Privacy Policy

1. Introduction

Nebula Labs Inc., together with its affiliates and subsidiaries (“Nebula”, “we”, “us”, and “our”), owns and operates https://alpha.haus/ and https://www.staking.haus/ (the “Sites”). When you visit the Sites, use our platform, applications, or interact with our customer support, sales, marketing, or event channels (collectively, the “Services”), we may collect information about you. Our policy is to respect your privacy and comply with any applicable law and regulation regarding any personal information you entrust us with. We take that trust seriously and are committed to protecting your privacy.

This Nebula Privacy Policy (“Privacy Policy”) explains our privacy practices with respect to what information we collect, how we use it, and what rights you have regarding your data. Please take the time to read it carefully. If you don’t agree or aren’t legally able to agree, please do not use our Services.

Important: Some Services involve interactions with public blockchains (such as Solana). Transactions and content posted to a blockchain are publicly visible, immutable, and beyond our control. While we can remove certain blockchain content from display in the user interface, we cannot delete, alter, or obscure it on the blockchain itself. This includes wallet addresses, messages, and transaction metadata. Public blockchain data may be accessed, used, and analyzed by anyone and linked to other data to identify you. You should consider the public and permanent nature of blockchain transactions before using the Services.

2. Personal Data We Collect

We distinguish between two categories of data: (A) “Off-Chain Data” – information we collect or process through our Site’s user interface, support, analytics, and related tools; and (B) “On-Chain Data” – information recorded on public blockchains as part of protocol use. Examples of Off-Chain Data include email addresses (if provided), support tickets, analytics logs, and marketing preferences. Examples of On-Chain Data include wallet addresses, transaction hashes, token balances, messages posted via the protocol. We treat wallet addresses as personal data when linked with other information that could identify a user, consistent with applicable law.

When you use the Services or otherwise interact with Nebula, we may collect data that identifies you or can be used to identify you, which is sometimes referred to as “personal information,” “personally identifiable information,” or “personal data” under applicable law. We refer to this kind of data in this Privacy Policy as “Personal Data.” When we say “Personal Data” we mean information that identifies you as an individual or relates to an identifiable individual. Personal Information does not include aggregated, de-identified, and/or anonymized information, i.e., when the information has been transformed so that it no longer relates back to a person’s identity. We do so to generate other data for our use, which we may use and disclose for any purpose.

We may also collect or receive other kinds of information about you automatically when you use the Services as described below in the Section entitled “Information collected automatically”. Please note that this kind of usage information may sometimes contain Personal Data.

We refer to all information collected about you collectively (including Personal Data and all other information) as “Information.”

3. How We Collect Information

Information That You Provide to Us

We and our Service Providers (as defined below in the section entitled “How information may be shared or disclosed”) may collect Information that you provide to us directly via the Services.

You share Information with us in various ways, such as when you:

• upload user-generated content to the Services;
• send us questions, comments or feedback;
• when you seek customer support;
• fill out online surveys or questionnaires;
• sign-up for any of our newsletters, materials or our Services;
• participate in promotions;
• apply as a candidate for employment; or
• otherwise communicate with us or other users of the Services.

When you engage in these activities, you may provide certain information to us and/or our Service Providers, which may include your name (optional), email address, and public key. Use of the Services requires you to connect an external non-custodial third-party digital wallet (“Wallet”). We maintain records of transactions conducted through your connected Wallet on the Sites, including posting messages on the Solana blockchain. Such records are associated with the public key address of your connected Wallet.

Your user-generated content may include any comments, questions, messages, works of authorship, and other content or information that you create, submit, transmit, or otherwise make available through the Services, along with any associated metadata. Metadata may include information regarding how, when, where, and by whom the content was created, collected, formatted, or edited. It may also include additional information provided by you or added to your content, such as keywords, geolocation data, or other similar attributes.

Messages, comments, and content you post through the Sites are stored on the blockchain. While we may be able to remove some of this content from being viewed from our Sites, we cannot edit or delete any information that is stored on a blockchain. You will be prompted to confirm a transaction in your Wallet for any user-generated content that will be stored on the blockchain.

In some cases, you may share Information with us about other users or third parties. When you provide such Information to Nebula, you agree that you have the right to provide such Information. We rely on you to obtain whatever consents may be required by law to allow Nebula to use such Information as described in this Privacy Policy.

