Cookie Policy

NebulaHex Pvt Ltd (“NebulaHex,” “we,” or “us”) uses a deliberately minimal set of cookies and browser storage mechanisms to operate the Service. This Cookie Policy explains what we use, why we use it, and what we do not use.

This Policy supplements our Privacy Policy, which describes how we handle personal data more broadly. Defined terms not specified here have the meanings given in the Privacy Policy.

For the purposes of this Policy, “cookies” refers to small text files placed on your device by a website. “Browser storage” refers to related technologies including localStorage, sessionStorage, and IndexedDB. We use the terms collectively unless a distinction matters.

We use only cookies and browser storage that are strictly necessary to deliver the Service you have requested. These fall into two categories:

• Authentication: session cookies set by our authentication provider so you stay signed in to the dashboard.
• Widget continuity: browser sessionStorage used by the embeddable chat widget to maintain a coherent conversation within a single browser tab.

Both categories are essential to operating the Service. Disabling them will prevent the affected functionality from working — you will not be able to sign in, and chat widgets embedded on customer sites will not retain conversation continuity within a tab.

Strictly necessary cookies are exempt from prior-consent requirements under the EU ePrivacy Directive and equivalent regulations in other jurisdictions.

We use Clerk as our authentication and session-management provider. Clerk sets a small number of first-party cookies on the clerk.nebulahex.com subdomain to manage your authenticated session.

These cookies allow us to:

• Recognize you as a signed-in user across requests, so you do not have to re-authenticate on every page load.
• Maintain session integrity and detect anomalous behavior consistent with session hijacking.
• Enforce sign-out across all open tabs when you sign out from any one of them.

The specific cookie names are managed by Clerk and may change as Clerk updates its SDK; we do not document individual cookie names because they are implementation details we do not control. For details, see Clerk’s own documentation.

Authentication cookies are set only when you sign in. They are scoped to clerk.nebulahex.com and are not shared with other domains. They are cleared automatically when you sign out, and they expire on their own when their lifetime ends.

The NebulaHex embeddable chat widget — the small chat bubble that operators install on their own websites — uses browser sessionStorage to maintain conversation continuity within a single browser tab.

The single key written by the widget is nhx_sid_<botId> — an opaque session identifier used to associate messages within the same tab with the same conversation. Per-bot scoping ensures that a visitor interacting with multiple bots on the same site has independent conversations for each.

This is sessionStorage, not a cookie. It is scoped to the originating website’s domain, accessible only to that tab, and cleared automatically when the tab is closed. It is never sent in HTTP request headers and is never shared across tabs or browsers.

The widget does not write any cookies on the customer site. It does not use localStorage. It does not use IndexedDB. It does not fingerprint visitors.

The chat widget loads two small open-source libraries at runtime — a Markdown renderer and an HTML sanitizer — from the public CDN esm.sh. These libraries are necessary to safely render formatted bot replies inside the widget.

When a visitor opens the widget, their browser makes HTTPS requests to esm.sh to fetch these libraries. esm.sh and any network intermediary between the visitor and esm.sh can observe that the request was made, including the visitor’s IP address, user-agent, and the requested library versions. esm.sh does not set cookies or write to browser storage in connection with these requests.

We are evaluating self-hosted bundling of these libraries to remove this dependency entirely. Until that lands, the runtime fetch from esm.sh is the only third-party resource the widget loads.

We have made deliberate choices about what we do not put on your device. As of the date of this Policy, the NebulaHex marketing site, dashboard, and chat widgets do not use any of the following:

• Advertising or retargeting cookies (no Meta Pixel, no Google Ads remarketing tag, no LinkedIn Insight Tag, no TikTok Pixel, no equivalent).
• Third-party analytics cookies (no Google Analytics, no Mixpanel, no Amplitude, no Hotjar, no Segment-mediated equivalents).
• Cross-site tracking cookies of any kind.
• Browser fingerprinting techniques used to identify visitors across sites.
• Social-network share-button cookies that pre-load tracking before you click a share button.
• Session-replay or behavior-recording tools.

We do not sell or share personal information collected through cookies or browser storage with third parties for their own marketing or advertising purposes.

If we add cookies or browser storage that fall outside the strictly-necessary categories described above — for example, optional analytics or advertising tracking — we will:

• Update this Cookie Policy and our Privacy Policy to describe the new categories before deployment.
• Implement a consent banner that allows visitors to grant or refuse non-essential cookies, with consent required before any non-essential cookie is set in the European Economic Area, the United Kingdom, and other jurisdictions that require prior consent.
• Provide a persistent mechanism to revisit and change consent preferences at any time.
• Honor “Do Not Sell or Share My Personal Information” signals where applicable under California and other state privacy laws.

Until that point, the categories described in Sections 02 through 05 are the complete inventory of what NebulaHex writes to your device.

Most modern browsers allow you to view, manage, and delete cookies through their preferences or settings interface. You can also configure your browser to block cookies from specific sites or to clear all cookies when the browser closes.

Because the cookies and storage described in this Policy are strictly necessary to operate the Service, blocking or deleting them will affect functionality. In particular:

• Blocking authentication cookies will prevent you from signing in to the NebulaHex dashboard.
• Blocking sessionStorage will cause the chat widget to lose conversation continuity if a visitor refreshes a page or navigates within the same tab.

For general guidance on managing cookies across browsers, independent resources such as allaboutcookies.org publish current per-browser instructions.

We may update this Cookie Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide additional notice through the dashboard or by email.

We encourage you to review this Policy periodically to stay informed about how we use cookies and browser storage.

If you have any questions about this Cookie Policy or our use of cookies and browser storage, please contact us at:

privacy@nebulahex.com