Introduction
This Privacy Policy applies to the personal data that Nebius B.V., Schiphol Boulevard 165, 1118 BG Schiphol, the Netherlands (“Nebius,” “we,” “us,” or “our”) collects as a controller in connection with our website - https://infiniteloop.media/ (“Site”), including when you:
Visit or interact with our Site.
Subscribe to our newsletters.
Manage your subscription.
After reading this Privacy Policy, please review the State- or Country‑Specific Provisions at the end, which may supplement or - where required by law - take precedence over any conflicting terms.
Terms and Definitions
This Privacy Policy uses the key terms as defined by the EU General Data Protection Regulation (GDPR). Unless we explicitly state otherwise, these terms carry the same meanings and must be interpreted in accordance with the GDPR.
GDPR: This term stands for General Data Protection Regulation, the EU Regulation (EU) 2016/679 of the European Parliament and of the Council, adopted on 27 April 2016 and in force since 25 May 2018. It sets uniform rules across the European Union for the processing of personal data and the protection of individuals’ privacy rights.
Personal data: This term means any information relating to an identified or identifiable natural person (“data subject”).
Controller: This term means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Performance of the contract: This term refers to the legal basis provided under Article 6(1)(b) of the GDPR. It means that the processing of personal data is necessary for the performance of a contract between you as a data subject and us, or to take steps at your request before entering into a contract.
Consent: This term means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Legal obligation: This term refers to the legal basis provided under Article 6(1)(c) of the GDPR. It means that the processing of personal data is necessary for compliance with a legal obligation to which we, as the controller, are subject.
Legitimate interest: This term refers to the legal basis provided under Article 6(1)(f) of the GDPR. It means that the processing of personal data is necessary for the legitimate interests pursued by us or a third party. However, we want to clarify that we do not rely on this legal basis unless we have determined that our interests are not overridden by your interests or fundamental rights and freedoms as the data subject that require protection of personal data.
The standard contractual clauses approved by the EU Commission: This term refers to the appropriate safeguard for transfer of personal data to a third country provided under Article 46(2)(c) of the GDPR. For the purposes hereof, a third country is a country which is not in the EEA territory and is not recognized by the EU Commission as a country that ensures an adequate level of protection.
1. Personal Data We Collect
1.1. Personal Data You Provide to Us
Personal data that you voluntarily provide when you interact with our Site, such as:
Contact details: name, email address (e.g., when subscribing to newsletters or contacting us)
Profile data: when you register for newsletters
1.2 Automatically Collected Data
When you visit our Site, we automatically collect technical and usage information through cookies and similar technologies, such as:
IP address
Browser and device information
Pages viewed, time spent on pages, click activity
This may include identifiers that are considered personal data under applicable law.
2. Why We Process Your Personal Data
We collect and use personal data only for the purposes strictly necessary to:
To provide, operate, and maintain the Site.
To understand and analyze how you use our Site.
To manage your newsletter subscription.
To send newsletters (if you are subscribed to our newsletters).
To improve user experience
To comply with legal obligations and enforce our rights
Processing is based on applicable legal grounds, such as your consent, our legitimate interests (e.g., Site maintenance), or compliance with legal requirements.
Consent where required by law
In certain jurisdictions outside the EEA, local laws may require your explicit consent before we process your personal data. By accessing, browsing, or using our websites, you agree to the processing of your personal data as outlined in this Privacy Policy. You may withdraw your consent at any time your withdrawal will not affect the legality of any processing carried out before you withdrew it.
