Legal

GDPR Compliance

Our Commitment to Your Data

Last updated: February 2026

Our Commitment

Nebula DNS is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). We have implemented comprehensive technical and organizational measures to ensure compliance and safeguard your data rights.

Privacy by Design

Built with privacy at the core

Data Encryption

End-to-end encryption

Full Transparency

Clear data practices

Data We Process

We process the following categories of personal data:

#Data TypeDetails
1Account InformationName, email address, company name, billing address
2DNS Query MetadataQuery domain, timestamp, query type, response code (IP addresses are anonymized)
3Usage DataDashboard interactions, feature usage, performance metrics
4Payment InformationProcessed securely through Stripe (we do not store full credit card details)

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our DNS security service

Legitimate Interest

Security monitoring, fraud prevention, service improvement

Legal Obligation

Compliance with tax, accounting, and data retention laws

Consent

Marketing communications (you can opt-out anytime)

Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data we hold
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure (Right to be Forgotten): Request deletion of your data when no longer necessary
Right to Restriction: Limit how we use your data under certain circumstances
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)

Data Processing Agreement

When you use Nebula DNS, we act as a data processor on your behalf. We have established a comprehensive Data Processing Agreement (DPA) that outlines:

  • The subject matter, duration, nature, and purpose of processing
  • Types of personal data and categories of data subjects
  • Our obligations and your rights as the data controller
  • Security measures and data breach notification procedures
  • Sub-processor management and international transfers

Enterprise customers receive a signed DPA as part of their onboarding. Other customers can request a copy by contacting privacy@nebuladns.io

International Data Transfers

Our primary data centers are located in the European Union. When we transfer personal data outside the EU/EEA, we ensure adequate protection through:

Standard Contractual Clauses

EU Commission-approved transfer mechanisms

Adequacy Decisions

Transfers to countries with adequate data protection

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:

Email:

dpo@nebuladns.io

Our DPO is available to answer questions about our data practices and assist with exercising your rights.

How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. Email privacy@nebuladns.io with your request
  2. Include your account email and specific right you wish to exercise
  3. We will verify your identity and respond within 30 days
  4. If needed, we may request additional information to confirm your identity
Note: You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

Privacy questions?

Our privacy team is here to help

Contact Privacy TeamView Privacy Policy