformation, quality engineering, DevOps, AI solutions, and platform-based services.

By accessing our websites, registering an account, requesting a demo, submitting a form, or using NexGenQE or related PIEDAP services, you acknowledge that your information will be handled as described in this Privacy Policy. If you are using NexGenQE on behalf of an organization, you represent that you are authorized to do so and that your organization may have additional contractual terms, including a data processing agreement, order form, or master services agreement.

This Privacy Policy applies to information collected through the NexGenQE product website, NexGenQE platform services, the PIEDAP platform environment that powers NexGenQE, related Pion Global websites, customer support interactions, product demos, webinars, marketing communications, and integrations configured by customers. This Privacy Policy does not govern the privacy practices of third-party websites, platforms, or services that are not owned or controlled by Pion Global.

Depending on the context, Pion Global may act either as a data controller or as a data processor. We generally act as a data controller for information collected through our public websites, marketing forms, demo requests, events, newsletters, recruitment or business communications, and account administration. We generally act as a data processor when we process customer data, project data, test artifacts, requirements, execution results, integrations, and related information on behalf of enterprise customers within NexGenQE, based on the customer’s documented instructions and applicable contractual terms.

We collect different categories of information depending on how you interact with NexGenQE and PIEDAP.

a. Information You Provide Voluntarily
• Identity and contact details: name, business email address, phone number, organization name, designation, country, and communication preferences.
• Account details: username, encrypted or hashed password, role, workspace or project membership, access permissions, authentication metadata, and account status.
• Business and platform content: requirements, user stories, test cases, test suites, automation scripts, defect details, release information, documents, project metadata, quality metrics, - QA assessment inputs, and feedback submitted by users or customer administrators.
• Support and communications: emails, support tickets, chatbot or helpdesk conversations, product feedback, webinar registrations, demo requests, survey responses, and meeting --- - - - notes where provided.
• Billing and contracting information: where applicable, billing contact details, purchase information, tax or invoicing details, and contract-related business identifiers. Payment card --- - - - data, if any, is typically processed by authorized payment processors and not stored directly by NexGenQE unless expressly stated.

b. Information Collected Automatically
• Device and usage data: IP address, browser type, operating system, device identifiers, referring pages, pages visited, session duration, feature usage, click patterns, time stamps, logs, - and diagnostic information.
• Security and audit data: login attempts, session events, access logs, administrative actions, permission changes, API calls, integration activity, and system-generated audit trails.
• Cookies and tracking technologies: cookies, pixels, local storage, and similar technologies used for authentication, security, analytics, personalization, and performance measurement.

c. Information from Third-Party or Public Sources
Where permitted by law and applicable contracts, we may receive business contact information, metadata, integration identifiers, authentication attributes, issue-tracking data, repository metadata, test execution results, or similar information from partners, system integrators, identity providers, cloud providers, DevOps tools, ticketing systems, CI/CD tools, test automation tools, and other third-party services configured by customers.

Customer Data refers to information submitted, uploaded, generated, processed, or stored by customers and authorized users within NexGenQE or related PIEDAP services. This may include project requirements, test artifacts, execution results, defect records, automation outputs, documents, user assignments, comments, and integration data. Customer Data is processed only for authorized service-related purposes, including platform delivery, support, security, troubleshooting, performance improvement, contractual obligations, and compliance with applicable law.

Customers are responsible for ensuring that they have the necessary rights, permissions, notices, and lawful bases to upload or process Customer Data within NexGenQE, including any personal data contained in project artifacts, attachments, issue records, or integrated systems. Customers should avoid uploading unnecessary sensitive personal data unless it is required for the configured use case and permitted under applicable law and contract.

We process information for the following purposes:

• To create and manage user accounts, authenticate users, provision workspaces, and enable secure access to NexGenQE services powered by PIEDAP.
• To deliver AI-powered quality engineering capabilities, including test case generation, test optimization, automation support, defect analysis, impact analysis, risk-based testing, reporting, dashboards, workflow execution, and quality insights.
• To personalize product experience based on user role, organization, industry, product configuration, project context, and user preferences.
• To provide customer support, respond to inquiries, conduct onboarding, resolve technical issues, and communicate service updates, release notes, security notices, and administrative messages.
• To conduct platform analytics, performance monitoring, product improvement, reliability engineering, capacity planning, and feature usage analysis.
• To protect the platform, detect misuse, prevent unauthorized access, monitor security events, investigate suspected fraud or abuse, and enforce terms of service or contractual obligations.
• To manage commercial relationships, demos, proposals, contracts, invoices, renewals, marketing communications, webinars, and customer success activities.
• To comply with applicable legal, regulatory, contractual, tax, audit, dispute resolution, and law enforcement obligations.

