This Privacy Policy applies to the personal data that Nebius B.V., a company incorporated under the laws of the Netherlands and having its registered office at Schiphol Boulevard 165, 1118 BG Schiphol, the Netherlands (“Nebius,” “we,” “us,” or “our”), processes as a controller in connection with the Nebius AI Studio services (“Services”).This Privacy Policy does not apply to:
Third‑party offerings. Any products, services, or content provided by third parties even other Nebius group entities are governed by their own privacy policies.
This Privacy Policy uses the key terms as defined by the EU General Data Protection Regulation (GDPR). Unless we explicitly state otherwise, these terms carry the same meanings and must be interpreted in accordance with the GDPR. Under the “Learn more” button, you can review detailed definitions of the terminology we use.
Show Learn more
GDPR: This term stands for General Data Protection Regulation, the EU Regulation (EU) 2016/679 of the European Parliament and of the Council, adopted on 27 April 2016 and in force since 25 May 2018. It sets uniform rules across the European Union for the processing of personal data and the protection of individuals’ privacy rights.
Personal data: This term means any information relating to an identified or identifiable natural person (“data subject”).
Controller: This term means means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Performance of the contract: This term refers to the legal basis provided under Article 6(1)(b) of the GDPR. It means that the processing of personal data is necessary for the performance of a contract between you as a data subject and us, or to take steps at your request before entering into a contract.
Consent: This term means means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Legal obligation: This term refers to the legal basis provided under Article 6(1)(c) of the GDPR. It means that the processing of personal data is necessary for compliance with a legal obligation to which we, as the controller, are subject.
Legitimate interest: This term refers to the legal basis provided under Article 6(1)(f) of the GDPR. It means that the processing of personal data is necessary for the legitimate interests pursued by us or a third party. However, we want to clarify that we do not rely on this legal basis unless we have determined that our interests are not overridden by your interests or fundamental rights and freedoms as the data subject that require protection of personal data.
The standard contractual clauses approved by the EU Commission: This term refers to the appropriate safeguard for transfer of personal data to a third country provided under Article 46(2)(c) of the GDPR. For the purposes hereof, a third country is a country which is not in the EEA territory and is not recognized by the EU Commission as a country that ensures an adequate level of protection.
Registration. When you register to use our Services, you provide us with the following data:
Full name
Contact information, such as email address and phone number
Job title
Company name
Company size
Industry
Any other information you supply in the registration form
Third‑Party Authentication. If you choose to sign up using your Google or GitHub account (or another supported third‑party account), you authorize us to receive, store, and use any information that you have permitted the third party to share via its API. This may include, for example, your name, email address, profile picture, and any other data you have agreed to share.Model Interaction. When you interact with our Services through the Nebius AI Studio interface, you submit your inputs via the Nebius AI Studio interface. The categories of processed personal data include:
Inference planning: Data we can ask on intended use case and/or inference consumption to classify the user
Speculative decoding: Input(s) and output(s) for the purpose of training smaller models as specified in the Terms of Service
Service Payments. When you pay for our Services, we collect and process:
Payment details
Billing address (street, city, state/province, postal code, country)
Tax/VAT identification, if required for invoicing
Transaction records (dates, amounts, invoice/order numbers, payment status)
Additional payment-related details you provide
Contact & Inquiries. We collect the following information through the web form you complete to contact us or to submit your request or query to us, along with any other details you choose to provide:
First name
Last name
Email address
Phone number
Job title
Company name
Company website
Scenario you’re interested in (e.g. infrastructure or inference as a service)
Any other information you decide to share
Support Communications. We collect any information you provide when you communicate with us by email, live chat, support tickets, or other means, including the content of your messages and any associated details.Know Your Customer (KYC). We may ask you to provide information to verify your identity as part of our KYC procedures. This helps us comply with legal and regulatory requirements. You might be asked to submit:
A partially obscured copy of your government‑issued ID, showing only:
Your photograph
Your full name and surname
Your nationality
The place and type of document
The first four digits of the document number
Any other information necessary to complete our KYC checks
Service Use. When you use our Services, we automatically collect and generate metadata needed to provide, administer, and improve those services. This may include:
User identifiers and authentication credentials
Resource identifiers and related attributes
IP addresses
Operational status, software errors, and crash reports
Quality and performance metrics (e.g., latency, throughput, uptime)
Other technical details essential for the operation, maintenance, and troubleshooting of our Services
Marketing preferences
Zero data retention status
Cookies and Similar Technologies. For more details on this matter, please refer to Section 8 hereof.
