Privacy Policy

Last updated: April 6, 2026

Nebula ("we", "our", or "us") operates the Nebula application and the website at getnebula.tech (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create a Nebula account, we collect your name, email address, and authentication credentials provided via third-party sign-in (such as Google OAuth).

1.2 Communication Metadata

When you connect your email or messaging accounts, Nebula accesses communication metadata to provide its core functionality. This includes:

Sender and recipient information (names, email addresses)
Subject lines and timestamps
Message read/unread status
Labels, folders, and thread identifiers
Engagement patterns (e.g., response frequency, typical response time)

1.3 Message Content

Nebula may access the content of your emails and messages solely to provide features you have explicitly enabled, such as AI-powered draft suggestions, message summarization, and priority classification. Message content is processed in real-time and is not stored on our servers beyond the duration necessary to deliver the requested feature.

1.4 Usage Data

We collect information about how you interact with the Service, including feature usage, preferences, session duration, and error logs. This data is used to improve the Service and diagnose issues.

1.5 Device Information

We may collect device type, operating system, browser type, and IP address for security and analytics purposes.

2. Google API Services — Limited Use Disclosure

Nebula's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Nebula:

Only uses Google user data to provide and improve the core user-facing features described in this policy.
Does not transfer Google user data to third parties, except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger/acquisition with adequate data protection.
Does not use Google user data for serving advertisements or for any purpose unrelated to the Service's core functionality.
Does not allow humans to read Google user data unless: (a) we have the user's affirmative agreement, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Classify and prioritize your communications using AI
Generate draft responses and message summaries
Build and refine your sender engagement profiles
Protect against unauthorized access and abuse
Communicate with you about the Service (updates, security alerts)
Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

Service Providers: We may share data with trusted third-party providers who assist in operating the Service (e.g., cloud hosting, analytics), subject to strict confidentiality agreements.
Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred, subject to this Privacy Policy.
With Your Consent: We may share data for other purposes with your explicit consent.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. Communication metadata used for AI features is retained only as long as necessary for the Service's functionality. You may request deletion of your data at any time (see Section 8).

When you disconnect a linked account or delete your Nebula account, we delete all associated data within 30 days, except where retention is required by law.

6. Data Security

We implement industry-standard security measures to protect your information, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Regular security audits and vulnerability assessments
Access controls and role-based permissions for internal systems
Secure OAuth 2.0 authentication — we never store your email password

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. International Data Transfers

Nebula is operated from Germany. If you access the Service from outside the European Economic Area (EEA), your data may be transferred to and processed in Germany. We ensure that any data transfers comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Restriction: Request restriction of processing of your data.
Portability: Request transfer of your data in a structured, machine-readable format.
Objection: Object to processing of your data for specific purposes.
Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@getnebula.tech. We will respond within 30 days.

Google Account Permissions

You can revoke Nebula's access to your Google account at any time by visiting your Google Account permissions page.

9. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. If we use analytics cookies, we will seek your consent where required by law.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete that data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Nebula
Alexander Grosse
Berlin, Germany
Email: privacy@getnebula.tech