Privacy & Cookie Policy

// Last updated: 10.06.2026 · versiunea în română

NEBULARO OÜ ("nebula.ro", "we") respects the confidentiality of your data. This policy describes what data we collect, how we use it and what rights you have under the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).

1. Data controller

NEBULARO OÜ
Registered in the Estonian Commercial Register (Äriregister)
Registry code: 16163129
VAT number (KMKR): EE102341638
Registered office: Pikk tn 11-9, 10123 Tallinn, Harju maakond, Estonia
Contact: ···

2. What data we collect

We collect data only when you send us a message through the contact form:

Name — so we can address you personally
Email address — so we can reply to you
Message content — so we understand what you need help with
Date and time of submission and IP address — for security and anti-spam

We do not collect browsing data, we do not use third-party analytics and we do not build user profiles.

3. Purpose and legal basis of processing

Purpose	Legal basis
Responding to your contact request	Steps taken at your request prior to a potential engagement (Art. 6(1)(b) GDPR)
Spam and abuse prevention (honeypot, hCaptcha, submission rate limiting)	Legitimate interest (Art. 6(1)(f) GDPR)

Submitting the form requires ticking the box confirming you have read this policy — so you know exactly what happens to your data before you send it to us.

4. How long we keep the data

Messages and contact data are kept for a maximum of 12 months from receipt, after which they are deleted. If you want earlier deletion, write to us at ···.

5. Who we share the data with

We do not sell, rent or share your data with third parties for commercial purposes. To operate the site we use the following providers (processors), each bound by GDPR obligations:

Mailjet SAS (France, EU) — delivery of messages sent through the contact form;
hCaptcha — Intuition Machines, Inc. (USA) — anti-bot protection on the form; data transfers to the USA take place under the EU-U.S. Data Privacy Framework (details in section 7);
the hosting provider of the web server (EU).

6. Cookies

We only use first-party cookies that are essential for the site to work — no tracking, advertising or analytics:

Name	Purpose	Duration	Type
`nebula_consent`	Remembers that you have seen the cookie notice	365 days	Essential
`PHPSESSID`	Technical session, set when submitting the form, used to limit the number of submissions (anti-spam)	Session (deleted when the browser closes)	Essential

The hCaptcha service may set its own cookies strictly for the anti-bot verification function, only when you reach the contact form (see section 7).

You can delete cookies at any time from your browser settings. Deleting the nebula_consent cookie will show the notice banner again.

7. Third-party services: hCaptcha

To protect the contact form against bots we use hCaptcha, provided by Intuition Machines, Inc. (USA). The hCaptcha script loads only when you approach the contact form — not when the site opens. During verification, hCaptcha processes your IP address and technical browser signals, exclusively to distinguish humans from bots. Details: hCaptcha privacy policy.

The site's fonts are hosted locally, on our own server — visiting the site sends no request to Google or any other font network.

8. Your rights (GDPR)

Under the GDPR, you have the right to:

Access — find out what data we hold about you
Rectification — correct inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Restriction of processing — in certain circumstances
Portability — receive your data in a structured format
Withdraw consent — at any time, without retroactive effect
Complain — to a supervisory authority (ANSPDCP in Romania or the Estonian Data Protection Inspectorate, AKI)

For any request regarding your data: ···. We reply within a maximum of 30 days.

9. Security

The connection to our site is encrypted via HTTPS/TLS. Data submitted through the form is processed on secured servers and is not stored in public databases.

10. Changes to this policy

The version in force is always the one published on this page, identified by the last-updated date in the header. For significant changes we will display a visible notice on the site.

11. Contact

For any question related to data protection:
📧 ···