The NexGenQE platform website uses cookies and similar tracking technologies to ensure the proper functioning of the platform, enhance user experience, analyze usage patterns, and maintain security. These may include essential cookies for authentication and session management, performance and analytics cookies to understand system usage, and security-related cookies to detect and prevent unauthorized access. Where required by applicable laws, such as GDPR and DPDP, GRCNest obtains user consent for non-essential cookies and provides users with the ability to manage or disable cookies through browser settings or cookie preference controls; however, disabling certain cookies may impact the functionality of the platform. You may manage your cookie preferences using the cookie banner on our website or adjust settings in your browser.

NexGenQE may engage trusted third-party sub-processors to support the delivery of its services, including cloud infrastructure, data storage, analytics, and security operations. All sub-processors are carefully evaluated and contractually bound to meet stringent data protection, confidentiality, and security requirements consistent with applicable laws such as GDPR and DPDP, as well as industry standards like ISO/IEC 27001 and SOC 2. NexGenQE maintains an up-to-date list of sub-processors and, where required, provides customers with prior notice of material changes, enabling them to review or raise objections in accordance with applicable agreements.

NexGenQE may integrate with third-party platforms and services, including cloud providers, identity providers, DevOps tools, CI/CD systems, code repositories, test automation tools, defect management systems, service management platforms, analytics tools, and enterprise applications. Data shared with such integrations is processed based on customer configuration, permissions, and instructions, and only to the extent necessary to provide the requested service. Third-party integrations and external websites may be governed by their own privacy policies, terms, and security practices. NexGenQE is not responsible for independent practices of external services that are not owned or controlled by Pion Global.

Pion Global takes the security of personal data and Customer Data seriously and implements appropriate technical and organizational measures designed to protect information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures may include:

• Encryption of data in transit using TLS/SSL and encryption at rest using industry-standard encryption mechanisms, where applicable.
• Role-based access control, least-privilege access, identity and access management, multi-factor authentication where configured, and administrative access restrictions.
• Audit logging, monitoring, vulnerability management, secure development practices, incident response procedures, and periodic security reviews
• Secure cloud infrastructure, backup controls, environment segregation, configuration management, and access review processes.
• Data minimization, confidentiality obligations, employee access controls, vendor due diligence, and security awareness practices.

Although we use reasonable and industry-aligned safeguards, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to improve our security posture and protect information in our care.

We retain personal data and Customer Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, provide the subscribed services, comply with contractual and legal obligations, resolve disputes, enforce agreements, maintain security, conduct audits, and support legitimate business needs. Retention periods may vary depending on the type of data, customer configuration, contractual terms, legal requirements, and backup cycles. After the applicable retention period, data will be deleted, anonymized, securely archived, or otherwise handled in accordance with applicable law and contract.

Customers and authorized administrators may request export, deletion, or closure of accounts or workspaces in accordance with applicable contracts, product capabilities, and legal obligations. Certain information may be retained for a limited period in backups, logs, audit records, security records, billing records, or legal archives where necessary for security, compliance, dispute resolution, or legal requirements. Where deletion is requested by an individual user, we may need to verify the request and coordinate with the relevant customer organization where the data is controlled by that customer.

NexGenQE and related PIEDAP services may involve cross-border processing or storage of information, including through cloud infrastructure, support teams, or sub-processors located in different jurisdictions. Where applicable, we implement appropriate safeguards such as Standard Contractual Clauses, data processing agreements, contractual commitments, transfer risk assessments, access controls, and equivalent mechanisms required under applicable data protection laws. By using NexGenQE, customers acknowledge that information may be processed in jurisdictions where Pion Global, its affiliates, or authorized service providers operate, subject to applicable safeguards.

NexGenQE is intended for enterprise quality engineering and software delivery use cases and is not designed for collecting sensitive personal data unless expressly required by a customer’s configured use case. Users should not upload government identification numbers, health information, financial account details, biometric data, children’s data, passwords, secrets, production credentials, or other sensitive personal data unless they are authorized to do so and appropriate safeguards have been configured. Pion Global may restrict, delete, or require remediation of content that violates applicable law, contractual terms, or platform security requirements.

