Nebula Finance
Join Waitlist
Back to Nebula

Privacy Policy

Nebula Finance Ltd  ·  Last updated 27 June 2026

Introduction

Welcome to Nebula Finance Ltd's Privacy and Data Protection Policy. At Nebula Finance Ltd ("we", "us", or "our") we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and all other mandatory laws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, process, and keep your data safe. It will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.

The individuals from which we may gather and use data can include: Customers, Suppliers, Business contacts, Employees/Staff Members, Third parties connected to your customers, and any other people that the organisation has a relationship with or may need to contact.

Who is Your Data Controller

Nebula Finance Ltd is your Data Controller and responsible for your Personal Data. We are not obliged by the UK GDPR to appoint a data protection officer and have not voluntarily appointed one at this time.

Any inquiries about your data should be sent to us at enquiries@nebulafin.co or by letter to 124 City Road, London, EC1V 2NX, United Kingdom.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Processing Data on Behalf of a Controller

As Data Controller, we have employees who will deal with your data on our behalf ("Processors"). The Data Controller and our Processors have the following responsibilities:

  • Ensure that all processing of Personal Data is governed by one of the legal bases laid out in the UK GDPR
  • Ensure that Processors are committed to confidentiality or are under an appropriate statutory obligation of confidentiality
  • Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk
  • Obtain prior specific or general authorisation of the Controller before engaging another Processor
  • Assist the Controller in fulfilling obligations to respond to requests for exercising data subject rights
  • Maintain a record of all categories of processing activities carried out on behalf of a Controller
  • Notify the Controller without undue delay after becoming aware of a Personal Data Breach

Types of Data / Privacy Policy Scope

"Personal Data" means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of Personal Data about you:

Profile / Identity DataName, date of birth, gender
Contact DataEmail address, phone number, address
Marketing & CommunicationsPreferences in receiving marketing updates
Billing DataDebit/credit card details, billing address
Financial DataBank account, sort code
Open Banking DataWhere you connect an account, transaction history and balances accessed via your FCA-regulated Open Banking provider, with your explicit consent
Compliance DataCompany, tax and engagement details you provide for IR35, Corporation Tax, VAT and Self Assessment workflows
Transactional DataRecords of payments you've made for our services
Device & App UsageDevice identifiers, IP address, OS, crash data, diagnostics, cookies, app interactions, approximate location
Analytics DataLog files, events, and performance data to improve the App

We do not collect any Special Categories of Personal Data about you (including race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, or genetic and biometric data), nor any information about criminal convictions and offences.

The Legal Basis for Collecting That Data

The main lawful bases we rely on under the UK GDPR are:

  • Consent — Certain situations allow us to collect your Personal Data, such as when you opt in to receive email newsletters.
  • Contractual Obligations — We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
  • Legal Compliance — We're required by law to collect and process certain types of data, such as in cases of fraudulent activity or other illegal actions.
  • Legitimate Interest — We might need to collect certain information to meet our legitimate interests, where this will not have a material impact on your rights, freedom, or interests.

How We Use Your Personal Data

We will only use your Personal Data when the law allows us to. We will never process your data without a legal basis for doing so.

Marketing and Content Updates

You will receive marketing and new content communications from us if you have created an account and chosen to opt into receiving those communications.

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible reason. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

Open Banking

Where you choose to connect a bank account, we access your transaction history and balances through an FCA-regulated Open Banking provider, and only with your explicit consent. We use this data solely to deliver the service — categorising transactions, tracking tax reserves, and supporting your compliance workflows. You can withdraw your Open Banking consent at any time, in the App or with your bank, and we will stop accessing new data when you do.

Automated Processing and AI

Nebula uses automated processing, including artificial-intelligence models, to categorise transactions and to produce explainable IR35, Corporation Tax, VAT and salary/dividend assessments. These outputs are designed as decision support: every assessment shows its reasoning and the underlying HMRC guidance or legislation so you can review and verify it.