Information Collected Automatically

When you access or use the Services, we and our Service Providers and third-party business partners may automatically collect certain Information about your use of the Services, such as:

• Log Data: When you interact with the Services, certain Information from your device or web browser may be automatically received and recorded, including your internet protocol (IP) address (and location derived from your IP address), device ID (e.g., UDID, MAC address), browser type and language, device operating system, model, configuration, settings, internet service provider (ISP), session IDs, session token data, authentication token data, mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type). When you use the Services, we may create and use user IDs or other online identifiers that indirectly identify you to collect information about your activities across the Services. If you encounter certain errors while using the Site or Services, we may also collect diagnostic information relating to the error, such as technical details about your device, the actions you were performing when the error occurred, and other relevant information.
• Cookies and other tracking technologies: When you visit the Services, certain “cookies”, web beacons and similar tracking technologies may be set on your device. For more information about cookies and how you can control what kinds of cookies are set on your device when you use the Services, please see the section below entitled “Our use of cookies and tracking technologies.”

While this information alone may not directly identify you, it may be possible to combine it with other data to identify a user. The specific data we collect may depend on your device and software settings. We recommend reviewing your device manufacturer’s or software provider’s policies to understand what information they make available to us.

Wallet Connections – Information from Third Parties

To use certain features of the Services, you must connect a supported Wallet, such as Phantom, Solflare, and Backpack. When you connect your Wallet, we receive your Wallet’s public key address and related network information (e.g., the blockchain network in use). We may also receive cryptographic signatures or other confirmations necessary to authenticate transactions or interactions you approve. We do not receive your private keys, seed phrase, or other credentials that grant direct access to your Wallet, and we will never request them.

Once connected, your Wallet’s public key address may allow us or others to view publicly available information on the blockchain, such as your current token balances, transaction history, or other on-chain activity associated with that address. We may record and store the public key address and details of transactions you execute through the Services (e.g., purchases, sales, transfers, or smart contract interactions). Please note that any data stored on a public blockchain is accessible to anyone and may be correlated with other information to identify you. We encourage you to consider the privacy implications of using a public blockchain before connecting your Wallet to the Services. Your use of any third-party application is subject to your agreements with that third party (including their terms of service and privacy notices).

4. How We Use the Information Collected

Nebula uses your Information for the commercial purpose of providing the Service and related functionality, or as otherwise specifically described in this Privacy Policy and as permitted by applicable laws, all of which serve the legitimate interests of Nebula, including the following:

• To operate our Services and business:
  • Provide, operate and improve the usability and effectiveness of our Services and business;
  • Provide functionality, analyze performance, troubleshoot, and fix errors.
• To communicate with you:
  • Send administrative and support messages;
  • Provide support and respond to inquiries, requests and feedback.
• To administer promotions and contests (“Promotions”):
  • Enforce the terms of the promotion which may include additional terms and conditions;
  • Disclosed to third parties for administrative purposes and as required by law.
• To provide you with transactional and marketing material:
  • Invite you to events or conferences;
  • Conduct research and surveys.
• To promote safety and security:
  • Prevent and detect fraud, abuse of Services and cyberattacks;
  • Protect the security of and harm to our Customers and others.
• For legal purposes and law enforcement requests:
  • Enforce the terms of use governing any Site and any other applicable terms and policies, and generally in connection with the administration and protection of our business;
  • Comply with applicable laws, rules, regulations, and legal obligations and processes;
  • Protect operations, rights, privacy, safety or property of ours, you or others;
  • Cooperate with public authorities including law enforcement and national security;
  • Pursue available legal remedies and/or defend legal claims.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice. If you are a California resident, please note that we do not collect or process sensitive personal information with the purpose of inferring any characteristics about California residents.

5. How Information May Be Shared or Disclosed

Subprocessors and Service Providers

Nebula uses the services of third-party vendors, contractors, consultants and service providers who need access to your Information (such as your Wallet address or other identifiers) in order to enable them to perform services on our behalf, provide support services to us, or to provide us with additional information necessary to provide our Services to you (“Service Providers”). We use Service Providers for a variety of functions across our Services, such as data and website hosting, analytics, fraud monitoring, and other data and transaction processing.

These Service Providers have access to Information (including Personal Data) needed to perform their services or functions, but are not permitted to use it for other purposes except as permitted under our contract with them or by applicable law. In some cases, these Service Providers and their designees are permitted to use your information to develop, provide or improve their services, subject to their own terms and privacy policies. They are bound by contractual obligations to ensure the security, privacy, and confidentiality of your information. Please see our list of Subprocessors at the end of this Privacy Policy.

