Skip to main content

Introduction

This Privacy Policy applies to the personal data that Nebius Group N.V. and its relevant subsidiaries listed in Section 14 (“Nebius,” “we,” “us,” or “our”) collects as a controller in connection with our websites, services, and related activities, including when you: After reading this Privacy Policy, please review the State- or Country‑Specific Provisions at the end, which may supplement or - where required by law - take precedence over any conflicting terms. This Privacy Policy does not apply to: Terms and Definitions This Privacy Policy uses the key terms as defined by the EU General Data Protection Regulation (GDPR). Unless we explicitly state otherwise, these terms carry the same meanings and must be interpreted in accordance with the GDPR. Under the “Learn more” button, you can review detailed definitions of the terminology we use.
  • GDPR: This term stands for General Data Protection Regulation, the EU Regulation (EU) 2016/679 of the European Parliament and of the Council, adopted on 27 April 2016 and in force since 25 May 2018. It sets uniform rules across the European Union for the processing of personal data and the protection of individuals’ privacy rights.
  • Personal data: This term means any information relating to an identified or identifiable natural person (“data subject”).
  • Controller: This term means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Performance of the contract: This term refers to the legal basis provided under Article 6(1)(b) of the GDPR. It means that the processing of personal data is necessary for the performance of a contract between you as a data subject and us, or to take steps at your request before entering into a contract.
  • Consent: This term means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Legal obligation: This term refers to the legal basis provided under Article 6(1)(c) of the GDPR. It means that the processing of personal data is necessary for compliance with a legal obligation to which we, as the controller, are subject.
  • Legitimate interest: This term refers to the legal basis provided under Article 6(1)(f) of the GDPR. It means that the processing of personal data is necessary for the legitimate interests pursued by us or a third party. However, we want to clarify that we do not rely on this legal basis unless we have determined that our interests are not overridden by your interests or fundamental rights and freedoms as the data subject that require protection of personal data.
  • The standard contractual clauses approved by the EU Commission: This term refers to the appropriate safeguard for transfer of personal data to a third country provided under Article 46(2)(c) of the GDPR. For the purposes hereof, a third country is a country which is not in the EEA territory and is not recognized by the EU Commission as a country that ensures an adequate level of protection.

1. Personal Data We Collect

1.1. Personal Data You Provide to Us

Registration. When you register to use our Services, you provide us with the following data:
  • Full name
  • Contact information, such as email address and phone number
  • Job title
  • Company name
  • Company size
  • Industry
  • Any other information you supply in the registration form
Third‑Party Authentication. If you choose to sign up using your Google or GitHub account (or another supported third‑party account), you authorize us to receive, store, and use any information that you have permitted the third party to share via its API. This may include, for example, your name, email address, profile picture, and any other data you have agreed to share. Service Payments. When you pay for our Services, we collect and process:
  • Payment details
  • Billing address (street, city, state/province, postal code, country)
  • Tax/VAT identification, if required for invoicing
  • Transaction records (dates, amounts, invoice/order numbers, payment status)
  • Additional payment-related details you provide
Contact & Inquiries. We collect the following information through the web form you complete to contact us or to submit your request or query to us, along with any other details you choose to provide:
  • First name
  • Last name
  • Email address
  • Phone number
  • Job title
  • Company name
  • Company website
  • Scenario you’re interested in (e.g. infrastructure or inference as a service)
  • Any other information you decide to share
Support Communications. We collect any information you provide when you communicate with us by email, live chat, support tickets, or other means, including the content of your messages and any associated details. Know Your Customer (KYC). We may ask you to provide information to verify your identity as part of our KYC procedures. This helps us comply with legal and regulatory requirements. You might be asked to submit:
  • A partially obscured copy of your government‑issued ID, showing only:
    • Your photograph
    • Your full name and surname
    • Your nationality
    • The place and type of document
    • The first four digits of the document number
  • Any other information necessary to complete our KYC checks