NexGenQE is designed to support alignment with applicable privacy, data protection, information security, and governance requirements relevant to enterprise software quality engineering environments. Our platform practices and controls are intended to help customers meet their internal compliance obligations by supporting secure data handling, role-based access, auditability, traceability, controlled processing, and responsible use of AI-assisted capabilities. While customers remain responsible for determining and meeting their specific regulatory and contractual obligations, NexGenQE continuously works to strengthen its platform, processes, and safeguards in line with recognized security, privacy, and compliance expectations.

NexGenQE is committed to maintaining trust, transparency, security, and compliance across its AI-powered quality engineering platform. We design our processes, controls, and product capabilities to support responsible data handling, privacy protection, access control, auditability, and secure use of customer information. NexGenQE aims to align with applicable data protection, information security, and governance requirements by implementing appropriate technical and organizational safeguards, including secure authentication, role-based access, encryption, monitoring, controlled data processing, and transparent governance. We continuously work to strengthen our compliance posture, improve platform reliability, and help customers use NexGenQE with confidence in regulated, enterprise, and software delivery environments.

NexGenQE follows privacy-by-design and data-minimization principles by collecting and processing only the information reasonably necessary to deliver platform functionality, support customer requirements, secure the service, and meet legal or contractual obligations. Product features are designed to support configurable access, audit trails, role-based permissions, customer-controlled integrations, and appropriate retention practices. We encourage customers to configure NexGenQE in a manner that aligns with their internal privacy, security, and compliance requirements.

Depending on your jurisdiction and the nature of processing, you may have rights to access, correct, update, delete, restrict, or object to processing of your personal data; withdraw consent where processing is based on consent; request data portability; opt out of certain marketing communications; or lodge a complaint with a competent data protection authority. To exercise these rights, contact us at [email protected]. We may need to verify your identity before fulfilling a request. Where we process data on behalf of an enterprise customer, we may redirect your request to that customer or process it based on the customer’s instructions.

We may send product updates, newsletters, event invitations, thought leadership content, and marketing communications where permitted by law or based on your consent. You may opt out of marketing emails by using the unsubscribe link in the email or by contacting [email protected]. Even after opting out of marketing communications, you may continue to receive transactional, security, support, contractual, or service-related communications necessary for the operation of NexGenQE.

NexGenQE is a business-to-business product intended for adult professionals and enterprise users. We do not knowingly collect personal data from children or individuals under 16 years of age. If we become aware that such data has been collected without appropriate authorization, we will take reasonable steps to delete it or handle it in accordance with applicable law.

In the event of an actual or reasonably suspected unauthorized access, disclosure, alteration, loss, or destruction of personal data or Customer Data, NexGenQE will promptly initiate incident response procedures aligned with industry practices. Where a data breach is likely to result in a risk to the rights and freedoms of individuals, we will notify affected customers without undue delay and, where applicable, within the timelines required by applicable data protection laws, including the GDPR and the Digital Personal Data Protection Act, 2023 (India).

Where reasonably available, breach notifications may include the nature and scope of the incident, categories of data affected, potential impact, mitigation measures taken or proposed, and recommended actions for customers or users. NexGenQE will take reasonable steps to contain, investigate, remediate, and prevent recurrence of incidents, including root cause analysis and corrective actions where appropriate. Where required by law, we will cooperate with relevant regulatory authorities and fulfill applicable reporting obligations.

NexGenQE is committed to addressing concerns, complaints, or requests regarding the processing of personal data in a timely and transparent manner. In accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 (India), users may raise grievances or exercise privacy rights by contacting the designated privacy contact or grievance channel at [email protected]. Upon receipt of a complaint, NexGenQE will review the matter, take appropriate action, and communicate the outcome within timelines prescribed by applicable law, where applicable.

This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of India, without regard to conflict of law principles. Subject to applicable law and contractual dispute resolution provisions, the courts located in Bangalore, Karnataka, India shall have jurisdiction over matters arising from or relating to this Privacy Policy.

NexGenQE is committed to addressing concerns, complaints, or requests regarding the processing of personal data in a timely and transparent manner. In accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 (India), users may raise grievances or exercise privacy rights by contacting the designated privacy contact or grievance channel at [email protected]. Upon receipt of a complaint, NexGenQE will review the matter, take appropriate action, and communicate the outcome within timelines prescribed by applicable law, where applicable.

NexGenQE is committed to addressing concerns, complaints, or requests regarding the processing of personal data in a timely and transparent manner. In accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 (India), users may raise grievances or exercise privacy rights by contacting the designated privacy contact or grievance channel at [email protected]. Upon receipt of a complaint, NexGenQE will review the matter, take appropriate action, and communicate the outcome within timelines prescribed by applicable law, where applicable.