Executive Summary

Tata Neu is India's most ambitious data aggregation play — combining flights (Air India), hotels (IHCL), groceries (BigBasket), medicines (1mg), luxury (Tanishq), insurance (Tata AIG), and more into one profile via NeuPass. At 44/100, aggregating consumer behavior across 20+ Tata companies under a single privacy policy creates the country's most comprehensive consumer profile.

How To Read This Analysis

This is an archived policy-only review of the company's public privacy policy. It is not a government certification and it is not legal advice.

For current public evidence from website trackers, policy findings and proof samples, see State of Privacy 2026.

We look for:

Notice and consent clarity

Purpose limitation

Data minimization

Retention and deletion language

Vendor and processor disclosures

Data Principal rights

Grievance redressal

Breach and security posture

Source Check

Source policy was reviewed for this archived analysis, but the old policy URL is not linked because public policy locations may have changed.

Date reviewed: 2026-02-22

Company: Tata Neu

Readiness score: 44/100

Policies and product behavior may have changed since review

Whether the current source policy still matches this archived policy-only review

Whether app, web and product flows match the policy

What To Do With This

If your company has a similar data model, use this analysis as a warning map. Do not copy the score. Map your own data flow.

Ask internally:

Do we collect similar categories of personal data?

Do we share data with the same number or type of vendors?

Can users understand why their data is shared?

Can we prove deletion, retention and grievance workflows?

What evidence would we show if questioned?

Overview

Tata Neu is a super app connecting the entire Tata Group consumer ecosystem through NeuPass loyalty points. A single NeuPass profile links: Air India flights, IHCL hotel stays, BigBasket groceries, 1mg medicines, Croma electronics, Tanishq jewellery, Tata Play entertainment, Tata Capital finances, and more. This is India’s most comprehensive consumer data aggregation attempt.

DPDP Readiness: Section-by-Section Analysis

The super app consent problem: Signing up for Tata Neu consents to data aggregation across potentially 20+ Tata companies. A single “I accept” covers:

Tata Entity	Data Collected	Sensitivity
Air India	Travel patterns, passport data	High
BigBasket	Grocery purchases, health products	High
1mg	Medicine purchases, prescriptions	Critical
IHCL Hotels	Stay patterns, lifestyle	High
Croma	Electronics, spending capacity	Medium
Tanishq	Jewellery spending, occasion data	Medium
Tata Capital	Financial applications, credit	Critical
Tata AIG	Insurance claims, health data	Critical

Combined, this creates the most detailed consumer profile in Indian commerce — all under one consent.

Section 9 — Data Retention 🔴

NeuPass loyalty data aggregates across all entities. No retention timelines defined. A customer’s 10-year Tata purchase history across flights, groceries, medicines, and hotels creates an intimate life record.

Section 11 — Rights of Data Principal 🔴

Can users participate in NeuPass but exclude specific Tata entities?
Can users delete data from 1mg but keep BigBasket?
No cross-entity data control mechanism
No nomination rights

Risk Assessment

Category	Risk Level	Potential Impact
Cross-entity profiling	Critical	20+ entities’ data combined
Health data aggregation	Critical	1mg + BigBasket + Tata AIG = health profile
Financial data aggregation	Critical	Tata Capital + spending = complete financial picture
Consent scope	Critical	One consent for entire conglomerate

The Super App Data Monopoly Problem

Tata Neu’s data combination potential:

Medicine purchases (1mg) + Grocery purchases (BigBasket) + Insurance claims (Tata AIG)
= Complete health profile without explicit health consent

Air India flights + IHCL hotels + Tanishq purchases
= Lifestyle, income, and travel profile

Tata Capital applications + Croma spending + Tanishq
= Complete financial picture

Recommendations

Implement per-entity consent controls — Let users choose which Tata entities share data through NeuPass
Create data aggregation transparency — Show users what profile NeuPass has built across entities
Establish health data firewalls — Prevent 1mg and health-related data from flowing to non-health entities
Define cross-entity retention — Clear timelines for how long aggregate profiles are maintained
Build entity-level deletion — Allow users to delete data from specific Tata entities independently

This page is old. Tata Neu was reviewed on 2026-02-22.

Tata Neu

Discuss this page with an LLM

Executive Summary

How To Read This Analysis

Source Check

What To Do With This

⚠️ Compliance Gaps

✅ Strengths

Overview

DPDP Readiness: Section-by-Section Analysis

Section 9 — Data Retention 🔴

Section 11 — Rights of Data Principal 🔴

Risk Assessment

The Super App Data Monopoly Problem

Recommendations

What Should You Do Next?

Fix these compliance gaps today.

This page is old. Tata Neu was reviewed on 2026-02-22.

Discuss this page with an LLM

Executive Summary

How To Read This Analysis

Source Check

What To Do With This

⚠️ Compliance Gaps

✅ Strengths

Overview

DPDP Readiness: Section-by-Section Analysis

Section 6 — Consent & Notice 🔴

Section 9 — Data Retention 🔴

Section 11 — Rights of Data Principal 🔴

Risk Assessment

The Super App Data Monopoly Problem

Recommendations

📖 Related Compliance Guides

What Should You Do Next?

Fix these compliance gaps today.