Personal phones and tablets are permitted for a limited set of low-risk activities — primarily Microsoft 365 mail/calendar, Slack, and approved SaaS web apps via browser — under the BYOD conditions in Information Security → Device policy:
No Confidential data at rest (no customer data, source code, secrets, or PII downloaded or cached on the device).
No production access from a personal device — that requires a Neuroscale-managed laptop.
MAM enrollment in Rippling is required for any BYOD mobile that pulls Microsoft 365 mail/calendar; this lets Neuroscale selectively wipe the Neuroscale-managed app container at offboarding without touching personal data.
Baseline hygiene: OS supported by the vendor and patched; full-device encryption on (modern iOS/Android default); screen lock with passcode/biometric.
Business contact information — names, phone numbers, email addresses — is fine to access. Customer data, source code, secrets, and internal documents are not. See Data Management.
Don’t store Neuroscale Confidential data on personal phones or tablets. This is a hard rule independent of the BYOD posture above; even a screenshot of a Confidential document on a personal device is a violation.
