Data Terms

These Data Terms apply when Nebulons AI processes customer data, service data, support materials, or related information in connection with its products, APIs, enterprise environments, or professional services. They supplement the Terms of Use and any applicable commercial agreement.

If an order form, master services agreement, data processing addendum, enterprise schedule, or other written contract expressly addresses the same subject matter, that contract will control to the extent of any inconsistency.

Depending on the service relationship, Nebulons AI may act as a controller, processor, service provider, or similar role recognized under applicable privacy law. In customer-managed or organization-managed service environments, the customer or organization typically determines the purposes for which customer data is submitted and the manner in which the service is configured.

The customer is responsible for determining whether the services are suitable for the data it chooses to submit, for identifying the applicable legal role of each party, and for obtaining all necessary consents, authorizations, notices, or other legal bases required for the intended processing.

Nebulons AI will process customer data only as necessary to provide, secure, maintain, support, and improve the contracted services, to prevent abuse, to comply with law, and as otherwise instructed through the customer configuration, service documentation, support requests, or applicable written agreement.

The customer instructs Nebulons AI to process customer data for service delivery, account administration, diagnostics, debugging, security monitoring, capacity planning, abuse prevention, incident response, and other operational activities reasonably necessary to provide the services in a secure and reliable manner.

The customer remains responsible for the legality, quality, and accuracy of the data it submits to the services, as well as for the means by which the data was collected. The customer is also responsible for user management, permissions, internal policy decisions, and all use of the services under its accounts or environments.

The customer will not provide customer data to Nebulons AI unless it has a lawful basis to do so and unless the relevant data subjects, individuals, or organizations have been provided whatever notices and protections are required by applicable law.

Nebulons AI maintains a security program that is designed to protect customer data against unauthorized or unlawful access, disclosure, alteration, loss, or destruction. The program may include access controls, logging, authentication mechanisms, role-based permissions, change management, incident handling, vendor review, secure development practices, and encryption measures where appropriate.

Security controls are assessed and updated over time in light of technical evolution, risk conditions, service design, and operational needs. No security program can eliminate every risk, and customers remain responsible for configuring the services appropriately for their own use cases and threat models.

Nebulons AI may use affiliates and third-party service providers to support hosting, storage, networking, customer support, analytics, identity management, communications, billing, and related operations. Those providers may process customer data only to the extent reasonably necessary to perform services on behalf of Nebulons AI and subject to appropriate contractual and operational controls.

Where required by law or contract, Nebulons AI will make subprocessor information available through appropriate channels and will remain responsible for the acts and omissions of subprocessors to the extent required under the applicable agreement.

Customer data may be processed in the jurisdictions where Nebulons AI, its affiliates, cloud providers, or subprocessors operate. Those jurisdictions may differ from the jurisdiction in which the customer or relevant individuals are located.

Where customer data is transferred across borders, Nebulons AI will implement transfer mechanisms and supplementary protections where reasonably required under applicable law, taking into account the nature of the services and the relevant processing activities.

Nebulons AI will retain customer data for the period necessary to provide the services, comply with legal obligations, maintain security and integrity records, resolve disputes, and enforce agreements, subject to the applicable customer configuration, documentation, or written contract.

Upon expiration or termination of the relevant service, Nebulons AI may delete or render inaccessible customer data in accordance with the applicable agreement, operational schedules, and backup cycles, unless law requires retention or the customer requests continued retention where available.

If Nebulons AI becomes aware of a confirmed security incident involving customer data, Nebulons AI will take steps reasonably designed to contain, investigate, and mitigate the incident and, where required by law or contract, notify the affected customer without undue delay.

Nebulons AI notifications may include the information reasonably available at the time, and additional information may be provided as the investigation progresses. Nebulons AI will not be required to disclose information that would compromise security, legal privilege, or another customer.

Where Nebulons AI acts as a processor or equivalent role and where required by law, Nebulons AI will provide reasonable assistance to the customer in responding to data subject requests, lawful regulator inquiries, and required privacy assessments, taking into account the nature of the processing and the information available to Nebulons AI.

The customer remains responsible for independently assessing whether a request is valid, communicating with the requesting party, and satisfying its own legal obligations unless the parties agree otherwise in writing.

Where required by applicable law or written contract, Nebulons AI may provide information reasonably necessary to demonstrate compliance with these Data Terms, including through summaries of security practices, certifications, documentation, or responses to reasonable written questions.

Any audit, review, or inspection right must be exercised in a manner that avoids unreasonable disruption, preserves the confidentiality and security of Nebulons AI systems and other customers, and complies with reasonable procedural conditions imposed by Nebulons AI.

Nothing in these Data Terms prohibits Nebulons AI from generating or using de-identified, anonymized, aggregated, or statistical information that does not identify the customer or any individual and that cannot reasonably be used for that purpose. Nebulons AI may use such information for security analysis, benchmarking, planning, research, and product improvement.

Nebulons AI may also use service telemetry, operational logs, and other technical metadata to maintain, diagnose, secure, and improve the services, provided that such use is carried out in accordance with applicable law and the governing service terms.

Nebulons AI may update these Data Terms to reflect changes in law, privacy practice, service design, infrastructure, or operational controls. Updated terms will become effective as stated in the revised version unless a different timing is required by contract or law.

Questions relating to these Data Terms may be directed to Nebulons AI through the contact channels made available on our website or through your existing contractual relationship.