3. To Whom We Disclose Your Personal Data
We may share certain personal data with the following recipients, as required or permitted by applicable law and our legitimate interests:
Nebius Group:
To ensure the proper functioning, security, and development of the Site, we may share your personal data within the Nebius Group.Service providers:
We engage third-party service providers to support the operation and development of the Site, including website hosting, analytics, content delivery, marketing communications, and technical maintenance. These providers may access personal data only to the extent necessary to perform their services on our behalf, and they are contractually prohibited from using or disclosing this data for any other purpose.Marketing and analytics providers:
With your prior consent, we may share data with marketing and analytics providers (e.g., Google Analytics) to understand and improve how you use our Site.Legal Disclosures:
We may disclose your information if required by law, subpoena, or other legal process - or whenever we have a good‑faith belief that disclosure is necessary to: investigate, prevent, or take action on suspected or actual unlawful activities, or to assist law‑enforcement agencies; protect the security or integrity of our Site; safeguard the rights, safety, or property of Nebius, our users, employees, or others.
Change in Control or Sale:
We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy or as required by law.
4. Your Rights
According to the GDPR, you have certain rights as a data subject, including the right to access, right to data portability, right to rectification, right to withdraw consent, right to object, right to erasure, right to restriction of processing, right to lodge a complaint, and right to contact a Data Protection Authority (DPA). Please be aware that there may be limitations or exceptions to these rights, depending on the specific circumstances and legal requirements. If anything is unclear, please don't hesitate to contact us and ask any questions. Below, you can find more information about these rights and how you can exercise them.
Right of Access
You may request access to the personal data we hold about you. We’ll provide details about how and why we process your data, the categories of data involved, any recipients, and other relevant information.Right to Data Portability
You may receive the personal data you’ve provided to us in a structured, commonly used, machine‑readable format, and you can request that we transmit it directly to another controller where technically feasible.Right to Rectification
If you believe your personal data is inaccurate or incomplete, you may request that we correct or update it.Right to Withdraw Consent
If our processing relies on your consent, you can withdraw it at any time. Withdrawal won’t affect the lawfulness of any processing carried out before you withdrew consent.Right to Object
You can object to our processing based on legitimate interests or for direct marketing. We will stop processing unless we have compelling legitimate grounds or a legal requirement to continue. Objections to direct marketing are always honored.Right to Erasure (“Right to Be Forgotten”)
You may request deletion of your personal data unless processing is necessary for freedom of expression and information, compliance with a legal obligation, public‑interest tasks, or the establishment, exercise, or defence of legal claims.Right to Restrict Processing
You may request that we suspend processing of your personal data if:You contest its accuracy;
The processing is unlawful, and you oppose erasure;
We no longer need it, but you require it to establish, exercise, or defend legal claims; or
You have objected to processing pending verification of our legitimate grounds.
Right to Lodge a Complaint
You may lodge a complaint with the supervisory authority in your country of residence, or with our lead supervisory authority - the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), if you believe we have infringed your rights. You can find a list of local data protection authorities here; for Israel – here.
Once you submit a request, we will review and respond promptly - typically within 30 days. In certain cases, we may need additional time to investigate and fulfil your request. Once completed, we will confirm via the email address you provided.
By submitting a request, you confirm that you are the individual to whom the data relates and that you have the legal capacity and authority to act on your own behalf. We may verify your identity using the information you supply if there is any doubt. Additionally, where required by law, we may need to share your request and our response with third parties, including regulatory authorities.
All requests must be submitted to [email protected].
5. Retention of Your Personal Data
We retain your personal data only for as long as it is necessary to fulfil the scopes described in this Privacy Policy. The exact length of time may vary depending on the type of data, the scope of processing, and the category of users involved.
Please consider that non‑personal data may be retained and used by Nebius without limitation, in particular for archiving purposes, public‑interest, statistical, historical or scientific research purposes.
6. Overseas Personal Data Transfers
As a global organization, we may also process and transfer your personal data to other group companies or to third parties around the world for the purposes set out in this Privacy Policy - specifically, specifically, to operate and maintain the proper functioning of the Site, to respond to your requests, or, where applicable, based on your consent.
Whenever we transfer your personal data outside the EU and EEA, we ensure its protection by implementing appropriate safeguards, including:
adopting the European Commission’s Standard Contractual Clauses (and their approved equivalents for Switzerland and the UK), or other approved transfer mechanisms;
encrypting personal data in transit;
maintaining internal policies to restrict access and promote awareness.
