Privacy Policy

NebulaSEO ("we," "our," or "us") operates the website nebulaseo.com and provides AI-powered local SEO services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. By using NebulaSEO, you agree to the collection and use of information in accordance with this policy.

We collect information you provide directly to us, including your name, email address, agency name, and billing information when you register for an account. We also collect information through your Google account when you connect via Google OAuth, including your Google profile information and, with your explicit permission, access to your Google Business Profile data. We automatically collect certain technical information including IP addresses, browser type, device information, and usage data when you use our platform. When you use the NebulaSEO iOS app, we additionally collect: (a) an Apple Push Notification Service ("APNs") device token that we use solely to deliver alerts you have enabled (new Google reviews, payment failures, referral commission earned, post approvals); (b) the business address coordinates you provide for each location, which we use to render Google Maps rank grids and rank-tracking heatmaps. We do NOT collect device location or background location. (c) photos you upload to the post-automation image library, stored in our secure blob storage and used only to attach to Google Business Profile posts you publish through the app.

When you connect your Google Business Profile to NebulaSEO, we access your business listing information, posts, reviews, and analytics data solely to provide our SEO optimization services. We use Google's official APIs and comply with Google's API Services User Data Policy. We do not sell your Google Business Profile data to third parties. You may revoke NebulaSEO's access to your Google account at any time through your Google Account settings at myaccount.google.com.

We use the information we collect to provide, maintain, and improve our services; process transactions and send related information; send technical notices and support messages; respond to your comments and questions; and send marketing communications (which you may opt out of at any time). We use your Google Business Profile data exclusively to deliver the SEO optimization features you have requested, including automated posting, review management, and rank tracking.

We do not sell, trade, or rent your personal information to third parties. We share limited information with trusted service providers who assist us in operating our platform: our payment processor (Stripe) processes subscription and invoice transactions, our AI provider (Anthropic) processes post drafts and review-response drafts, and our transactional email provider (Resend) delivers account, billing, and product notification emails. These parties are contractually bound to keep this information confidential and use it only to deliver the service they provide to us. We may also disclose your information when required by law or to protect our rights. Agency accounts that enable Stripe Connect to invoice their own clients additionally transmit client billing details (name, email, optional phone, invoice amounts and descriptions) directly to Stripe under the agency's own Stripe Connect account. NebulaSEO acts only as the platform that initiates the request; we do not store full payment card numbers, and the agency (not NebulaSEO) is the merchant of record for those client invoices.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is transmitted over HTTPS. Payment information is processed by Stripe and we do not store credit card details on our servers. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide you services. If you delete your account, we delete your account data immediately upon request (and in any case within 30 days), except where we are required to retain it for legal or business purposes. Billing records (invoices, billing-event ledger entries, and Stripe transaction history) are retained where required for tax, legal, or fraud-prevention purposes.

You have the right to access, update, or delete your personal information at any time through your account settings. You may also request a copy of your data or ask us to restrict processing of your data by contacting us at privacy@nebulaseo.com. If you are located in the European Union, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

We use cookies and similar technologies (including browser local and session storage) to operate our platform and hold certain information. Our first-party cookies and storage include: "_n_attr" (records which outreach link brought you to us; first-party; expires after 30 days); "nebula_ui" (remembers your interface preferences such as theme; first-party; expires after about 1 year); a session cookie used to keep you signed in; and, for the public sales chat, a "nebula_anon_id" identifier and related engagement timestamps stored in your browser's local/session storage so we can remember your active chat and recognize you if you return. We do not use third-party advertising or cross-site tracking cookies. You can instruct your browser to refuse all cookies, clear local/session storage, or indicate when a cookie is being sent. If you do not accept cookies, some portions of our platform may not function properly.

You do not need an account to run our free local-SEO audit or to use our public sales chat, and we collect some information through those tools before any account exists. Free audit: when you run a free audit we store the email address and business you enter, along with your IP address, and use them solely to count your free audits, prevent spam and abuse, and act as a receipt key for the audit you requested. Your free-audit email is not added to any marketing list and is not sold or shared. Sales chat: when you use the public sales chat we store an anonymous chat identifier (kept in your browser and on our servers), your IP address and browser/user-agent, the messages you send, and any business, city, or contact details you choose to provide. We use this to operate the chat, run any audit you ask for, prevent abuse, and improve the assistant. The text of your chat is processed by our AI provider (Anthropic) to generate replies. If you ask to speak with a human, we create a sales lead from the contact details you provide so a person can follow up with you. Retention and deletion: anonymous sales-chat sessions are automatically pruned after about 30 days of inactivity. Free-audit and sales-lead records are kept for as long as needed to enforce our anti-abuse limits and to follow up on inquiries. You can ask us to delete the information collected through these tools at any time by emailing privacy@nebulaseo.com with the email address or business you used; this is also how you exercise your access and deletion rights for any prospect data, whether or not you ever created an account.

Our platform integrates with third-party services including Google APIs (Business Profile, OAuth, Maps, Places, PageSpeed Insights), Stripe for payments (including Stripe Connect for agency-to-client invoicing), Anthropic for AI-powered content generation, DataForSEO for rank and competitor lookups, Apple Push Notification Service (APNs) for iOS notifications, Resend for transactional email delivery, and Cloudflare Turnstile for bot detection on the free-audit form. These third parties have their own privacy policies, and we encourage you to review them. NebulaSEO's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

NebulaSEO is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at privacy@nebulaseo.com and we will take steps to delete such information.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

For App Store transparency, the NebulaSEO iOS app's data collection maps to the following Apple data categories: Contact Info (email, name), used for app functionality and account management; Financial Info (payment info routed to Stripe; we do not retain card numbers), used for purchases and account management; User Content (posts, photos, business profile data you create or upload), used for app functionality; Identifiers (user ID, device push token), used for app functionality and analytics; Usage Data (product interaction), used for analytics and app functionality; Diagnostics (crash data, performance metrics), used for app functionality. The app does NOT collect precise device location, browsing history, contacts, health & fitness, sensitive personal info, or any data we share with data brokers.

You can delete your NebulaSEO account directly from the iOS app under Settings → Manage Account → Delete Account, or by emailing privacy@nebulaseo.com. Account deletion removes your account record, your linked Business locations, your push tokens, and your Google OAuth refresh tokens. Billing records (invoices, billing-event ledger entries, and Stripe transaction history) are retained where required for tax, legal, or fraud-prevention purposes (see Section 7).

If you have any questions about this Privacy Policy, please contact us at privacy@nebulaseo.com.