Nebula Host

Privacy
Policy.

We want to be upfront about what data we collect and why. So we have written this in plain English, without hiding anything in complicated wording. Last updated 23rd February 2026.

01 — Who We Are

The people behind Nebula Host

Nebula Host is a non-profit hosting project. It is owned by Thomas, who is based in Germany. The technical and legal side of things is handled day-to-day by Blake S, our CTO. Our network infrastructure is set up and looked after by Keiran S Chippendale. There is no registered company behind any of this. We are just a small team who wanted to do free hosting the right way.

Because Thomas is based in Germany and we offer services to people in the UK and across Europe, this policy covers both UK GDPR and EU GDPR. In plain terms, both laws say roughly the same thing: your data belongs to you, and we have to be careful with it. Thomas is the person legally responsible for how your data is handled since he owns the project. Blake S manages the technical and day-to-day stuff on his behalf.

If you have any questions or worries about your data, you can reach us at management@nebulahost.co.uk. Real people read that inbox and we will get back to you.

02 — What We Collect

The data we hold about you

We only collect what we actually need. Below is everything we hold, why we have it, and the legal reason we are allowed to have it.

Your name

Collected when you sign up for a panel account. We use it to identify your account and nothing else.

Legal reason: Needed to provide you the service (Article 6(1)(b) UK/EU GDPR)

Your email address

Collected when you sign up for the panel. We use it to let you log in and to send you important messages about your server. If you sign up for email alerts on our status page, we store your email for that too. We do not send adverts or newsletters.

Legal reason: Needed to provide you the service (Article 6(1)(b) UK/EU GDPR)

Your Discord username and ID

Collected when you open a support ticket or talk to us through Discord. Our Discord bot stores usernames and some account info in a database so it can work properly. Since a lot of the service runs through Discord, we also recommend reading Discord's own privacy policy so you know what they collect on their end.

Legal reason: Needed to provide you the service (Article 6(1)(b) UK/EU GDPR)

Your password

Stored in our database in an encrypted form, meaning it is scrambled in a way that nobody can read it, including us. We cannot see your password. If you forget it, you reset it.

Legal reason: Needed to provide you the service (Article 6(1)(b) UK/EU GDPR)

Your server files and usage data

This covers everything on your server: the files you upload, the code you run, and things like how much CPU or memory your server is using. This all lives on our hardware in the UK. We do not go through your files unless there is a specific reason to, which we explain in section 04.

Legal reason: Needed to provide you the service and to protect the platform (Article 6(1)(b) and 6(1)(f) UK/EU GDPR)

Your IP address and connection logs

Automatically saved when you connect to the panel or your server. We keep these for a limited time to help spot abuse, fix network issues, and keep the service secure.

Legal reason: Protecting the platform (Article 6(1)(f) UK/EU GDPR)

03 — What We Do With It

How your data actually gets used

Everything we collect is used to run the service. That is it. More specifically, we use your data to set up and manage your account and server, to contact you when something affects your service, to keep an eye on resource usage so the node runs fairly for everyone, to look into specific cases where we think the rules are being broken, and to follow any legal rules that apply to us.

We are a non-profit. We do not sell your data. We do not use it for adverts. We have no reason to do any of that and we never will.

04 — Admin Access to Your Server

When staff can look at your server

Because we use Pterodactyl as our panel software, admins technically have the ability to open your server, see your files, and read the console. We want to be honest about that rather than pretend it is not possible.

But we have a strict rule about when that actually happens. Admins will only look at your server if:

You opened a support ticket and we need to look at something to fix your problem.

We have a real, specific reason to think your server is being used in a way that breaks our rules.

Something urgent is happening, like a security issue or a hardware problem, and we need to act fast to keep the node running for everyone.

We are legally required to, for example by a court order.

We know "trust us" is not the most reassuring thing to read. But we would rather be honest about how the panel works than make claims that are not true. We do not go through people's servers for fun.

05 — Where Your Data Lives

Infrastructure and third parties

The main Nebula Host node, including the panel and all your server files, is managed by Blake S on hardware physically located in the United Kingdom. Your data stays there and does not get sent anywhere else as part of running the service normally.

Our network runs through two separate virtual machines hosted in Paris, France, both sitting upstream of OVH. The first handles our network overlay (the VXLAN). The second is the FR1 node, kept apart from the VXLAN machine. Both are set up and maintained by Keiran S Chippendale. Because France is in the EU and the UK has a data sharing agreement with the EU, sending data there is perfectly fine legally.

Our status page is custom built by us. If you sign up for email alerts there, your email is stored on our own systems and is not passed to any outside service.

The only time we would ever hand data over to someone outside the team is if a court order or other legal process made us. If we are legally allowed to warn you before that happens, we will.

06 — How Long We Keep Your Data

Data we hold and for how long

We only keep your data for as long as we need to. While your account is active, we hold what is needed to run your server. When an account is removed or banned, we keep the data for a few days in case there is an appeal or an outstanding issue to sort out, and then we delete it.

Connection logs are kept for a short rolling period for security reasons and then deleted. Status page email subscriptions are kept until you unsubscribe or ask us to remove them.

If you want your data deleted sooner, just ask. Email us at management@nebulahost.co.uk and we will get it sorted.

07 — Your Rights

What you are allowed to ask for

UK and EU data protection law gives you a set of rights over your personal data. Here is what they are and what they mean in practice.

The right to see your data

You can ask us what data we hold about you and we have to tell you within one month. You can also ask for a copy of it.

The right to fix your data

If something we hold about you is wrong, you can ask us to correct it and we will.

The right to delete your data

You can ask us to delete your data. We will do it unless there is a legal reason we have to keep it, in which case we will explain that clearly.

The right to pause how we use your data

In some situations you can ask us to stop using your data while we sort something out, like if you think data we hold about you is wrong.

The right to get a copy of your data

Where we process your data to run a service for you, you can ask for a copy of it in a format you can use elsewhere. Just ask and we will help where we can.

The right to object

Where we use your data for our own reasons rather than to run your service, you can tell us to stop. We will, unless we have a strong enough reason to continue, and we will explain it if so.

No automated decisions

We do not use any automated system to make important decisions about you. Things like banning an account are always done by a real person.

To use any of these rights, email us at management@nebulahost.co.uk. We have to reply within one month by law. If you are in the UK and think we have handled your data badly, you can report it to the Information Commissioner's Office at ico.org.uk. If you are in the EU, you can contact your local data protection authority. Because Thomas is based in Germany, Germany's data protection authority (the BfDI) is the main one for us on the EU side.

08 — If Your Account Gets Compromised

What to do if someone else gets into your account

If you think someone else has accessed your Nebula Host account or your server without your permission, let us know straight away by opening a ticket in Discord or emailing management@nebulahost.co.uk. The sooner you tell us, the sooner we can lock things down.

When you report it, we will look into it, lock your account if needed, and help you get back in safely.

To help keep your account safe, use a strong and unique password, do not share your login details with anyone, and make sure the email address on your account is one only you can access. We are not responsible for unauthorised access that happens because your login details were leaked, guessed, or shared.

09 — Data Breaches

What happens if something goes wrong on our end

We take sensible steps to keep your data secure. Passwords are stored encrypted. Access to the panel and the server is limited to the team. That said, no system is completely unbreakable and we will not pretend otherwise.

If something goes wrong and your personal data is affected, we will let you know via a Discord announcement and by email as soon as we reasonably can. We are also required by law to report it to the relevant data protection authority within 72 hours of finding out, and we will do that.

We will always tell you what happened, what data was affected, what we are doing to fix it, and what you can do to protect yourself. We will not try to hide it.

10 — If You Run an App That Collects Data

Your responsibilities as someone using our servers

Some people use Nebula Host to run apps or bots that collect data from their own users. If that is you, you are responsible for making sure any data you collect through your app is handled properly and within the law. Nebula Host provides the server space. We are not responsible for what you do with it or what data your app collects from your users.

If your app gets hacked or leaks data belonging to your users, that is not our fault. We provide infrastructure, not security audits.

If your app collects data from people in the UK or EU, you may have your own legal responsibilities under data protection law, separate from ours. That is something you need to look into yourself.

11 — What We Are Not Responsible For

The limits of what we can be blamed for

We are not responsible for data loss caused by hardware failure, power cuts, network outages, or anything else outside our direct control. Keep your own backups of anything important.

We are not responsible if your server goes offline and that causes your project or service to stop working. We do not promise uptime guarantees, as stated in our Terms of Service.

We are not responsible if your account is accessed by someone else because your password was weak, reused from another site, or shared with someone.

We are not responsible for what you run on your server or any legal issues that come from it.

We are not responsible for how Discord handles your data on their platform. Discord is a separate service with its own privacy policy and their own rules apply there.

None of this is us trying to dodge responsibility for things that are genuinely our fault. If we mess something up, we will own it.

12 — Cookies and Tracking

We do not track you

The Nebula Host website does not use tracking cookies, analytics tools, or anything that monitors what you do online. No Google Analytics, no Meta tracking, no fingerprinting.

The Pterodactyl panel uses session cookies to keep you logged in. These are purely functional and do not track your behaviour or build any kind of profile on you.

13 — Age Requirement

Who can use Nebula Host

You need to be at least 13 to use Nebula Host. Because we onboard through Discord, you also need to meet Discord's own age rules, which are 13 in most places and 16 in some parts of Europe.

If we find out an account belongs to someone under 13, we will remove it and delete the data straight away. If you think a child's data has ended up with us by mistake, please let us know and we will sort it.

14 — Which Law Applies

Governing law

This policy is governed by the laws of England and Wales. Our hardware is in the UK and Blake S, who handles the technical and legal side day-to-day, is based in the UK.

If you are in the EU, this does not affect your rights under EU law. The BfDI in Germany is our main authority on the EU side since Thomas is based there.

15 — Changes to This Policy

When we update this

We may update this policy if something about the service changes or if the law requires it. When we do, we will announce it in Discord and update the date at the top of this page. Carrying on using the service after an update means you are okay with the new version. If anything here is unclear, drop us a message at management@nebulahost.co.uk or open a ticket in Discord.