Legal

Privacy Policy

Last updated: December 2025

1. Introduction

NebusAI ("we," "our," or "us") is an enterprise AI platform and technology company. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise AI platform, related products (including Olympus Cloud, Restaurant Revolution, and Creator Revolution), and associated services.

2. Information We Collect

Information You Provide

  • Account Information: Name, email address, phone number, company name, job title, and business address when you create an account or request access.
  • Payment Information: Credit card details and billing information processed through our PCI-compliant payment processors.
  • Business Data: Client project data, AI model configurations, analytics data, and operational information you enter into the platform.
  • Communications: Messages, feedback, and support requests you send to us.

Information Collected Automatically

  • Usage Data: How you interact with our platform, features used, API calls made, and performance metrics.
  • Device Information: Device type, operating system, browser type, and IP address.
  • Location Data: General location based on IP address for fraud prevention, compliance, and service optimization.
  • Log Data: Server logs, error reports, and diagnostic information for platform stability.

3. How We Use Your Information

  • Provide, maintain, and improve our AI platform and services
  • Process transactions and send related information
  • Send administrative messages, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Analyze usage patterns to improve our platform and AI models
  • Detect, prevent, and address technical issues, fraud, and security threats
  • Comply with legal obligations
  • Develop new features, products, and services

4. AI Model Training and Your Data

Your Data Is Not Used to Train Models Without Consent

We take your data privacy seriously, especially as it relates to AI and machine learning:

  • No Training Without Consent: Your business data, project data, and proprietary information are never used to train, fine-tune, or improve our AI models unless you have provided explicit, written consent.
  • Data Isolation: Each client's data is logically isolated using row-level security and tenant separation. Your data is never accessible to other clients.
  • Model Inputs and Outputs: When you use our AI features, your inputs and the AI-generated outputs are processed in real time and are not stored for model training purposes unless you opt in.
  • Aggregated Insights: We may use fully anonymized and aggregated usage statistics (such as feature popularity or error rates) to improve the platform. These statistics cannot be traced back to any individual or organization.
  • Opt-In Programs: If we offer programs that use client data to improve model performance, participation is always voluntary and governed by a separate data processing agreement.

Third-Party AI Providers

Our platform routes AI requests through our ACP (AI Control Plane) Router, which may use third-party AI providers. We ensure that:

  • All third-party providers are contractually prohibited from using your data for their own model training
  • Data is transmitted securely using end-to-end encryption
  • We maintain audit logs of all AI processing activities

5. Data Sharing

We do not sell your personal information. We may share information with:

  • Service Providers: Third parties that perform services on our behalf (cloud infrastructure, payment processing, analytics), bound by confidentiality agreements.
  • Legal Requirements: When required by law, subpoena, or to protect our rights and the safety of our users.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to affected users.
  • With Your Consent: When you explicitly authorize us to share information with specified third parties.

6. Data Security

We implement enterprise-grade security measures including:

  • SOC 2 Type II certification
  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest for all stored data (AES-256)
  • Row-level security and tenant isolation across all data stores
  • Regular security audits, penetration testing, and vulnerability scanning
  • Zero-trust networking architecture
  • Multi-factor authentication support

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Upon account termination, we retain data for up to 30 days to allow for data export, after which it is securely deleted. We retain certain information as required by law or for legitimate business purposes such as fraud prevention.

8. Your Rights

Depending on your location, you may have rights to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your data (subject to legal requirements)
  • Export your data in a portable format
  • Opt out of marketing communications
  • Restrict or object to certain processing activities
  • Withdraw consent for AI data processing at any time

9. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

10. GDPR Compliance

For users in the European Economic Area, we comply with GDPR requirements including lawful basis for processing, data minimization, purpose limitation, and cross-border transfer protections. We use Standard Contractual Clauses for international data transfers.

11. Children's Privacy

Our services are designed for business use and are not directed to individuals under 18. We do not knowingly collect personal information from children.

12. Cookies and Tracking

We use essential cookies for platform functionality and optional analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings. We do not use third-party advertising trackers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and sending notification via email or in-platform alerts.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Questions About Your Privacy?

Our team is happy to answer any questions about how we handle your data.

Contact Us Terms of Service