For an overview of data‑protection standards by country, please visit https://www.cnil.fr/en/data-protection-around-the-world.
7. Cookies
As outlined in our Cookie Notice, we use cookies and similar technologies such as pixels, ad tags and local storage to improve your experience, provide convenience, maintain security and serve you tailored ads. For simplicity, we call all these tools “cookies.” In practice, cookies support functions like authentication, security, feature enablement, advertising and analytics. There are two types of cookies: first‑party cookies set by us, and third‑party cookies set by our vetted partners.
We collect marketing and analytics cookies based on your consent obtained via the cookie banner. If you’ve granted consent for cookies, you may modify or withdraw that consent at any time via the “Customize cookies” option on our Site.
8. Security of Your Personal Data
Nebius maintains a dedicated security team and employs a combination of technical, administrative and physical controls to safeguard the personal data we process. We continually update and rigorously test these measures to ensure they remain state‑of‑the‑art.
However, no system is completely impervious to attack, and no internet transmission can be guaranteed secure. While we strive to protect your data, we cannot promise that unauthorized access, hacking, data loss or other breaches will never occur. Any transmission of information is at your own risk.
9. State- or Country-Specific Provisions
9.1. United States of America
A. Privacy Information for California Residents
This section of the Privacy Policy applies only to California residents. If you are a California resident, this section will prevail over other parts of the Privacy Policy in case of any discrepancies. To avoid any misunderstanding, personal information has the same meaning as personal data.
Personal Information Collected over the Last 12 Months
Personal information we collected directly from you:
Categories of data collected | Data collected from you and why it was collected |
Characteristics of protected classifications under California or Federal law | We do not intentionally collect any information on your protected classifications |
Commercial information | We do not collect commercial information |
Precise Geolocation Data | We do not collect precise geolocation data |
Financial Information | We do not collect financial information |
Biometric Data | We do not collect biometric data |
Audio, electronic, visual, thermal, olfactory, or similar information | We do not collect audio, electronic, visual, thermal, olfactory, or similar information |
Internet/Network Activity | Internet Protocol address (IP address), browser type and language, sending and exiting pages, information about the date and time stamps, information about visits, logs |
Professional or Employment-related Information | We do not collect professional or employment-related Information
|
Education Information | We do not collect Education Information |
Device Information | Operating system, browser type, device ID (with consent) |
Categories of Personal Information Sold in the last 12 months
We do not sell your personal information to third parties.
Categories of Personal Information Disclosed over the last 12 months
Categories of Data Disclosed | Types of Entities to Which Data Was Disclosed | Reason for Disclosure of Data | Categories of Recipients |
Internet/Network Activity Professional, Device Information | Please see section 3 with the detailed description | Please see section 2 with the detailed description | Please see section 3 with the detailed description |
Information we sell
Nebius does not sell your personal information to third parties. “Sale” excludes transfers that occur as part of a merger, acquisition, asset sale or other similar business transaction involving all or part of Nebius. In such cases, your personal information may be transferred to the acquiring entity. If a transaction will materially change how we process your personal information, we will notify you beforehand.
Your California Privacy Rights
We have implemented policies and procedures to help facilitate the exercise of privacy rights available to California residents under applicable law. If you are a California resident, you are entitled to the rights described in Section 4 of this Privacy Policy. In addition, you may be entitled to the following:
Disclosure of Direct Marketers
California law allows California residents once a year to request information regarding our disclosure of your personal information, if any, to third parties for those third parties’ direct marketing purposes during the preceding calendar year. This information includes:
a. The categories of information we disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year;
b. The names and addresses of third parties that received the information; and
c. If the nature of the third party’s business cannot be determined from their name, to obtain examples of the products or services marketed.
Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information
Upon receipt of a verifiable request, you may obtain a list of:
the specific pieces of your personal information that Nebius holds;
the categories of personal information collected about you, sold to third parties, or disclosed to third parties for business purposes;
the categories of personal information sold within the last 12 months;
the categories of sources from which personal information is collected;
the business or commercial purpose for collecting or selling personal information; and
the categories of third parties with whom personal information is shared, sold, or disclosed for a business purpose.
Right to Opt-Out of the Sale of Personal Information
California residents have the right to opt-out of the sale of their personal information under certain circumstances.
Right to Non-Discrimination
As defined under relevant law, you have a right to non-discrimination in the services or quality of services you receive from us for exercising your rights.
Please contact us with the use of contact details specified in Section 13 of this Privacy Policy if you wish to exercise these rights. Note that we may ask you to verify your identity - such as by requiring you to provide information about yourself - before responding to such requests.
Submitting a Verifiable Request under the CCPA
California residents have certain rights regarding their personal information under the California Consumer Privacy Act of 2018 ("CCPA"). Nebius will respond to an individual's "verifiable request" to exercise their rights under the CCPA - that is, when Nebius has received a request purporting to be from a particular individual, and Nebius has been able to verify the individual's identity. The need to verify an individual's identity is crucial to protecting your information and ensuring that it is not shared with someone pretending to be you or not authorized to act on your behalf.
You may submit a verifiable request using the contact details specified in Section 13 of this Privacy Policy. To process your request, we will ask you to provide information to help us verify your identity. This information may include your name, address, whether you have an account with Nebius, and any other information deemed necessary to reasonably verify your identity.
Once we have your submission, we will compare the information you provide to the information we have on file to verify your identity. If necessary, we may request additional information if we have difficulty confirming your identity.
We will not share your information or fulfil any requests if we are unable to confirm that a request is a "verifiable request". If we cannot verify your identity, we will not be able to process your request.
Submitting a request through an authorized agent
Under California law, a California resident can appoint an “authorized agent” to submit certain verifiable requests on their behalf, such as the right to know what information we collect or to request the deletion of the consumer's information. An authorized agent may submit a request by following the steps outlined above.
An authorized agent may submit a request by following the steps outlined above. However, the agent must identify the consumer they are acting on behalf of and provide the information necessary for us to verify the consumer’s identity. Additionally, we will require the authorized agent to submit proof of their authorization to act on the consumer’s behalf.
To ensure the security and privacy of your information, we will request that you provide written consent for the person acting as your authorized agent. This consent may include us contacting you directly to confirm that the individual claiming to be your agent has your permission to access or delete your information. We will also verify your identity independently to ensure that an unauthorized person is not attempting to exercise your rights without permission.
We will not share your information or honour any requests in situations where you have not provided written authorization for an agent to act on your behalf, or where we are unable to verify your identity.
Submitting a Request for Removal of Minor Information
To request the removal of information about a minor from Nebius, parents or guardians may submit a request with the subject line “Removal of Minor Information.” This request must come from the minor’s parent or guardian; minors themselves may not submit information to us via email.
Your submission should include the following details:
the nature of your request
the identity of the content or information to be removed
whether the content or information is found
the location of the content or information (e.g., providing the URL of the specific web page where the content or information is found)
a statement that the request is related to the “Removal of Minor Information”
your name, street address, city, state, ZIP code, and email address
If we become aware that a minor has provided personal data or otherwise used by Nebius in violation of the Privacy Policy, we will take steps to remove that information.
Please note that our websites and services are not intended for use by individuals under the age of 18.
Our Notice on "Do Not Track" Signals under the California Online Protection Act
We do not support Do Not Track (DNT). DNT is a preference you can set in your web browser to inform websites that you do not wish to be tracked. You can enable or disable DNT by visiting the “Preferences” or “Settings” section of your web browser.
Please note that third parties may collect data about you. We cannot control how third parties respond to Do Not Track signals or other similar mechanisms. The collection and use of data by third parties, and their responsiveness to Do Not Track signals, is governed by their respective privacy policies.