1.2. Personal Data We Collect Automatically:

Service Use. When you use our cloud services, we automatically collect and generate metadata needed to provide, administer, and improve those services. This may include:
  • User identifiers and authentication credentials
  • Resource identifiers and related attributes
  • IP addresses, cloud settings, and configuration details
  • Operational status, software errors, and crash reports
  • Quality and performance metrics (e.g., latency, throughput, uptime)
  • Other technical details essential for the operation, maintenance, and troubleshooting of our cloud services
Cookies and Similar Technologies. For more details on this matter, please refer to Section 8 hereof.

1.3. Submissions on Behalf of Others

When you provide information on behalf of another person or entity whether during registration or through any other interaction you confirm that you are authorized to:
  • Supply and process the submitted details for that person or entity;
  • Grant us the right to collect, use, and retain their information in accordance with this Privacy Policy.
By submitting third‑party information, you represent and warrant that you have obtained all necessary consents and permissions from the data subject or entity to permit us to handle their data as described herein.

1.4. Sensitive Personal Data

We do not intentionally collect sensitive personal data (e.g., information revealing race, ethnicity, political opinions, religion, or similar) and ask that data subjects refrain from submitting such information.

2. Why We Process Your Personal Data

We collect and use personal data only for the purposes strictly necessary to:
  • Process your request or inquiry;
  • Verify your identity when you contact us;
  • Send you our newsletters;
  • Improve the performance and content of our websites;
  • Tailor our services and websites to the preferences of our customers and users;
  • Analyse trends;
  • Comply with applicable laws and regulations;
  • Protect our business and our users from fraud or other unlawful activity
More specifically, we use your data to:
  • Provide appropriate feedback to your questions and requests and/or fulfil the steps needed to conclude an agreement with you.
  • Deliver our Services: create, update and personalize your account; enable accessibility features; process payments; perform operations required to deliver and maintain our Services; handle support requests and other inquiries; send notifications about changes; share information relevant to using the Services; and, when applicable, finalize agreements with you.
  • Enable third‑party Services you request, as detailed in the Nebius Services Agreement.
We also use data to:
  • Develop, optimize and secure our Services.
  • Measure the effectiveness of our promotional campaigns and tailor them to your interests.
  • Conduct analytics, statistics, development and research - sharing only aggregated, non‑identifiable data with partners and affiliates.
  • For ensuring stable service provisioning with low latency and high availability of our service with fault tolerance, meaning that we store some limited customer data in data centres that may differ from the data centre selected by the Customer as the primary location for data storage.
All the above is based on our legitimate interest in providing you with a better experience and fine‑tuning our offers. We may additionally process your personal data to:
  • Comply with legal obligations, judicial orders and administrative requirements.
  • Protect and enforce our rights, privacy and security, as well as the safety of our systems and property - and those of others - and resolve disputes.
  • Verify your identity during onboarding (KYC checks), authenticate you as an authorized user, and detect or prevent fraud.
  • Perform audits and internal checks to ensure compliance with legal, contractual and regulatory requirements.
With your consent, send promotional updates – e.g. via email, about new features, events, special offers and other information we believe you’ll find valuable. Consent where required by law In certain jurisdictions outside the EEA, local laws may require your explicit consent before we process your personal data. By accessing, browsing, or using our websites, you agree to the processing of your personal data as outlined in this Privacy Policy. You may withdraw your consent at any time your withdrawal will not affect the legality of any processing carried out before you withdrew it.
Purpose of processingLegal BasisExample
Send you our marketing newslettersConsentMonthly newsletter about new Nebius Cloud features, sent only after prior opt‑in
Improve website performance and contentLegitimate interest to improve website performance and content and optimize user experienceAnalyzing page‑load times on the Nebius portal and optimizing server responses
Analyze trendsLegitimate interest in analyzing usage trends to anticipate infrastructure needs, and deliver data-driven service enhancementsAggregating GPU to forecast infrastructure scaling needs
Comply with applicable laws and regulationsLegal obligationRetaining financial records to meet tax audit requirements
Deliver our services: create/update/personalize your account; process payments; handle support; send service notifications; finalize contracts with youContract performanceRegistering a new Nebius Cloud customer, charging the subscription fee, and notifying them of successful renewal
Verify identity during onboarding (KYC checks)Legal obligationPerforming customer verification checks to comply with anti‑money‑laundering regulations

