This privacy policy explains how nebulatrixa AS ("we", "us", or "our") collects, uses, and protects your personal information when you use our website and enterprise document compliance management platform services.
Last updated: January 2026
nebulatrixa AS is the data controller for the personal information processed through our website and services. We are registered in Norway with registration number 679458213 and located at Nordre gate 7, 0128 Oslo, Norway.
We collect various types of personal data to provide and improve our compliance management services. The data we collect includes information you provide directly when contacting us, using our platform, or subscribing to our services. This includes contact information such as name, email address, phone number, company details, and any information you provide in enquiry forms or communications with our team.
We also collect technical information automatically when you visit our website, including IP address, browser type, device information, pages visited, time spent on our site, and referral sources. This technical data collection helps us understand how our website is used and improve user experience.
We use your data for several legitimate business purposes related to our compliance management services. We use of your data includes responding to your enquiries and providing customer support, delivering our compliance management platform services, processing service requests and managing client relationships, and improving our website functionality and user experience.
We also use your information for sending relevant updates about our services and compliance industry developments (where you have consented), ensuring security and preventing fraud, and complying with legal obligations and regulatory requirements in our industry.
We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.
For detailed information about the specific cookies we use and how to control them, please refer to our Cookie Policy.
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
We do not sell your personal data to third parties. We may share your information with trusted service providers who assist us in operating our website and delivering our services, such as hosting providers, email service providers, and analytics services. These providers are contractually bound to protect your data and use it only for the specified purposes.
We may also disclose your information where required by law, to protect our rights or the rights of others, or in connection with a business transfer or merger.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. For client data, we typically retain information for the duration of our business relationship plus a reasonable period thereafter for legal and business purposes. Contact enquiry data is retained for up to two years unless you request earlier deletion. Website analytics data is retained according to our analytics provider's retention policies, typically 26 months.
Under GDPR and other applicable data protection laws, you have several rights regarding your personal data:
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include secure data transmission, encrypted storage, access controls, regular security assessments, and staff training on data protection.
However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
We primarily process data within the European Economic Area (EEA). Where we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved mechanisms under GDPR.
For any questions about this privacy policy or to exercise your data protection rights, please contact us:
If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority.
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "last updated" date.