Third Parties You Access, Authorize or Authenticate

We engage other companies and individuals to perform functions on our behalf, some of which are described below. For example, when you use certain features of the Services that integrate with third-party platforms, such as Wallets, those third parties may collect information from you or your device. In some cases, these third parties may also use your information for their own purposes, subject to their own terms and privacy policies, and you should review their terms and policies carefully. Nebula is not responsible for data collected, received, or used by third parties as a result of these integrations.

Business Transactions

All of your Personal Data that we collect may be disclosed or transferred to a third party in connection with a reorganization, merger, sale, transfer, assignment or other disposition of all or any portion of our business, assets or stock, including if we go out of business or enter into bankruptcy. Your Personal Data may be shared with our corporate parent or subsidiaries and affiliates, joint ventures, or for business transaction purposes consistent with this Privacy Policy.

Regulators and Competent Authorities

We may share your Information with law enforcement, government authorities, or other parties: (a) where we believe in good faith that such disclosure is required by law or is otherwise necessary to comply with legal obligations, protect your rights and safety or those of other individuals; (b) to protect, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity; or (c) to pursue available legal remedies and/or defend legal claims.

We may also create, use, and share aggregated and/or anonymized data (which does not identify you) for our own lawful business purposes or for use by others.

6. International Transfers

Our Services are offered from the United States (“U.S.”) and intended for visitors and users both within and outside the U.S. Currently, we store any information we collect in the U.S. If you choose to use our Services from the European Economic Area (“EEA”), the United Kingdom (“U.K.”) or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Data outside of those regions to the U.S. for storage and processing.

Where we transfer Personal Data from the EEA, the U.K., or Switzerland to the U.S. or other countries that have not been deemed to provide an adequate level of data protection, we rely on the European Commission’s Standard Contractual Clauses (and the U.K. Addendum or Swiss Addendum, as applicable) or other appropriate safeguards permitted under applicable data protection laws. These safeguards are designed to ensure that your Personal Data receives a level of protection that is essentially equivalent to that provided in your home jurisdiction. You may request a copy of these safeguards by contacting us using the details provided below.

We may also transfer Personal Data from the U.S. to other countries or regions in connection with storage, processing, providing the Services, and fulfilling your requests.

7. Rights of Users in the European Economic Area, United Kingdom and Switzerland

Legal Bases for Processing European Personal Information

If you are located in the EEA or the U.K., we only process your personal information when we have a valid “legal basis,” including as set forth below.

• Consent: We may process your personal information where you have consented to certain processing of your personal information. When we rely on consent as the legal basis, you have the right to withdraw your consent for data processing at any time.
• Legitimate Interests: We may process your personal information where we or a third party have a legitimate interest in processing your personal information. We only rely on our or a third party’s legitimate interests to process your personal information when these interests are not overridden by your rights and interests.
• Contractual Necessity: We may process your personal information where required to provide you with our Services or otherwise fulfill our contractual duties to you in accordance with our Terms of Service.
• Compliance with a Legal Obligation: We may process your personal information where we have a legal obligation to do so or to protect the rights, safety, and property of Nebula, our affiliates, users, or third parties.

Data Subject Requests

Subject to applicable law, you have the right to request access to the Off-Chain Personal Data we hold about you; to request that it be provided in a portable format; to ask that your Off-Chain Personal Data be corrected or deleted; and to object to, or request that we restrict, certain processing activities. Because blockchain networks are generally immutable, we are not able to correct or delete Personal Data that is recorded On-Chain; however, where feasible, we will take reasonable steps to minimize further processing of such data in accordance with applicable law.

If you would like to exercise any of these rights, please contact us at privacy@nebula.haus. We may need to verify your identity before processing your request as required by law.

Questions or Complaints

If you have concerns about our handling of Personal Data, we encourage you to reach out to us initially. However, if we cannot resolve your concern, you have the right to file a complaint with your local Data Protection Authority. Contact details for your Data Protection Authority can be found using the links below:

• For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
• For individuals in the UK: https://ico.org.uk/global/contact-us/
• For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

8. How You Can Control or Change What Is Collected

Nebula does not require you to create an account with us or include Personal Data when using our Sites. However, certain blockchain-based features or protocols may require you to connect a digital wallet to participate. When you connect a wallet, we may receive the wallet address and related transaction information, which may be considered Personal Data under applicable law. If you signed up for updates and newsletters, you can control which optional email messages you choose to receive by unsubscribing using the link at the bottom of each email. For information on opting out of cookies and other tracking technologies, please see the section below entitled “Our use of cookies and tracking technologies.”