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without a meaningful opportunity for human review. You can ask us about how an automated output was reached, request human review, or contest a result by contacting us at enquiries@nebulafin.co. We do not use your financial data to train models for use by other organisations.

Your Rights and How You Are Protected

Your account information will be protected by a password for your privacy and security. You need to prevent unauthorised access to your account by selecting and protecting your password appropriately and limiting access to your computer or device.

Account Deletion: You may delete your account and associated personal data directly from within the App via Settings → Delete Account, or by contacting us to request deletion. Certain records may be retained where required by law.

California Privacy Rights: Under California Civil Code sections 1798.83–1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information we share with affiliates and/or third parties for marketing purposes. Please submit a written request to us if you are a California resident and would like a copy of this notice.

Children's Privacy

Our services are not directed at children under 13. We do not knowingly collect data from children under 13. If we learn we have done so, we will delete such data promptly.

How Nebula Finance Ltd Protects Your Personal Data

We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights and are bound by obligations of confidentiality.

Your data is stored on AWS (Amazon Web Services) infrastructure, fully compliant with AWS GDPR standards, including encryption at rest and in transit. AWS maintains ISO 27001, SOC 1/2/3, and GDPR certifications across its EU regions. Your data is processed and stored within the AWS EU (London) region and never leaves UK/EEA jurisdiction.

Unfortunately, no transmission of data over the internet is guaranteed to be completely secure. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us immediately.

Opting Out of Marketing Promotions

You can ask us to stop sending you marketing messages at any time by contacting us. Where you opt out of marketing messages, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your marketing preferences.

How to Request Your Data

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply with your request.

We may need to request specific information from you to help confirm your identity and ensure your right to access your Personal Data. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

Your Data and Third Parties

We may share Personal Data with interested parties in the event that Nebula Finance Ltd anticipates a change in control or the acquisition of all or part of our business or assets. If Nebula Finance Ltd is sold or makes a sale or transfer, we may transfer, sell, or assign your Personal Data to a third party as part of that transaction.

We may share your Personal Data at any time if required for legal reasons or in order to enforce our terms or this Privacy Policy.

Third-Party Links

This site may include links to third-party websites, plug-ins, and applications. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our site, we encourage you to read the privacy policy of every website you visit.

How Long Will We Retain Your Data

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

International Transfer of Data

Your data is processed and stored within the UK / EEA — primarily in the AWS EU (London) region — and we design our stack to keep it there. In the limited cases where a sub-processor operates outside the UK/EEA, we rely on appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, or Standard Contractual Clauses. We will not transfer your Personal Data outside the UK/EEA without such safeguards in place.

Notification of Changes and Acceptance of Policy

We keep our Privacy Policy under review and will place any updates on this page. This version was last updated on 27 June 2026. By using Nebula Finance Ltd, you consent to the collection and use of data by us as set out in this Privacy Policy. Continued access or use of Nebula Finance Ltd will constitute your express acceptance of any modifications to this Privacy Policy.

Contact Us

For any inquiries about your data or this Privacy Policy, please contact us:

Nebula Finance Ltd — Data Controller

124 City Road, London, EC1V 2NX, United Kingdom

enquiries@nebulafin.co

Nebula Finance

Compliance as a Service for UK Ltd contractors and PSCs.
IR35, Corporation Tax and salary/dividend — in one place. FCCA-founded.

Product

  • How it works
  • Pricing
  • Join Waitlist

Resources

  • IR35 Hub New
  • IR35 Hub demo
  • Product tour
  • AI & Accounting
  • All Blog Posts

Company

  • About Us
  • For investors
  • Partner with us
  • Privacy Policy
  • Terms of Service

Regulatory notice: Nebula Finance provides accounting software and AI-assisted guidance. It does not provide regulated financial advice. For complex IR35 disputes, consult a qualified tax adviser.

© 2026 Nebula Finance Ltd. Registered in England & Wales.