When you provide information on behalf of another person or entity whether during registration or through any other interaction you confirm that you are authorized to:
Supply and process the submitted details for that person or entity;
Grant us the right to collect, use, and retain their information in accordance with this Privacy Policy.
By submitting third‑party information, you represent and warrant that you have obtained all necessary consents and permissions from the data subject or entity to permit us to handle their data as described herein.
We do not intentionally collect sensitive personal data (e.g., information revealing race, ethnicity, political opinions, religion, or similar) and ask that data subjects refrain from submitting such information.
We collect and use personal data only for purposes that are necessary to:
Process your requests and queries
Verify your identity if you contact us
Send you our newsletter
Enhance the performance and content of our websites
Tailor our services and websites to your preferences
Analyze trends
Comply with applicable laws
Protect us and our users/customers from fraud or other illegal activities
More specifically, we process personal data to:
Provide timely feedback to your questions and requests and/or take the necessary steps to conclude an agreement with you
Deliver our Services, including creating, updating, and personalizing your account; enabling accessibility features; processing payments; performing all operations required to provide and maintain the Services; handling support requests and other inquiries; sending notifications about Service changes; and supplying information relevant to your use of the Services
Develop, improve, and secure our Services, including speculative decoding
Evaluate the effectiveness of our promotional campaigns so we can better tailor them to your interests
Conduct analytics, statistics, development, and research, including sharing aggregated statistical data with our business partners and affiliates
All of the above is based on our legitimate interest in providing you with a superior experience and in fine-tuning our offerings to your needs.Additionally, we may process your personal data to:
Comply with legal obligations, judicial enforcement, and administrative orders under applicable law
Protect and enforce our rights, privacy, security, safety, systems, and property as well as those of other persons we are responsible for and to resolve disputes
Verify your identity during onboarding as part of our KYC (Know-Your-Customer) checks, authenticate you as an authorized user of the Services, and detect or prevent possible fraud
Perform audits and internal checks to ensure our processes comply with legal, contractual, and regulatory requirements
We also engage in notifications and promotional communications directly related to Nebius Services. We may send you messages about new features, offerings, events, and special opportunities via any contact method available to us (e.g., web notifications, email), through our website, or via marketing campaigns on other platforms, including social media. You can opt out of these communications at any time through the Services settings page or by following the unsubscribe link in our emails.
In certain jurisdictions outside the EEA, local laws may require your explicit consent before we process your personal data. By accessing, browsing, or using our websites, you agree to the processing of your personal data as outlined in this Privacy Policy. You may withdraw your consent at any time your withdrawal will not affect the legality of any processing carried out before you withdrew it.
Purpose of processing
Legal Basis
Example
Send you our marketing newsletters
Consent
Monthly newsletter about new Nebius AI Studio features, sent only after prior opt‑in
Improve website performance and content
Legitimate interest to improve website performance and content and optimize user experience
Analyzing page‑load times on the Nebius AI Studio (platform) and optimizing server responses
Analyze trends
Legitimate interest in analyzing usage trends to anticipate infrastructure needs, and deliver data-driven service enhancements
Shift in query types: e.g., from simple prompts to fine-tuning requests
Comply with applicable laws and regulations
Legal obligation
Retaining financial records to meet tax audit requirements
Deliver our services: create/update/personalize your account; process payments; handle support; send service notifications; finalize contracts with you
Contract performance
Registering a new Nebius AI Studio customer, and charging the service fee
Verify identity during onboarding (KYC checks)
Legal obligation
Performing customer verification checks to comply with anti‑money‑laundering regulations
We may share certain personal data with the following recipients, as required or permitted by applicable law and our legitimate interests:
Nebius Group:
For the purposes of providing and developing our services, we may share your personal data within the Nebius Group.
Service providers:
We engage third‑party providers to help deliver our Services such as for maintenance, auditing, payment processing, customer support, marketing, and development. These providers may access the personal data they need solely to perform their tasks on our behalf, and they’re contractually prohibited from using or disclosing it for any other purpose. If you purchase Nebius services, we may also use a payment provider who may independently collect additional information about you (for example, for fraud prevention or compliance with legal requirements).
Marketing and analytics providers:
With your prior consent, we may share data with marketing and analytics providers (e.g., Google Analytics) to understand and improve how you use our website.
Legal Disclosures:
We may disclose your information if required by law, subpoena, or other legal process - or whenever we have a good‑faith belief that disclosure is necessary to:
Investigate, prevent, or take action on suspected or actual unlawful activities, or to assist law‑enforcement agencies.
Enforce our agreements with you.
Defend against third‑party claims or allegations.
Protect the security or integrity of our services or those of our affiliates.
Safeguard the rights, safety, or property of Nebius, our users, employees, or others.
Change in Control or Sale:
We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy or as required by law.
According to the GDPR, you have certain rights as a data subject, including the right to access, right to data portability, right to rectification, right to withdraw consent, right to object, right to erasure, right to restriction of processing, right to lodge a complaint, and right to contact a Data Protection Authority (DPA). Please be aware that there may be limitations or exceptions to these rights, depending on the specific circumstances and legal requirements. If anything is unclear, please don’t hesitate to contact us and ask any questions. Below, you can find more information about these rights and how you can exercise them.
Show Learn more
Right of AccessYou may request access to the personal data we hold about you. We’ll provide details about how and why we process your data, the categories of data involved, any recipients, and other relevant information.
Right to Data PortabilityYou may receive the personal data you’ve provided to us in a structured, commonly used, machine‑readable format, and you can request that we transmit it directly to another controller where technically feasible.
Right to RectificationIf you believe your personal data is inaccurate or incomplete, you may request that we correct or update it.
Right to Withdraw ConsentIf our processing relies on your consent, you can withdraw it at any time. Withdrawal won’t affect the lawfulness of any processing carried out before you withdrew consent.
Right to ObjectYou can object to our processing based on legitimate interests or for direct marketing. We will stop processing unless we have compelling legitimate grounds or a legal requirement to continue. Objections to direct marketing are always honored.
Right to Erasure (“Right to Be Forgotten”)You may request deletion of your personal data unless processing is necessary for freedom of expression and information, compliance with a legal obligation, public‑interest tasks, or the establishment, exercise, or defence of legal claims.
Right to Restrict ProcessingYou may request that we suspend processing of your personal data if:
You contest its accuracy;
The processing is unlawful, and you oppose erasure;
We no longer need it, but you require it to establish, exercise, or defend legal claims; or
You have objected to processing pending verification of our legitimate grounds.
Right to Lodge a ComplaintYou may lodge a complaint with the supervisory authority in your country of residence, or with our lead supervisory authority - the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), if you believe we have infringed your rights. You can find a list of local data protection authorities here; for Israel – https://www.gov.il/en/departments/the_privacy_protection_authority/govil-landing-page.
Once you submit a request, we will review and respond promptly - typically within 30 days. In certain cases, we may need additional time to investigate and fulfil your request. Once completed, we will confirm via the email address you provided.By submitting a request, you confirm that you are the individual to whom the data relates and that you have the legal capacity and authority to act on your own behalf. We may verify your identity using the information you supply if there is any doubt. Additionally, where required by law, we may need to share your request and our response with third parties, including regulatory authorities.
We retain your personal data only for as long as it is necessary to fulfil the scopes described in this Privacy Policy. The exact length of time may vary depending on the type of data, the scope of processing, the category of users involved and - most importantly- whether we are compelled to retain certain personal data due to, for example, tax requirements or other legal obligations under applicable law, fraud‑prevention or safety considerations. When we process partially obscured copies of your ID, we retain them for a maximum of 18 months in order to maintain the necessary records for our yearly audits.Please consider that non‑personal data may be retained and used by Nebius without limitation, in particular for archiving purposes, public‑interest, statistical, historical or scientific research purposes.