3. To Whom We Disclose Your Personal Data

We may share certain personal data with the following recipients, as required or permitted by applicable law and our legitimate interests:
  • Nebius Group: For the purposes of providing and developing our services, we may share your personal data within the Nebius Group.
  • Service providers: We engage third‑party providers to help deliver our Services such as for maintenance, auditing, payment processing, customer support, marketing, and development. These providers may access the personal data they need solely to perform their tasks on our behalf, and they’re contractually prohibited from using or disclosing it for any other purpose. If you purchase Nebius services, we may also use a payment provider who may independently collect additional information about you (for example, for fraud prevention or compliance with legal requirements).
  • Marketing and analytics providers: With your prior consent, we may share data with marketing and analytics providers (e.g., Google Analytics) to understand and improve how you use our website(s).
  • Legal Disclosures: We may disclose your information if required by law, subpoena, or other legal process - or whenever we have a good‑faith belief that disclosure is necessary to:
    • Investigate, prevent, or take action on suspected or actual unlawful activities, or to assist law‑enforcement agencies.
    • Enforce our agreements with you.
    • Defend against third‑party claims or allegations.
    • Protect the security or integrity of our services or those of our affiliates.
    • Safeguard the rights, safety, or property of Nebius, our users, employees, or others.
  • Change in Control or Sale: We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy or as required by law.

4. Your Rights

According to the GDPR, you have certain rights as a data subject, including the right to access, right to data portability, right to rectification, right to withdraw consent, right to object, right to erasure, right to restriction of processing, right to lodge a complaint, and right to contact a Data Protection Authority (DPA). Please be aware that there may be limitations or exceptions to these rights, depending on the specific circumstances and legal requirements. If anything is unclear, please don’t hesitate to contact us and ask any questions. Below, you can find more information about these rights and how you can exercise them.
  • Right of Access You may request access to the personal data we hold about you. We’ll provide details about how and why we process your data, the categories of data involved, any recipients, and other relevant information.
  • Right to Data Portability You may receive the personal data you’ve provided to us in a structured, commonly used, machine‑readable format, and you can request that we transmit it directly to another controller where technically feasible.
  • Right to Rectification If you believe your personal data is inaccurate or incomplete, you may request that we correct or update it.
  • Right to Withdraw Consent If our processing relies on your consent, you can withdraw it at any time. Withdrawal won’t affect the lawfulness of any processing carried out before you withdrew consent.
  • Right to Object You can object to our processing based on legitimate interests or for direct marketing. We will stop processing unless we have compelling legitimate grounds or a legal requirement to continue. Objections to direct marketing are always honored.
  • Right to Erasure (“Right to Be Forgotten”) You may request deletion of your personal data unless processing is necessary for freedom of expression and information, compliance with a legal obligation, public‑interest tasks, or the establishment, exercise, or defence of legal claims.
  • Right to Restrict Processing You may request that we suspend processing of your personal data if:
    • You contest its accuracy;
    • The processing is unlawful, and you oppose erasure;
    • We no longer need it, but you require it to establish, exercise, or defend legal claims; or
    • You have objected to processing pending verification of our legitimate grounds.
  • Right to Lodge a Complaint You may lodge a complaint with the supervisory authority in your country of residence, or with our lead supervisory authority - the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), if you believe we have infringed your rights. You can find a list of local data protection authorities here; for Israel – https://www.gov.il/en/departments/the_privacy_protection_authority/govil-landing-page.
Once you submit a request, we will review and respond promptly - typically within 30 days. In certain cases, we may need additional time to investigate and fulfil your request. Once completed, we will confirm via the email address you provided. By submitting a request, you confirm that you are the individual to whom the data relates and that you have the legal capacity and authority to act on your own behalf. We may verify your identity using the information you supply if there is any doubt. Additionally, where required by law, we may need to share your request and our response with third parties, including regulatory authorities.

5. Retention of Your Personal Data

We retain your personal data only for as long as it is necessary to fulfil the scopes described in this Privacy Policy. The exact length of time may vary depending on the type of data, the scope of processing, the category of users involved and - most importantly- whether we are compelled to retain certain personal data due to, for example, tax requirements or other legal obligations under applicable law, fraud‑prevention or safety considerations. When we process partially obscured copies of your ID, we retain them for a maximum of 18 months in order to maintain the necessary records for our yearly audits. Please consider that non‑personal data may be retained and used by Nebius without limitation, in particular for archiving purposes, public‑interest, statistical, historical or scientific research purposes.

6. Overseas Personal Data Transfers

We store your personal data in our data centres in the European Union and Israel. However, as a global organization, we may also process and transfer your personal data to other group companies or to third parties around the world for the purposes set out in this Privacy Policy - specifically, to fulfil our agreements with you, to respond to your requests, or, where applicable, based on your consent. Whenever we transfer your personal data outside the EU and EEA, we ensure its protection by implementing appropriate safeguards, including:
  • adopting the European Commission’s Standard Contractual Clauses (and their approved equivalents for Switzerland and the UK), or other approved transfer mechanisms;
  • encrypting personal data in transit;
  • maintaining internal policies to restrict access and promote awareness.
For an overview of data‑protection standards by country, please visit https://www.cnil.fr/en/data-protection-around-the-world.

7. Data Privacy Framework

7.1. Participation in Data Privacy Framework

Your personal data may be transferred to and processed in countries other than the country in which you are resident. These countries may have data protection and privacy laws that are different to the laws of your country. We have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process from the European Economic Area (EEA) in accordance with European Union data protection law. Nebius complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Nebius has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

7.2. Types of personal data collected

Please refer to the Section 1 “Personal Data We Collect” to find out about the types of personal data collected by Nebius under the Data Privacy Framework.

7.3. Commitment to be subject to the Data Privacy Framework Principles

Nebius is committed to being subject to the Data Privacy Framework Principles for all personal data received from the European Union in reliance on the relevant part(s) of the Data Privacy Framework program.

7.4. Purposes for collection and use of personal data

Please refer to the Section 1 “Personal Data We Collect” to find out about the purposes for which Nebius collects and uses personal data under the Data Privacy Framework.

7.5. How to contact us about any inquiries or complaints regarding Data Privacy Framework compliance

In compliance with the EU-U.S. DPF Nebius commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Nebius at: DPO’s contact details: Marina Benassi Coslovi, privacy@nebius.com Address: Schiphol Boulevard 165, 1118 BG Schiphol, the Netherlands Email: privacy@nebius.com Phone: +31 202066970

7.6. independent dispute resolution

In compliance with the EU-U.S. DPF Nebius commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to the EU-U.S. DPF.

7.7. The type or identity of third parties to which we disclose personal information under the Data Privacy Framework, and the purposes for which we do so

Please refer to the Section 3 “To Whom We Disclose Your Personal Data” to find out about the type or identity of third parties to which we disclose personal data under the Data Privacy Framework, and the purposes for which we do so.

7.8. Your right to access your personal data

You also have the right to access any personal data that relates to you and which is processed under the Data Privacy Framework. Further information about this right can be found in the “Your rights” section below.

7.9. Your choices regarding use of your personal data Under the Data Privacy Framework:

  • You have the right to opt out of the disclosure of your “non sensitive” personal data to third party controllers and/or to the use of it for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.
  • You have the right to only have “sensitive” personal data about you disclosed to third party controllers and/or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you through exercise of opt-in choice.
  • For personal data processing that is controlled by Nebius, these choices can be exercised by contacting Nebius through the methods noted in the “Your rights” section below.

7.10. Subjection to the investigatory and enforcement powers of the Unite States Federal Trade Commission (FTC)

The Federal Trade Commission has jurisdiction over Nebius compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

7.11. Possible use of binding arbitration

You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms. For additional information about this, please see here.

7.12. Requirement to disclose personal data in response to lawful requests by public authorities

Please be aware that Nebius may be required to disclose personal data that relates to you (and which is protected under the Data Privacy Framework) in response to lawful requests by public authorities including to meet national security or law enforcement requirements.

7.13. Nebius liability in cases of onward transfers to third parties

Nebius may transfer personal data for the purposes described in the Section 3 “To Whom We Disclose Your Personal Data” to a third party acting as a data controller or as an agent. If we intend to disclose personal data to a third party acting as a data controller or as an agent we will comply with, and protect, personal data as provided in the Accountability for Onward Transfer Principle of the Data Privacy Framework. Nebius remains liable for the processing of personal data received under the Data Privacy Framework and subsequently transferred to a third party acting as an agent if the agent processes such personal data in a manner inconsistent with the Data Protection Framework principles, unless we prove that we are not responsible for the event giving rise to the damage.

7.14. Nebius U.S. Entities Covered by Data Privacy Framework Certification

Nebius complies with the EU-US Data Privacy Framework. To learn more, see the relevant sections (Section 7 and 14) of the current Privacy Statement, and visit the U.S. Department of Commerce’s Data Privacy Framework website. For the purposes of our Data Privacy Framework certification, the below subsidiaries of Nebius are in scope:
  • Nebius Inc., 10 State Street, Newburyport, MA 01950, United States
  • ADC Tech Inc., 10 State Street, Newburyport, MA 01950, United States

8. Cookies

As outlined in our Cookie Policy, we use cookies and similar technologies such as pixels, ad tags and local storage to improve your experience, provide convenience, maintain security and serve you tailored ads. For simplicity, we call all these tools “cookies.” In practice, cookies support functions like authentication, security, feature enablement, advertising and analytics. There are two types of cookies: first‑party cookies set by us, and third‑party cookies set by our vetted partners. We collect marketing and analytics cookies based on your consent obtained via the cookie banner. If you’ve granted consent for cookies, you may modify or withdraw that consent at any time via the “Manage cookies” option on our websites.

Third‑Party Services

Certain features of the websites are provided by third parties. These providers may collect information about your online activity to deliver personalized advertisements for products and services that might interest you. In addition, your activity on our websites may enable third parties such as search engines to infer your interests and show you tailored ads as you browse. Any data collection and processing by these third parties is governed solely by their own privacy policies, for which they are fully responsible. Nebius disclaims all liability for their practices. Please consult each third party’s privacy policy for more details.

9. Security of Your Personal Data

Nebius maintains a dedicated security team and employs a combination of technical, administrative and physical controls to safeguard the personal data we process. We continually update and rigorously test these measures to ensure they remain state‑of‑the‑art. However, no system is completely impervious to attack, and no internet transmission can be guaranteed secure. While we strive to protect your data, we cannot promise that unauthorized access, hacking, data loss or other breaches will never occur. Any transmission of information is at your own risk.

10. State- or Country-Specific Provisions

10.1. United States of America

A. Privacy Information for California Residents

This section of the Privacy Policy applies only to California residents. If you are a California resident, this section will prevail over other parts of the Privacy Policy in case of any discrepancies. To avoid any misunderstanding, personal information has the same meaning as personal data. Personal Information Collected over the Last 12 Months Personal information we collected directly from you:
Categories of data collectedData collected from you and why it was collected
Characteristics of protected classifications under California or Federal lawWe do not intentionally collect any information on your protected classifications
Commercial informationRecords of services with Nebius
Precise Geolocation DataWe do not collect precise geolocation data
Financial InformationPayment and Billing Information. Please note that Nebius relies on third‑party payment providers to handle your payments and does not retain your payment information
Biometric DataWe do not collect biometric data
Audio, electronic, visual, thermal, olfactory, or similar informationAudio may be recorded during online calls, provided that the party being recorded has given their consent
Internet/Network ActivityInternet Protocol address (IP address), browser type and language, sending and exiting pages, information about the date and time stamps, information about visits, logs
Professional or Employment-related InformationField of activity or occupation, job title, and company name
Education InformationWe do not collect Education Information
Device InformationOperating system, browser type, device ID (with consent)
Categories of Personal Information Sold in the last 12 months We do not sell your personal information to third parties. Categories of Personal Information Disclosed over the last 12 months
Categories of Data DisclosedTypes of Entities to Which Data Was DisclosedReason for Disclosure of DataCategories of Recipients
Commercial information, Financial information, Internet/Network Activity Professional or Employment-related Information, Audio Information, Device InformationPlease see section 3 with the detailed descriptionPlease see section 2 with the detailed descriptionPlease see section 3 with the detailed description
Information we sell Nebius does not sell your personal information to third parties. “Sale” excludes transfers that occur as part of a merger, acquisition, asset sale or other similar business transaction involving all or part of Nebius. In such cases, your personal information may be transferred to the acquiring entity. If a transaction will materially change how we process your personal information, we will notify you beforehand. Your California Privacy Rights We have implemented policies and procedures to help facilitate the exercise of privacy rights available to California residents under applicable law. If you are a California resident, you are entitled to the rights described in Section 4 of this Privacy Policy. In addition, you may be entitled to the following:
  • Disclosure of Direct Marketers
    California law allows California residents once a year to request information regarding our disclosure of your personal information, if any, to third parties for those third parties’ direct marketing purposes during the preceding calendar year. This information includes:a. The categories of information we disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year;b. The names and addresses of third parties that received the information; andc. If the nature of the third party’s business cannot be determined from their name, to obtain examples of the products or services marketed.
  • Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information
    Upon receipt of a verifiable request, you may obtain a list of:
    • the specific pieces of your personal information that Nebius holds;
    • the categories of personal information collected about you, sold to third parties, or disclosed to third parties for business purposes;
    • the categories of personal information sold within the last 12 months;
    • the categories of sources from which personal information is collected;
    • the business or commercial purpose for collecting or selling personal information; and
    • the categories of third parties with whom personal information is shared, sold, or disclosed for a business purpose.
  • Right to Opt-Out of the Sale of Personal Information
    California residents have the right to opt-out of the sale of their personal information under certain circumstances.
  • Right to Non-Discrimination
    As defined under relevant law, you have a right to non-discrimination in the services or quality of services you receive from us for exercising your rights.Please contact us with the use of contact details specified in Section 15 of this Privacy Policy if you wish to exercise these rights. Note that we may ask you to verify your identity - such as by requiring you to provide information about yourself - before responding to such requests.
  • Submitting a Verifiable Request under the CCPA
    California residents have certain rights regarding their personal information under the California Consumer Privacy Act of 2018 (“CCPA”). Nebius will respond to an individual’s “verifiable request” to exercise their rights under the CCPA - that is, when Nebius has received a request purporting to be from a particular individual, and Nebius has been able to verify the individual’s identity. The need to verify an individual’s identity is crucial to protecting your information and ensuring that it is not shared with someone pretending to be you or not authorized to act on your behalf.You may submit a verifiable request using the contact details specified in Section 15 of this Privacy Policy. To process your request, we will ask you to provide information to help us verify your identity. This information may include your name, address, whether you have an account with Nebius, and any other information deemed necessary to reasonably verify your identity.Once we have your submission, we will compare the information you provide to the information we have on file to verify your identity. If necessary, we may request additional information if we have difficulty confirming your identity.We will not share your information or fulfil any requests if we are unable to confirm that a request is a “verifiable request”. If we cannot verify your identity, we will not be able to process your request.
  • Submitting a request through an authorized agent
    Under California law, a California resident can appoint an “authorized agent” to submit certain verifiable requests on their behalf, such as the right to know what information we collect or to request the deletion of the consumer’s information. An authorized agent may submit a request by following the steps outlined above.An authorized agent may submit a request by following the steps outlined above. However, the agent must identify the consumer they are acting on behalf of and provide the information necessary for us to verify the consumer’s identity. Additionally, we will require the authorized agent to submit proof of their authorization to act on the consumer’s behalf.To ensure the security and privacy of your information, we will request that you provide written consent for the person acting as your authorized agent. This consent may include us contacting you directly to confirm that the individual claiming to be your agent has your permission to access or delete your information. We will also verify your identity independently to ensure that an unauthorized person is not attempting to exercise your rights without permission.We will not share your information or honour any requests in situations where you have not provided written authorization for an agent to act on your behalf, or where we are unable to verify your identity.
  • Submitting a Request for Removal of Minor Information
    To request the removal of information about a minor from Nebius, parents or guardians may submit a request with the subject line “Removal of Minor Information.” This request must come from the minor’s parent or guardian; minors themselves may not submit information to us via email.Your submission should include the following details:
    • the nature of your request
    • the identity of the content or information to be removed
    • whether the content or information is found
    • the location of the content or information (e.g., providing the URL of the specific web page where the content or information is found)
    • a statement that the request is related to the “Removal of Minor Information”
    • your name, street address, city, state, ZIP code, and email address
    If we become aware that a minor has provided personal data or otherwise used by Nebius in violation of the Privacy Policy, we will take steps to remove that information.Please note that our websites and services are not intended for use by individuals under the age of 18.
Our Policy on “Do Not Track” Signals under the California Online Protection Act We do not support Do Not Track (DNT). DNT is a preference you can set in your web browser to inform websites that you do not wish to be tracked. You can enable or disable DNT by visiting the “Preferences” or “Settings” section of your web browser. Please note that third parties may collect data about you. We cannot control how third parties respond to Do Not Track signals or other similar mechanisms. The collection and use of data by third parties, and their responsiveness to Do Not Track signals, is governed by their respective privacy policies.

B. Privacy Information for Residents of other States (Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia):

Unless otherwise stated by the law of your state of residence, the provisions in Chapter A “Privacy Information for California Residents” will apply to the processing of your data. If you have questions related to your rights or any other aspects of this Privacy Policy, please contact us using the methods outlined in Section 15. Your Rights under various United Sates state data privacy laws such as the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Kentucky Consumer Data Protection Act, Maryland Online Data Privacy Act, Minnesota Consumer Data Privacy Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire SB 255, New Jersey SB 332, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act. For residents from the states of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia this section allows you to exercise your rights under the applicable state law.
  • Right to Confirm: The right to confirm whether your personal data is being processed.
  • Right to Access / Disclosure: The right to have access to your personal data upon simple request – that is, you may receive a copy of such data upon receipt of a verifiable request, along with other information related to the processing of your data.
  • Right to Data Portability: the right to obtain, move, copy, or transfer data as defined by applicable law.
  • Right to Correction/Rectification: The right to correct your personal data if you find it is inaccurate, incomplete or obsolete.
  • Right to Deletion: The right to obtain the deletion of your personal data in the situations set forth by applicable data protection law.
  • Right to Opt-Out: The right to opt out of the processing of your personal data for targeted advertising, as defined by applicable law as well as the right to opt out of the processing of sensitive data as defined by applicable law. Certain applicable laws also permit the right to opt out of the sale of personal data and profiling.
  • Right to Appeal: You may also have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request.
  • Submitting a Verifiable Request under the United States’ State Laws.
Residents of the above-mentioned states have certain rights regarding their personal information under applicable law. Nebius will respond to an individual’s “verifiable request” to exercise their rights under these applicable laws - that is, when Nebius has received a request purporting to be from a particular individual, and Nebius has been able to verify the individual’s identity. The need to verify an individual’s identity is crucial to protecting your information and ensuring that it is not shared with someone pretending to be you or not authorized to act on your behalf.You may submit a verifiable request using the contact details specified in Section 15 of this Privacy Policy. To process your request, we will ask you to provide information to help us verify your identity. This information may include your name, address, whether you have an account with Nebius, and any other information deemed necessary to reasonably verify your identity.Once we have your submission, we will compare the information you provide to the information we have on file to verify your identity. If necessary, we may request additional information if we have difficulty confirming your identity.We will not share your information or fulfil any requests if we are unable to confirm that a request is a “verifiable request”. If we cannot verify your identity, we will not be able to process your request.Not all requests will be fulfilled. Nebius is committed to complying with each and every data privacy protection law. However, in some circumstances, consumers are not entitled to certain requests. Nebius will hear all appeals if an appeal right is permitted under applicable law (e.g. the Tennessee Information Protection Act).

C. Profiling Disclosure

We do not engage in profiling of consumers in furtherance of automated decisions that produce legal or similarly significant effects, as those terms are defined under the Colorado Privacy Act.

D. Data Protection Assessments

Nebius will conduct all necessary data protection assessments for all applicable processing or other activities when required by applicable law

10.2. Israel

This section provides additional information for residents of Israel in accordance with the Protection of Privacy Law, 5741-1981 as amended by Amendment No. 13, 5774–2024 (the “PPL”). Terminology: For the purpose of this section, the term “Information” is used, which is equivalent to “Personal Data” under the GDPR. Local Representative: For purposes of the Protection of Privacy Law, our appointed local representative in Israel is: Nebius Israel Ltd Yigal Alon Street 94, 1 Alon Tower, 39 floor, Tel-Aviv, Israel (Attn: Privacy Office) Email: privacy@nebius.com Supervisory Authority: You have the right to lodge a complaint with the Israeli Privacy Protection Authority at any time by using the contact details specified here.

11. Children

Our websites and services are not intended for use by individuals under the age of 18. We do not knowingly collect or process personal data from anyone under 18. If you are a parent or guardian of a minor and believe we have collected their data, you may contact us to exercise their rights as described in this Privacy Policy.

12. Difficulty Accessing this Privacy Policy

If you have a disability and cannot access our Privacy Policy online, please contact us (using the details in the Section 12) to request a copy in an alternative, more accessible format. We will not collect or process any health‑related or other sensitive personal data in connection with such requests.

13. Changes

Our business is continually evolving, and we may update this Privacy Policy to reflect those changes. We’ll post any revised version on our website, so we encourage you to review it periodically. If we make any material changes, we will notify you.

14. Nebius Subsidiaries

Nebius B.V., Schiphol Boulevard 165, 1118 BG Schiphol, the Netherlands Nebius Israel Ltd, Yigal Alon Street 94, 1 Alon Tower, 39 floor, Tel-Aviv, Israel Nebius Inc., 10 State Street, Newburyport, MA 01950, United States

15. Contact Us

If you have any questions or concerns about your privacy, you may contact us or our data protection officer by writing to us at: Nebius B.V., Schiphol Boulevard 165, 1118 BG Schiphol, the Netherlands (Attn: Privacy Office), or by emailing us at privacy@nebius.com.
Publication date: November 5, 2025
Effective date: November 5, 2025 Web address: https://docs.nebius.com/legal/privacy