Last updated: 10 May 2026
The controller responsible for data processing on this website is:
René Knierim
Nimbus Solutions
Apoldaer Str. 21
12249 Berlin
Germany
Email: support@testnimbus.dev
The following overview summarizes the types of personal data processed and the purposes of processing:
See our Subprocessors page for the full list of third parties processing personal data on our behalf.
We process personal data on the following legal bases under the GDPR:
This website is hosted by Fly.io (Fly.io, Inc., 29 S LaSalle St Suite 440, Chicago, IL 60603, USA). The hosting provider collects the following data transmitted by your browser in server log files: IP address, date and time of request, time zone difference to GMT, content of the request, HTTP status code, amount of data transferred, referrer URL, and browser information.
Processing is based on Art. 6(1)(f) GDPR. There is a legitimate interest in the technically error-free presentation and optimization of the website.
We use Supabase (Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992; EU data hosted in Ireland) for account sign-up, sign-in, session management, and to store account, team, and license metadata.
When you create an account, the following data is stored: email address, hashed password or OAuth provider identifier (Google, GitHub), account metadata, subscription state, team memberships, consent records, and license keys (encrypted at rest). When you sign in, Supabase issues a session token that is stored in your browser's session storage to keep you signed in for the duration of the browser session. No cookies are set by this process.
Legal basis: Art. 6(1)(b) GDPR (performance of the contract for the Nimbus service) and, for waitlist signups before contract, Art. 6(1)(a) GDPR (consent).
Storage location: European Union (Ireland). Supabase privacy policy: supabase.com/privacy.
We use Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to process payments, manage subscriptions, calculate tax, and issue invoices. Stripe is a PCI-DSS Level 1 certified payment processor.
When you purchase a Nimbus subscription, you are redirected to a Stripe-hosted checkout page. The following data is processed by Stripe on our behalf: email address, billing address, country, VAT ID (for business customers), card last 4 digits and brand (we never see or store the full card number), transaction history, and invoice records. Stripe also stores the cookies necessary to operate its checkout and customer portal — these are set on Stripe's domain, not on testnimbus.dev.
Some processing may take place in the United States via Stripe, Inc. Such transfers are covered by EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).
Legal basis: Art. 6(1)(b) GDPR (performance of the purchase contract) and, for invoice retention, Art. 6(1)(c) GDPR (legal obligation under §147 AO and §14b UStG, ten-year retention).
Stripe DPA: stripe.com/legal/dpa · Privacy policy: stripe.com/privacy.
We use Keygen, Inc. (United States) to issue, validate, and track activations of Nimbus software licenses. License validation occurs from the Nimbus CLI on your machine and from this website during sign-in flows.
The following data is processed by Keygen on our behalf: email address (used as the license name), Supabase user ID (as license metadata), machine fingerprint, hostname, operating system platform, and the timestamp of the most recent license heartbeat. This information is used to enforce per-seat license limits, detect license misuse, and provide license-management functionality in the customer portal.
Keygen processes data in the United States. Such transfers are covered by EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).
Legal basis: Art. 6(1)(b) GDPR (performance of the license contract) and Art. 6(1)(f) GDPR (legitimate interest in preventing license abuse).
Keygen DPA: keygen.sh/terms · Privacy policy: keygen.sh/privacy.
We use Sentry (Functional Software EMEA Ltd., Hanover Quay, Dublin 2, Ireland; parent company: Functional Software, Inc., USA) to detect and investigate errors on this website and in our edge functions. Sentry only receives data when something goes wrong; it does not track page views, user behavior, or successful interactions.
The following data is sent to Sentry when an error is reported: error type and message, stack trace, page URL, browser type, and operating system. IP addresses are anonymized server-side(Sentry's sendDefaultPii option is disabled). We do not send email addresses, user identifiers, or request bodies to Sentry.
Storage location: European Union (Frankfurt) via Sentry's EU data residency option. Sentry's corporate structure includes US entities; any incidental access from the United States is covered by EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating a stable, error-free service. The data minimization described above forms part of the proportionality assessment. No cookies or local storage are used by Sentry.
Sentry DPA: sentry.io/legal/dpa · Privacy policy: sentry.io/privacy.
The Nimbus CLI signs in by opening this website in your browser. After you authenticate via Supabase, the website redirects back to a local URL (http://localhost) on your own machine, passing your email, user ID, and license key as URL parameters so the CLI can store them locally. No third party intercepts this exchange — the redirect target is your own loopback address.
Once stored, the CLI uses the license key to activate the running machine with Keygen (see section 7) and to authenticate API requests to Nimbus services. License credentials are stored in a configuration file in your home directory and never leave your machine except to validate against Keygen.
testnimbus.dev sets no cookies. We do not use analytics, advertising, or retargeting tools. Error monitoring (see §8) operates without cookies and with anonymized IPs.
The website uses your browser's session storage to keep you signed in for the duration of the browser session (Supabase session token — cleared when you close the browser tab) and your browser's local storage for non-tracking user-interface preferences (e.g., feature preview toggles). Both are local to your browser and are never transmitted to us. No consent banner is required because no information is stored or read for purposes other than those strictly necessary to provide the service you requested (§25(2) TDDDG).
When you complete a purchase, the Stripe-hosted checkout page sets cookies on Stripe's own domain (not on testnimbus.dev) that are strictly necessary to process the payment. See section 6 for the Stripe privacy policy link.
When you contact us by email, your information is stored for the purpose of processing the inquiry and for follow-up questions. We will not share this data without your consent.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in processing inquiries).
You have the following rights regarding your personal data:
You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
Where we process data in a third country (outside the EU/EEA) or where this occurs through the use of third-party services, this only takes place on the basis of an EU Commission adequacy decision, standard contractual clauses (Art. 46(2)(c) GDPR), or your explicit consent.
This privacy policy is current as of May 2026. Due to the ongoing development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.