We store your personal data in our data centres in the European Union. However, as a global organization, we may also process and transfer your personal data to other group companies or to third parties around the world for the purposes set out in this Privacy Policy - specifically, to fulfil our agreements with you, to respond to your requests, or, where applicable, based on your consent.Whenever we transfer your personal data outside the EU and EEA, we ensure its protection by implementing appropriate safeguards, including:
adopting the European Commission’s Standard Contractual Clauses (and their approved equivalents for Switzerland and the UK), or other approved transfer mechanisms;
encrypting personal data in transit;
maintaining internal policies to restrict access and promote awareness.
Your personal data may be transferred to and processed in countries other than the country in which you are resident. These countries may have data protection and privacy laws that are different to the laws of your country.We have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process from the European Economic Area (EEA) in accordance with European Union data protection law.Nebius complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Nebius has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Please refer to the Section 1 “Personal Data We Collect” to find out about the types of personal data collected by Nebius under the Data Privacy Framework.
7.3. Commitment to be subject to the Data Privacy Framework Principles
Nebius is committed to being subject to the Data Privacy Framework Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) in reliance on the relevant part(s) of the Data Privacy Framework program.
7.4. Purposes for collection and use of personal data
Please refer to the Section 1 “Personal Data We Collect” to find out about the purposes for which Nebius collects and uses personal data under the Data Privacy Framework.
7.5. How to contact us about any inquiries or complaints regarding Data Privacy Framework compliance
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Nebius commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Nebius at:DPO’s contact details: Marina Benassi Coslovi, privacy@nebius.comAddress: Schiphol Boulevard 165, 1118 BG Schiphol, the NetherlandsEmail: privacy@nebius.comPhone: +31 202066970
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Nebius commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
7.7. The type or identity of third parties to which we disclose personal information under the Data Privacy Framework, and the purposes for which we do so
Please refer to the Section 3 “To Whom We Disclose Your Personal Data” to find out about the type or identity of third parties to which we disclose personal data under the Data Privacy Framework, and the purposes for which we do so.
You also have the right to access any personal data that relates to you and which is processed under the Data Privacy Framework. Further information about this right can be found in the “Your rights” section below.
7.9. Your choices regarding use of your personal data Under the Data Privacy Framework:
You have the right to opt out of the disclosure of your “non sensitive” personal data to third party controllers and/or to the use of it for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.
You have the right to only have “sensitive” personal data about you disclosed to third party controllers and/or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you through exercise of opt-in choice.
For personal data processing that is controlled by Nebius, these choices can be exercised by contacting Nebius through the methods noted in the “Your rights” section below.
7.10. Subjection to the investigatory and enforcement powers of the Unite States Federal Trade Commission (FTC)
The Federal Trade Commission has jurisdiction over Nebius compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.
You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms. For additional information about this, please see here.
7.12. Requirement to disclose personal data in response to lawful requests by public authorities
Please be aware that Nebius may be required to disclose personal data that relates to you (and which is protected under the Data Privacy Framework) in response to lawful requests by public authorities including to meet national security or law enforcement requirements.
7.13. Nebius liability in cases of onward transfers to third parties
Nebius may transfer personal data for the purposes described in the Section 3 “To Whom We Disclose Your Personal Data” to a third party acting as a data controller or as an agent. If we intend to disclose personal data to a third party acting as a data controller or as an agent we will comply with, and protect, personal data as provided in the Accountability for Onward Transfer Principle of the Data Privacy Framework.Nebius remains liable for the processing of personal data received under the Data Privacy Framework and subsequently transferred to a third party acting as an agent if the agent processes such personal data in a manner inconsistent with the Data Protection Framework principles, unless we prove that we are not responsible for the event giving rise to the damage.
