PRIVACY POLICY

Last updated: January 2025

1. Introduction

At Nebula ("we", "our", "us"), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Nebula
Contact: Discord Support

3. Data We Collect

We collect minimal data necessary to provide our services:

• Email Address: To deliver your license key and send important service notifications.
• Hardware ID (HWID): A hashed identifier of your device to enforce license terms and prevent unauthorized sharing.
• Payment Information: Processed securely by Stripe. We never see or store your card details.
• IP Address: For security purposes and fraud prevention (automatically deleted after 30 days).

4. How We Use Your Data

We use your data exclusively for:

• Delivering your license key after purchase
• Verifying your license when you use our services
• Providing customer support
• Preventing fraud and unauthorized access
• Sending important service updates (not marketing)

5. Legal Basis for Processing

We process your data based on:

• Contract: Processing necessary to fulfill your purchase and provide our services.
• Legitimate Interest: Fraud prevention and security measures.
• Consent: Where required, we will ask for your explicit consent.

6. Data Sharing

We share your data only with:

• Stripe: Our payment processor, for secure transaction handling. Stripe's Privacy Policy
• Vercel: Our hosting provider, for website delivery. Vercel's Privacy Policy

We never sell your data to third parties.

7. Data Security

We implement robust security measures:

• TLS 1.3 encryption for all data in transit
• Secure, encrypted database storage
• Regular security audits
• Access controls and authentication
• PCI-DSS compliant payment processing (via Stripe)

8. Data Retention

We retain your data for:

• License data: Duration of your subscription + 30 days
• Transaction records: 7 years (legal requirement for accounting)
• IP logs: 30 days
• Support tickets: 1 year after resolution

9. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Restriction: Request limited processing of your data

To exercise these rights, contact us on Discord. We will respond within 30 days.

10. Cookies

We use minimal cookies:

• Essential cookies: For website functionality (cart, language preference)
• No tracking cookies: We do not use advertising or analytics cookies

11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, please contact us for immediate deletion.

12. International Transfers

Your data may be processed outside the EEA by our service providers (Stripe, Vercel). These transfers are protected by Standard Contractual Clauses approved by the European Commission.

13. Changes to This Policy

We may update this policy periodically. Significant changes will be notified via email or website announcement. Continued use of our services after changes constitutes acceptance.

14. Contact & Complaints

For privacy questions or concerns:

• Discord: Open a support ticket

If you're not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.