Skip to main content
Legal · Cookies

Cookie Policy

How NebulaHex uses cookies and browser storage. Strictly necessary cookies, plus optional analytics that load only with your consent — no advertising or cross-site tracking.

Last updated: May 30, 2026

Jump to section

01

Introduction

NebulaHex Pvt Ltd (“NebulaHex,” “we,” or “us”) uses a deliberately minimal set of cookies and browser storage mechanisms to operate the Service. This Cookie Policy explains what we use, why we use it, and what we do not use.

This Policy supplements our Privacy Policy, which describes how we handle personal data more broadly. Defined terms not specified here have the meanings given in the Privacy Policy.

For the purposes of this Policy, “cookies” refers to small text files placed on your device by a website. “Browser storage” refers to related technologies including localStorage, sessionStorage, and IndexedDB. We use the terms collectively unless a distinction matters.

02

Categories We Use

We use cookies and browser storage in two strictly-necessary categories required to deliver the Service, plus one optional analytics category that loads only if you consent. The strictly-necessary categories are:

  • Authentication: session cookies set by our authentication provider so you stay signed in to the dashboard.
  • Widget continuity: browser sessionStorage used by the embeddable chat widget to maintain a coherent conversation within a single browser tab.

Both categories are essential to operating the Service. Disabling them will prevent the affected functionality from working — you will not be able to sign in, and chat widgets embedded on customer sites will not retain conversation continuity within a tab.

In addition, with your consent we use Google Analytics 4 to understand how visitors use our marketing site. These analytics cookies (named _ga and _ga_*) are optional, are set only after you accept analytics in our cookie banner, and can be withdrawn at any time. They are not set if you decline or if your browser sends a Global Privacy Control signal.

Strictly necessary cookies are exempt from prior-consent requirements under the EU ePrivacy Directive and equivalent regulations in other jurisdictions. Our optional analytics cookies are not exempt and are therefore loaded only after you grant consent.

03

Authentication Cookies

We use Clerk as our authentication and session-management provider. Clerk sets a small number of first-party cookies on the clerk.nebulahex.com subdomain to manage your authenticated session.

These cookies allow us to:

  • Recognize you as a signed-in user across requests, so you do not have to re-authenticate on every page load.
  • Maintain session integrity and detect anomalous behavior consistent with session hijacking.
  • Enforce sign-out across all open tabs when you sign out from any one of them.

The specific cookie names are managed by Clerk and may change as Clerk updates its SDK; we do not document individual cookie names because they are implementation details we do not control. For details, see Clerk’s own documentation.

Authentication cookies are set only when you sign in. They are scoped to clerk.nebulahex.com and are not shared with other domains. They are cleared automatically when you sign out, and they expire on their own when their lifetime ends.

04

Widget Browser Storage

The NebulaHex embeddable chat widget — the small chat bubble that operators install on their own websites — uses browser sessionStorage to maintain conversation continuity within a single browser tab.

The single key written by the widget is nhx_sid_<botId> — an opaque session identifier used to associate messages within the same tab with the same conversation. Per-bot scoping ensures that a visitor interacting with multiple bots on the same site has independent conversations for each.

This is sessionStorage, not a cookie. It is scoped to the originating website’s domain, accessible only to that tab, and cleared automatically when the tab is closed. It is never sent in HTTP request headers and is never shared across tabs or browsers.

The widget does not write any cookies on the customer site. It does not use localStorage. It does not use IndexedDB. It does not fingerprint visitors.

05

Third-Party Resources

The chat widget loads two small open-source libraries at runtime — a Markdown renderer and an HTML sanitizer — from the public CDN esm.sh. These libraries are necessary to safely render formatted bot replies inside the widget.

When a visitor opens the widget, their browser makes HTTPS requests to esm.sh to fetch these libraries. esm.sh and any network intermediary between the visitor and esm.sh can observe that the request was made, including the visitor’s IP address, user-agent, and the requested library versions. esm.sh does not set cookies or write to browser storage in connection with these requests.

We are evaluating self-hosted bundling of these libraries to remove this dependency entirely. Until that lands, the runtime fetch from esm.sh is the only third-party resource the widget loads.

Our marketing site and dashboard also load Material Symbols web fonts from Google Fonts ( fonts.googleapis.com and fonts.gstatic.com). This transfers your IP address to Google solely to deliver the font files; no cookies are set and no analytics are collected through these font requests.

06

What We Don’t Use

We have made deliberate choices about what we do not put on your device. As of the date of this Policy, the NebulaHex marketing site, dashboard, and chat widgets do not use any of the following without your explicit consent:

  • Advertising or retargeting cookies (no Meta Pixel, no Google Ads remarketing tag, no LinkedIn Insight Tag, no TikTok Pixel, no equivalent).
  • Analytics cookies that load without your consent (our Google Analytics 4 is optional and loads only after you accept; we use no Mixpanel, Amplitude, Hotjar, or Segment-mediated equivalents).
  • Cross-site tracking cookies of any kind.
  • Browser fingerprinting techniques used to identify visitors across sites.
  • Social-network share-button cookies that pre-load tracking before you click a share button.
  • Session-replay or behavior-recording tools.

We do not sell or share personal information collected through cookies or browser storage with third parties for their own marketing or advertising purposes.

07

Consent & Your Choices

We use a cookie consent banner so you can grant or refuse optional analytics cookies. Strictly-necessary cookies are always active because the Service cannot function without them; analytics cookies load only after you accept.

  • Our Cookie Policy and Privacy Policy describe every category we use, including the optional analytics category.
  • A consent banner lets visitors grant or refuse non-essential cookies. Analytics cookies are not set before consent in the European Economic Area, the United Kingdom, and other jurisdictions that require prior consent.
  • You can revisit and change your consent preferences at any time through the banner.
  • We honor Global Privacy Control and "Do Not Sell or Share My Personal Information" signals where applicable under California and other state privacy laws — when detected, optional cookies default to off.

Sections 02 through 05 describe every cookie and browser-storage item NebulaHex uses, including the optional analytics cookies set only with your consent.

08

Managing Cookies

Most modern browsers allow you to view, manage, and delete cookies through their preferences or settings interface. You can also configure your browser to block cookies from specific sites or to clear all cookies when the browser closes.

The strictly-necessary cookies and storage described in this Policy are required to operate the Service, so blocking or deleting them will affect functionality. Optional analytics cookies can be refused at any time through our consent banner without affecting how the Service works. In particular:

  • Blocking authentication cookies will prevent you from signing in to the NebulaHex dashboard.
  • Blocking sessionStorage will cause the chat widget to lose conversation continuity if a visitor refreshes a page or navigates within the same tab.

For general guidance on managing cookies across browsers, independent resources such as allaboutcookies.org publish current per-browser instructions.

09

Changes to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide additional notice through the dashboard or by email.

We encourage you to review this Policy periodically to stay informed about how we use cookies and browser storage.

10

Contact Us

If you have any questions about this Cookie Policy or our use of cookies and browser storage, please contact us at:

privacy@nebulahex.com

Last updated: May 30, 2026.