As outlined in our Cookie Policy, we use cookies and similar technologies such as pixels, ad tags and local storage to improve your experience, provide convenience, maintain security and serve you tailored ads. For simplicity, we call all these tools “cookies.” In practice, cookies support functions like authentication, security, feature enablement, advertising and analytics. There are two types of cookies: first‑party cookies set by us, and third‑party cookies set by our vetted partners.We collect marketing and analytics cookies based on your consent obtained via the cookie banner. If you’ve granted consent for cookies, you may modify or withdraw that consent at any time via the “Manage cookies” option on our websites.
Certain features of the websites are provided by third parties. These providers may collect information about your online activity to deliver personalized advertisements for products and services that might interest you.In addition, your activity on our websites may enable third parties such as search engines to infer your interests and show you tailored ads as you browse. Any data collection and processing by these third parties is governed solely by their own privacy policies, for which they are fully responsible. Nebius disclaims all liability for their practices. Please consult each third party’s Privacy Policy for more details.
Nebius maintains a dedicated security team and employs a combination of technical, administrative and physical controls to safeguard the personal data we process. We continually update and rigorously test these measures to ensure they remain state‑of‑the‑art.However, no system is completely impervious to attack, and no internet transmission can be guaranteed secure. While we strive to protect your data, we cannot promise that unauthorized access, hacking, data loss or other breaches will never occur. Any transmission of information is at your own risk.
This section of the Privacy Policy applies only to California residents. If you are a California resident, this section will prevail over other parts of the Privacy Policy in case of any discrepancies. To avoid any misunderstanding, personal information has the same meaning as personal data.Personal Information Collected over the Last 12 MonthsPersonal information we collected directly from you:
Categories of data collected
Data collected from you and why it was collected
Characteristics of protected classifications under California or Federal law
We do not intentionally collect any information on your protected classifications
Commercial information
Records of services with Nebius
Precise Geolocation Data
We do not collect precise geolocation data
Financial Information
Payment and Billing Information. Please note that Nebius relies on third‑party payment providers to handle your payments and does not retain your payment information
Biometric Data
We do not collect biometric data
Audio, electronic, visual, thermal, olfactory, or similar information
Audio may be recorded during online calls, provided that the party being recorded has given their consent
Internet/Network Activity
Internet Protocol address (IP address), browser type and language, sending and exiting pages, information about the date and time stamps, information about visits, logs
Professional or Employment-related Information
Field of activity or occupation, job title, and company name
Education Information
We do not collect Education Information
Device Information
Operating system, browser type, device ID (with consent)
Categories of Personal Information Sold in the last 12 monthsWe do not sell your personal information to third parties.Categories of Personal Information Disclosed over the last 12 months
Categories of Data Disclosed
Types of Entities to Which Data Was Disclosed
Reason for Disclosure of Data
Categories of Recipients
Commercial information, Financial information, Internet/Network Activity Professional or Employment-related Information, Audio Information, Device Information
Please see section 3 with the detailed description
Please see section 2 with the detailed description
Please see section 3 with the detailed description
Information we sellNebius does not sell your personal information to third parties. “Sale” excludes transfers that occur as part of a merger, acquisition, asset sale or other similar business transaction involving all or part of Nebius. In such cases, your personal information may be transferred to the acquiring entity. If a transaction will materially change how we process your personal information, we will notify you beforehand.Your California Privacy RightsWe have implemented policies and procedures to help facilitate the exercise of privacy rights available to California residents under applicable law. If you are a California resident, you are entitled to the rights described in Section 4 of this Privacy Policy. In addition, you may be entitled to the following:
Disclosure of Direct Marketers
Show Learn more
California law allows California residents once a year to request information regarding our disclosure of your personal information, if any, to third parties for their direct marketing purposes during the preceding calendar year. This information includes:a. The categories of information we disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year;b. The names and addresses of third parties that received the information; andc. If the nature of the third party’s business cannot be determined from their name, to obtain examples of the products or services marketed.
Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information
Show Learn more
Upon receipt of a verifiable request, you may obtain a list of:
the specific pieces of your personal information that Nebius holds;
the categories of personal information collected about you, sold to third parties, or disclosed to third parties for business purposes;
the categories of personal information sold within the last 12 months;
the categories of sources from which personal information is collected;
the business or commercial purpose for collecting or selling personal information; and
the categories of third parties with whom personal information is shared, sold, or disclosed for a business purpose.
Right to Opt-Out of the Sale of Personal Information
Show Learn more
California residents have the right to opt-out of the sale of their personal information under certain circumstances.
Right to Non-Discrimination
Show Learn more
As defined under relevant law, you have a right to non-discrimination in the services or quality of services you receive from us for exercising your rights.Please contact us with the use of contact details specified in Section 15 of this Privacy Policy if you wish to exercise these rights. Note that we may ask you to verify your identity - such as by requiring you to provide information about yourself - before responding to such requests.
Submitting a Verifiable Request under the CCPA
Show Learn more
California residents have certain rights regarding their personal information under the California Consumer Privacy Act of 2018 (“CCPA”). Nebius will respond to an individual’s “verifiable request” to exercise their rights under the CCPA - that is, when Nebius has received a request purporting to be from a particular individual, and Nebius has been able to verify the individual’s identity. The need to verify an individual’s identity is crucial to protecting your information and ensuring that it is not shared with someone pretending to be you or not authorized to act on your behalf.You may submit a verifiable request using the contact details specified in Section 15 of this Privacy Policy. To process your request, we will ask you to provide information to help us verify your identity. This information may include your name, address, whether you have an account with Nebius, and any other information deemed necessary to reasonably verify your identity.Once we have your submission, we will compare the information you provide to the information we have on file to verify your identity. If necessary, we may request additional information if we have difficulty confirming your identity.We will not share your information or fulfil any requests if we are unable to confirm that a request is a “verifiable request”. If we cannot verify your identity, we will not be able to process your request.
Submitting a request through an authorized agent
Show Learn more
Under California law, a California resident can appoint an “authorized agent” to submit certain verifiable requests on their behalf, such as the right to know what information we collect or to request the deletion of the consumer’s information. An authorized agent may submit a request by following the steps outlined above.An authorized agent may submit a request by following the steps outlined above. However, the agent must identify the consumer they are acting on behalf of and provide the information necessary for us to verify the consumer’s identity. Additionally, we will require the authorized agent to submit proof of their authorization to act on the consumer’s behalf.To ensure the security and privacy of your information, we will request that you provide written consent for the person acting as your authorized agent. This consent may include us contacting you directly to confirm that the individual claiming to be your agent has your permission to access or delete your information. We will also verify your identity independently to ensure that an unauthorized person is not attempting to exercise your rights without permission.We will not share your information or honour any requests in situations where you have not provided written authorization for an agent to act on your behalf, or where we are unable to verify your identity.
Submitting a Request for Removal of Minor Information
Show Learn more
To request the removal of information about a minor from Nebius, parents or guardians may submit a request with the subject line “Removal of Minor Information.” This request must come from the minor’s parent or guardian; minors themselves may not submit information to us via email.Your submission should include the following details:
the nature of your request
the identity of the content or information to be removed
whether the content or information is found
the location of the content or information (e.g., providing the URL of the specific web page where the content or information is found)
a statement that the request is related to the “Removal of Minor Information”
your name, street address, city, state, ZIP code, and email address
If we become aware that a minor has provided personal data or otherwise used by Nebius in violation of the Privacy Policy, we will take steps to remove that information.Please note that our websites and services are not intended for use by individuals under the age of 18.
Our Policy on “Do Not Track” Signals under the California Online Protection ActWe do not support Do Not Track (DNT). DNT is a preference you can set in your web browser to inform websites that you do not wish to be tracked. You can enable or disable DNT by visiting the “Preferences” or “Settings” section of your web browser.Please note that third parties may collect data about you. We cannot control how third parties respond to Do Not Track signals or other similar mechanisms. The collection and use of data by third parties, and their responsiveness to Do Not Track signals, is governed by their respective privacy policies.
B. Privacy Information for Residents of other States (Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia)
Unless otherwise stated by the law of your state of residence, the provisions in Chapter A “Privacy Information for California Residents” will apply to the processing of your data. If you have questions related to your rights or any other aspects of this Privacy Policy, please contact us using the methods outlined in Section 14.Your Rights under various United Sates state data privacy laws such as the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Kentucky Consumer Data Protection Act, Maryland Online Data Privacy Act, Minnesota Consumer Data Privacy Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire SB 255, New Jersey SB 332, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.For residents from the states of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia this section allows you to exercise your rights under the applicable state law.
Right to Confirm: The right to confirm whether your personal data is being processed.
Right to Access / Disclosure: The right to have access to your personal data upon simple request – that is, you may receive a copy of such data upon receipt of a verifiable request, along with other information related to the processing of your data.
Right to Data Portability: the right to obtain, move, copy, or transfer data as defined by applicable law.
Right to Correction/Rectification: The right to correct your personal data if you find it is inaccurate, incomplete or obsolete.
Right to Deletion: The right to obtain the deletion of your personal data in the situations set forth by applicable data protection law.
Right to Opt-Out: The right to opt out of the processing of your personal data for targeted advertising, as defined by applicable law as well as the right to opt out of the processing of sensitive data as defined by applicable law. Certain applicable laws also permit the right to opt out of the sale of personal data and profiling.
Right to Appeal: You may also have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request.
Submitting a Verifiable Request under the United States’ State Laws.
Show Learn more
Residents of the above-mentioned states have certain rights regarding their personal information under applicable law. Nebius will respond to an individual’s “verifiable request” to exercise their rights under these applicable laws - that is, when Nebius has received a request purporting to be from a particular individual, and Nebius has been able to verify the individual’s identity. The need to verify an individual’s identity is crucial to protecting your information and ensuring that it is not shared with someone pretending to be you or not authorized to act on your behalf.You may submit a verifiable request using the contact details specified in Section 15 of this Privacy Policy. To process your request, we will ask you to provide information to help us verify your identity. This information may include your name, address, whether you have an account with Nebius, and any other information deemed necessary to reasonably verify your identity.Once we have your submission, we will compare the information you provide to the information we have on file to verify your identity. If necessary, we may request additional information if we have difficulty confirming your identity.We will not share your information or fulfil any requests if we are unable to confirm that a request is a “verifiable request”. If we cannot verify your identity, we will not be able to process your request.Not all requests will be fulfilled. Nebius is committed to complying with each and every data privacy protection law. However, in some circumstances, consumers are not entitled to certain requests. Nebius will hear all appeals if an appeal right is permitted under applicable law (e.g. the Tennessee Information Protection Act).
We do not engage in profiling of consumers in furtherance of automated decisions that produce legal or similarly significant effects, as those terms are defined under the Colorado Privacy Act.
This section provides additional information for residents of Israel in accordance with the Protection of Privacy Law, 5741-1981 as amended by Amendment No. 13, 5774–2024 (the “PPL”).Terminology: For the purpose of this section, the term “Information” is used, which is equivalent to “Personal Data” under the GDPR.Local Representative: For purposes of the Protection of Privacy Law, our appointed local representative in Israel is:Nebius Israel LtdYigal Alon Street 94, 1 Alon Tower, 39 floor, Tel-Aviv, Israel (Attn: Privacy Office)Email: privacy@nebius.comSupervisory Authority: You have the right to lodge a complaint with the Israeli Privacy Protection Authority at any time by using the contact details specified here.
Our websites and services are not intended for use by individuals under the age of 18. We do not knowingly collect or process personal data from anyone under 18. If you are a parent or guardian of a minor and believe we have collected their data, you may contact us to exercise their rights as described in this Privacy Policy.
If you have a disability and cannot access our Privacy Policy online, please contact us (using the details in the Section 14) to request a copy in an alternative, more accessible format. We will not collect or process any health‑related or other sensitive personal data in connection with such requests.
Our business is continually evolving, and we may update this Privacy Policy to reflect those changes. We’ll post any revised version on our website, so we encourage you to review it periodically. If we make any material changes, we will notify you.