B. Privacy Information for Residents of other States (Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia):
Unless otherwise stated by the law of your state of residence, the provisions in Chapter A “Privacy Information for California Residents” will apply to the processing of your data. If you have questions related to your rights or any other aspects of this Privacy Policy, please contact us using the methods outlined in Section 13.
Your Rights under various United Sates state data privacy laws such as the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Kentucky Consumer Data Protection Act, Maryland Online Data Privacy Act, Minnesota Consumer Data Privacy Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire SB 255, New Jersey SB 332, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.
For residents from the states of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia this section allows you to exercise your rights under the applicable state law.
Right to Confirm: The right to confirm whether your personal data is being processed.
Right to Access / Disclosure: The right to have access to your personal data upon simple request – that is, you may receive a copy of such data upon receipt of a verifiable request, along with other information related to the processing of your data.
Right to Data Portability: the right to obtain, move, copy, or transfer data as defined by applicable law.
Right to Correction/Rectification: The right to correct your personal data if you find it is inaccurate, incomplete or obsolete.
Right to Deletion: The right to obtain the deletion of your personal data in the situations set forth by applicable data protection law.
Right to Opt-Out: The right to opt out of the processing of your personal data for targeted advertising, as defined by applicable law as well as the right to opt out of the processing of sensitive data as defined by applicable law. Certain applicable laws also permit the right to opt out of the sale of personal data and profiling.
Right to Appeal: You may also have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request.
Submitting a Verifiable Request under the United States’ State Laws.
Residents of the above-mentioned states have certain rights regarding their personal information under applicable law. Nebius will respond to an individual's "verifiable request" to exercise their rights under these applicable laws - that is, when Nebius has received a request purporting to be from a particular individual, and Nebius has been able to verify the individual's identity. The need to verify an individual's identity is crucial to protecting your information and ensuring that it is not shared with someone pretending to be you or not authorized to act on your behalf.
You may submit a verifiable request using the contact details specified in Section 13 of this Privacy Policy. To process your request, we will ask you to provide information to help us verify your identity. This information may include your name, address, whether you have an account with Nebius, and any other information deemed necessary to reasonably verify your identity.
Once we have your submission, we will compare the information you provide to the information we have on file to verify your identity. If necessary, we may request additional information if we have difficulty confirming your identity.
We will not share your information or fulfil any requests if we are unable to confirm that a request is a "verifiable request". If we cannot verify your identity, we will not be able to process your request.
Not all requests will be fulfilled. Nebius is committed to complying with each and every data privacy protection law. However, in some circumstances, consumers are not entitled to certain requests. Nebius will hear all appeals if an appeal right is permitted under applicable law (e.g. the Tennessee Information Protection Act).
C. Profiling Disclosure
We do not engage in profiling of consumers in furtherance of automated decisions that produce legal or similarly significant effects, as those terms are defined under the Colorado Privacy Act.
D. Data Protection Assessments
Nebius will conduct all necessary data protection assessments for all applicable processing or other activities when required by applicable law.
10. Children
Our websites and services are not intended for use by individuals under the age of 18. We do not knowingly collect or process personal data from anyone under 18. If you are a parent or guardian of a minor and believe we have collected their data, you may contact us to exercise their rights as described in this Privacy Policy.
11. Difficulty Accessing this Privacy Policy
If you have a disability and cannot access our Privacy Policy online, please contact us (using the details in the Section 13) to request a copy in an alternative, more accessible format. We will not collect or process any health‑related or other sensitive personal data in connection with such requests.
12. Changes
Our business is continually evolving, and we may update this Privacy Policy to reflect those changes. We’ll post any revised version on our website, so we encourage you to review it periodically. If we make any material changes, we will notify you.
13. Contact Us
If you have any questions or concerns about your privacy, you may contact us or our data protection officer by writing to us at:
Nebius B.V., Schiphol Boulevard 165, 1118 BG Schiphol, the Netherlands (Attn: Privacy Office), or by emailing us at [email protected].
Publication date: December 17, 2025
Effective date: December 17, 2025