9. Specific Information for U.S. Residents

This section provides extra information specifically for residents of certain U.S. states that have distinct data privacy laws and regulations. These laws may grant specific rights to residents of these states when the laws come into effect. This section uses the term “personal information” as an equivalent to the term “Personal Data.”

Privacy Information for California Residents

If you are a California resident, you may be entitled to certain rights with respect to your personal information under the California Consumer Privacy Act (“CCPA”). This section describes our practices regarding the collection, use, and disclosure of your personal information in the 12-month period prior to the date listed at the top of this Privacy Policy.

The CCPA provides California consumers with the following rights:

• Right to know about the personal information a business collects about them and how it is used and shared;
• Right to delete personal information collected from them (with some exceptions);
• Right to opt-out of the sale or sharing of their personal information;
• Right to non-discrimination for exercising their California privacy rights;
• Right to correct inaccurate personal information that a business has about them, subject to appropriate verification; and
• Right to limit the use and disclosure of sensitive personal information collected about them.

Categories of Personal Information Collected

The following categories of personal information have been collected by Nebula or its service providers on its behalf about California consumers via the Services in the 12-month period prior to the date listed at the top of this Privacy Policy:

• Internet activity information: Such as browsing history, search history, information about a consumer’s interaction with a website, or questions and other messages you address to us directly through online forms or by email.
• Online identifiers: Such as IP address, device ID, cookie IDs, user access tokens, and internal or third-party identification numbers.
• Location data: Such as city, state or country information.

Categories of Sources

• You
• Your device
• Third parties and publicly-available sources

Purposes of Collection

• To operate and provide our Services and business.
• To communicate with you.
• To administer Promotions.
• To send you transactional and marketing emails and messages in connection with the Services.
• To promote safety and security including preventing and detecting fraud and abuse in order to protect the security of our Customers, Nebula, and others.
• To enforce our terms of use for our Sites and other legal purposes.
• To respond to law enforcement requests.
• To comply with applicable law, regulations, and legal and regulatory processes.

Disclosure of Personal Information

The following categories of personal information may be disclosed to Service Providers or third parties for a business purpose in the 12-month period prior to the date listed at the top of this Privacy Policy:

We may also share your personal information with regulators and government entities when we are legally required to do so.

Right to Opt Out of Future “Sale” of Your Personal Information

California consumers have the right under California law to opt out of the “sale” of their personal information. The CCPA defines “sale” broadly and in a way that may in certain circumstances include allowing a third party to collect or receive certain data about you, such as cookies, IP addresses, and/or browsing behavior. Nebula does not sell your personal information to third parties without your consent.

Shine the Light Act

California law (under California Civil Code section 1798.83) known as the “Shine the Light” law, entitles California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.

Additional Information

Please note that certain data may be exempt under California law from access, data portability, and deletion requests. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or deletion twice within a 12-month period.

Privacy Information for Nevada Residents

If you are a resident of the State of Nevada, the Privacy and Security of Personal Data Chapter of the Nevada Revised Statutes Section 603A permits you to opt out of future sales of certain “covered information” that a website operator has collected or will collect about you. Nebula does not currently sell covered information as defined in Section 603A. We have no plans to sell covered information, but if you want to be notified if we do change that practice, please send your name and email address to privacy@nebula.haus.

Privacy Information for Connecticut, Colorado, Virginia or Nebraska Residents

If you are a resident of the State of Connecticut, Colorado, Virginia, or Nebraska you may take advantage of certain privacy rights, such as to request access, correction, or deletion of your personal information. Because we may “sell” personal information or engage in “targeted advertising” as these terms are defined in Connecticut, Colorado, Virginia and Nebraska laws, you may also exercise your right to opt-out of such sales or targeted advertising. You have the right to appeal a denial of your privacy rights.

You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Nebula does not engage in such profiling as defined by Colorado law or Nebraska law, so there’s no need to opt out.

How to Submit Your Request

If you would like to exercise your rights as a resident under the laws of California, Colorado, Connecticut, Virginia or Nebraska, you can submit a request at any time by sending an email to privacy@nebula.haus. We may request certain information about your interactions with our Services to verify your identity before we can respond to your requests. We will confirm receipt of your request within 10 business days and will respond to your request within 45 calendar days, after proper verification.

10. Our Use of Cookies and Tracking Technologies

When you browse, use, or interact with the Services, we and our Service Providers and other third parties may automatically collect certain Information, such as data about your device, browser, and online activity through automated means, including through the use of cookies and similar technologies.

What Are Cookies?

A “cookie” is a small text file that is sent to your browser or device. They allow Nebula and our Service Providers and other third-party business partners to recognize your browser and/or device and to transfer information about you and your use of the Services. “Session-based” cookies only exist while your browser is open and are automatically deleted when you close your browser. “Persistent” cookies last until they expire, or until you or your browser delete them, and they are used to recognize you when you return to a webpage. For more information about what cookies are and how they function, please go to AllAboutCookies.org.

What Types of Cookies May Be Used on the Services?

Both session-based and persistent cookies are used on the Services for a variety of purposes. Some of these cookies are “first-party cookies,” which means they are set by Nebula or our Service Providers or third-party business partners from Nebula-owned domains. Other cookies are “third-party cookies,” which means that they are controlled and set by third parties from third-party domains.

How Are Cookies Used on the Services?

• Strictly Necessary Cookies: These cookies are essential for the Services to function properly. These cookies are essential for you to browse our Website and access secure areas of the Services. You can set your browser to block them or alert you about the existence of these cookies, but if you do block them, the Services are unlikely to work properly.
• Preference Cookies: These cookies enable the Services to provide enhanced functionality and personalization. These cookies allow a website to remember choices you have made in the past. If you do not allow these cookies, then certain features of the Services are unlikely to work correctly.
• Performance Cookies: These cookies are used for data analytics purposes, so that we can measure and improve performance and design of the Services. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. If you restrict or block these cookies through your browser, we will not be able to tell that you visited the Services, and cannot track performance accurately.

How Can You Control the Use of Cookies?

You may instruct your browser to stop accepting cookies at any time or set your browser to prompt you before accepting cookies. Please note that if you do instruct your browser to block cookies, you may not be able to use or access some or all features or functionality of the Services.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Please note that there is no industry consensus as to what website operators should do with regard to these signals. Because of this, Nebula does not currently monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit AllAboutDNT.com.

11. Third Party Access and Links

This Privacy Policy does not apply to the practices of any third party that is not owned or controlled by Nebula. When you use third-party extensions, integrations, or follow references and links within our Services, to the extent that information is shared with any third party as described in this policy, use of your information by such third parties is subject to those third party terms of service and privacy policies, and you should review them carefully.

12. A Note About Children

We require all users to be 18 years of age or older under our applicable terms of use. Users who are ages 13 to 17 or older are permitted to browse and use the Services only through their parent or legal guardian, and only if they have permission and direct supervision of their parent or legal guardian. Nebula does not knowingly collect Personal Data from individuals under the age of 13 in the U.S. or under 16 in the EEA and U.K. If you are under 13, please do not submit any Personal Data through the Services. If we learn that we have inadvertently collected such data, we will UI-block and delete any associated Off-Chain Data. If you believe we may have Personal Data from a child under the age of 13, please contact us at privacy@nebula.haus.

13. Retention and Security

Nebula retains your Personal Data for as long as it is needed to provide the Services to you, or as permitted in light of the purpose(s) for which it was obtained and consistent with applicable law (for example, satisfying any legal, regulatory, tax, accounting or reporting requirements) and fulfill the purposes set out in this Privacy Policy. When we no longer need to use your Personal Data and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or anonymize it so that it can no longer be associated with you.

Nebula uses reasonable and appropriate administrative, technical, and physical security controls to protect your Personal Data from unauthorized use and disclosure in accordance with applicable law. However, due to the nature of the internet and transmission of information via the internet, no system can be guaranteed to be 100% secure. We cannot guarantee or warrant the security of the Information transmitted to us, and we cannot be responsible for the theft, destruction, loss or inadvertent disclosure of your information. Any such transmission is at your own risk.

14. Accessibility

If you have a disability and would like to access this policy in an alternative format, please contact us at privacy@nebula.haus.

15. Changes to This Privacy Policy

We may change this Privacy Policy from time to time to reflect new ways that we process your information. When we post modifications to this Privacy Policy, we will revise the “Last Updated” date at the top of this page. The modified Privacy Policy will be effective immediately upon posting on the Service. If we make significant changes that affect your information, we may also provide you notice of such changes through the Services, by email, or some other means of contact. We encourage you to periodically review this page for the latest information on our privacy practices.

16. How to Contact Us

If you have any questions, comments or concerns, you may contact us at privacy@nebula.haus.

17. Nebula List of Subprocessors