Privacy Policy

1Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.

1.1 Information You Provide

• Account Registration: Name, email address, company name, phone number, billing address, and password when you create an account.
• Payment Information: Credit card numbers, bank account details, or other payment information processed through our PCI-DSS-compliant payment processors. We do not store full payment card numbers on our servers.
• Communications: Messages, support tickets, emails, and other communications you send to us.
• Configuration Data: Technical settings, domain names, IP addresses, and network configurations you submit when setting up our Services.

1.2 Information Collected Automatically

When you visit our website or use our Services, we automatically collect:

• Usage Data: IP addresses, browser type and version, operating system, referring URLs, pages visited, time and date of visits, and clickstream data.
• Service Traffic Data: Network traffic metadata processed through our CDN and security infrastructure, including source/destination IP addresses, request headers, and protocol information, to the extent necessary to deliver and secure the Services.
• Device Information: Hardware identifiers, device type, and network connection type.
• Log Data: Server logs recording requests to our infrastructure, error logs, and performance metrics.

1.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar technologies. See Section 8 (Cookies Policy) for full details.

1.4 Information from Third Parties

We may receive information about you from:

• Business partners and resellers who refer you to our Services
• Payment processors and fraud prevention services
• Identity verification services
• Publicly available sources for business contact information

2How We Use Your Information

We use the information we collect for the following purposes:

We do not sell your personal information to third parties for monetary consideration.

3Information Sharing and Disclosure

We may share your information in the following circumstances:

3.1 Service Providers

We engage trusted third-party vendors to assist in delivering our Services, including:

• Cloud infrastructure and hosting providers
• Payment processors
• Email and communication service providers
• Analytics providers
• Customer support platforms

These providers are contractually obligated to use your information only to perform services on our behalf and to maintain appropriate security measures.

3.2 Business Transfers

If Nebula Global LLC undergoes a merger, acquisition, sale of assets, reorganization, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements and Safety

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, or valid legal process (such as subpoenas, court orders, or government requests)
• Protect the rights, property, or safety of Nebula Global LLC, our customers, or the public
• Detect or prevent fraud, security incidents, or technical issues
• Enforce our Terms of Service or other agreements

3.4 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, or other business purposes.

3.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4Data Security

We implement industry-standard technical, administrative, and physical safeguards to protect your personal information, including:

• Encryption: Data transmitted between you and our Services is encrypted using TLS/SSL. Sensitive data at rest is encrypted using AES-256.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication required for internal systems.
• Network Security: Our infrastructure is protected by the same WAF and DDoS mitigation technologies we offer to customers.
• Monitoring: We maintain continuous security monitoring, intrusion detection systems, and incident response procedures.
• Vendor Management: Third-party service providers are required to maintain equivalent security standards through contractual obligations.
• Periodic Audits: We conduct regular security assessments and vulnerability testing.

5Your Privacy Rights

Depending on your location, you may have the following rights:

5.1 Right to Access

You may request a copy of the personal information we hold about you.

5.2 Right to Correction

You may request that we correct inaccurate or incomplete personal information.

5.3 Right to Deletion

You may request that we delete your personal information, subject to certain exceptions (e.g., where retention is required by law or to complete a transaction).

5.4 Right to Data Portability

You may request that we provide your personal information in a structured, commonly used, machine-readable format.

5.5 Right to Opt-Out of Marketing

You may opt out of receiving marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at privacy@wafcdn.com

5.6 Right to Restrict Processing

In certain circumstances, you may request that we restrict the processing of your personal information.

6California Residents — CCPA/CPRA Rights

This section applies to residents of California under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

6.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

6.2 Sources of Personal Information

We collect personal information directly from you, automatically through your use of our Services, and from third-party partners as described in Section 1.

6.3 Business/Commercial Purposes for Collection

We collect personal information for the business and commercial purposes described in Section 2.

6.4 Categories of Third Parties with Whom We Share Information

Service providers, payment processors, analytics partners, and law enforcement as described in Section 3.

6.5 Your CCPA/CPRA Rights

California residents have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business/commercial purposes, and the categories of third parties we share it with.
• Delete: Request deletion of personal information we have collected, subject to exceptions.
• Correct: Request correction of inaccurate personal information.
• Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising as defined under CPRA.
• Limit Use of Sensitive Personal Information: Where applicable, request that we limit our use of sensitive personal information to providing requested services.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different level of quality because you exercised your rights.

6.6 Submitting a CCPA Request

To submit a verifiable consumer request:

• Email: privacy@wafcdn.com (Subject: "CCPA Request")
• We will verify your identity by matching information you provide against our records
• Authorized agents may submit requests on your behalf with written authorization

7Nevada Residents

Nevada residents may opt out of the sale of personally identifiable information. While we do not currently sell personal information, Nevada residents may submit an opt-out request to privacy@wafcdn.com. We will honor verified opt-out requests within 60 days.

8Cookies Policy

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. We also use similar technologies such as web beacons, pixel tags, and local storage.

8.2 Types of Cookies We Use

8.3 Managing Cookies

You can control and manage cookies through:

• Your browser settings (see your browser's help documentation)
• Our cookie consent banner upon first visit
• Opt-out tools provided by our analytics partners (e.g., Google Analytics Opt-out)

Note: Disabling strictly necessary cookies may affect the functionality of our Services.

8.4 Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not alter our data collection practices in response to DNT signals, as no uniform standard exists. We will reassess this position if a standard is adopted.

9Third-Party Services

Our website and Services may contain links to third-party websites, integrations, or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

We use the following categories of third-party services that may process personal information on our behalf:

• Cloud infrastructure providers (servers, storage, networking)
• Payment processors (credit card and ACH processing)
• Analytics platforms (website traffic analysis)
• Email service providers (transactional and marketing emails)
• Customer support ticketing systems

10Children's Privacy (COPPA)

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years of age in violation of the Children's Online Privacy Protection Act (COPPA).

If we discover that we have inadvertently collected personal information from a child under 13, we will promptly delete such information. If you believe we have collected information from a child under 13, please contact us immediately at privacy@wafcdn.com.

Our Services are intended for businesses and adults aged 18 and older. Users between 13 and 17 should only use the Services with the consent and supervision of a parent or legal guardian.

11International Data Transfers

Nebula Global LLC is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our Services, you consent to the transfer of your information to the United States and other countries, which may have data protection laws that differ from those of your home country.

For users in the European Economic Area (EEA) or United Kingdom, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) when transferring personal data internationally.

12Data Retention

We retain personal information for as long as necessary to:

• Maintain your account and provide Services
• Comply with legal obligations (including tax and accounting requirements)
• Resolve disputes and enforce agreements
• Pursue legitimate business interests

When personal information is no longer required, we securely delete or anonymize it. Account information is generally retained for the duration of your account plus three (3) years, unless a longer retention period is required by law.

13Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated Privacy Policy on this page with a new "Last Updated" date
• Send an email notification to registered users at least 30 days before the changes take effect (for material changes)
• Display a prominent notice on our website

Your continued use of our Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

14Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: