Privacy Policy

1. Who We Are

Dtyon is a product operated by Nebula 500 Ltd., a company registered in England and Wales (“we”, “us”, “our”). We are the data controller responsible for your personal data processed in connection with the Dtyon platform. You can contact us at info@nebula500.com.

2. What Data We Collect

We collect the following categories of data:

• Account data: your name, email address, and password (stored as a hashed value — we never store plaintext passwords).
• User-entered data: subscription details, email accounts, payment method metadata, billing addresses, API key metadata (labels and last-4 digits only — the secret itself is encrypted and never readable by us), notes, and tags you create within the Service.
• Usage data: pages viewed, features used, timestamps of actions, and IP addresses, collected to operate and improve the Service.
• Technical data: browser type, device identifiers, operating system, and referrer URL, collected automatically when you access the Service.
• Communications: any messages you send to us via email or support channels.

3. How We Use Your Data

We process your personal data for the following purposes:

• To create and manage your account and deliver the Service.
• To authenticate your identity and maintain the security of the Service.
• To process transactions and manage billing where applicable.
• To respond to your enquiries and provide customer support.
• To monitor and analyse usage patterns to improve the Service.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with applicable legal obligations.
• To send you transactional communications (e.g. account verification, password resets).

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR and the Data Protection Act 2018:

• Contract: to perform our obligations under the Terms & Conditions you accept when creating an account.
• Legitimate interests: to operate and secure the Service, detect abuse, and improve our product.
• Legal obligation: where required by law or regulation.
• Consent: where you have given explicit consent (e.g. marketing communications).

5. Data Sharing and Disclosure

We do not sell your personal data. We share your data only in the following limited circumstances:

• Service providers: trusted third parties who assist in operating the Service (e.g. cloud infrastructure, authentication, error monitoring). These parties process data only on our instructions and under appropriate data processing agreements.
• Legal compliance: where required by law, court order, or governmental authority.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to equivalent protections.

6. International Transfers

Our infrastructure may involve the transfer of your data to countries outside the UK or European Economic Area. Where such transfers occur, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses approved by the UK Information Commissioner's Office — to protect your data to the same standard required in the UK.

7. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When you close your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law.

8. Security

We implement and maintain appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no system can be entirely secure; you transmit data at your own risk and should ensure your credentials are kept confidential.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data in certain circumstances.
• Restriction: request that we restrict processing of your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@nebula500.com. We will respond within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies and Tracking

We use strictly necessary cookies to operate the Service (e.g. session management and authentication). We may use analytics cookies to understand how the Service is used, subject to your consent where required. You can control cookie preferences through your browser settings, though disabling certain cookies may affect functionality.

11. Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at info@nebula500.com and we will take steps to delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date and, where required, by sending a notice to the email address associated with your account. Your continued use of the Service after such changes constitutes acceptance of the updated Policy.

13. Contact Us

For questions, concerns, or to exercise your rights, please contact our data protection contact at: