Privacy Policy

NUVU LABS

Last updated: January 2025

This Privacy Policy ("Policy") explains how Nuvu Labs LLC ("Nuvu," "we," "us," or "our") collects, uses, shares, and protects personal data when you use:

  • Our websites, including nuvulabs.ai and any related subdomains
  • Our web-based account and management portals
  • Our products and services that link to this Policy, including the ComfyUI-Nuvu plugin and related tools

(collectively, the "Services").

By using the Services or providing us with personal data, you agree to the practices described in this Policy.

1. Who This Policy Applies To

This Policy applies to personal data we collect:

  • Directly from you when you interact with the Services
  • Automatically when you use the Services (e.g., through cookies or similar technologies)
  • From certain third parties we work with (e.g., authentication and payment providers)

It does not apply to:

  • Websites or services that do not link to this Policy
  • Any consulting or professional services we provide that are governed by a separate services agreement
  • Third-party services you access via links or integrations, which are governed by those third parties' policies

2. Children's Data

The Services are intended for adults in a business or professional context and are not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If we learn we have collected personal data from a child under 18 without verified parental consent, we will delete it.

3. Personal Data We Collect

"Personal data" means information that identifies or is reasonably capable of being associated with an identifiable individual.

3.1 Information You Provide Directly

Depending on how you use the Services, we may collect:

  • Account and contact information – name, business email address, company name, role, password or other login details
  • Billing and transaction information – subscription selections, plan details, billing address, tax information. We use third-party processors (e.g., Stripe) for payment; we do not store full payment card numbers on our own systems
  • Support and communications – information you provide in support requests, emails, chats, or other communications, including any logs or screenshots you choose to send
  • Customer Content – assets, workflows, project files, and other content you upload or make available through our account portals or in connection with support

3.2 Information Collected Automatically

When you use the Site or Services, we automatically collect certain technical and usage information, such as:

  • Device and log data – IP address, browser type and settings, operating system, device identifiers, date and time of access, pages viewed, referring/exit pages
  • Usage data – features used, workflow and plugin configuration metadata, performance metrics, error logs, and similar information about how you interact with the Services
  • Cookie and tracking data – information collected via cookies and similar technologies (see Section 6)

For the ComfyUI-Nuvu plugin specifically, we may collect limited telemetry such as license status, feature usage, and error reports, to verify access, keep the product secure, and improve stability.

3.3 Information From Third Parties

We may receive personal data about you from:

  • Authentication providers (e.g., Auth0) – basic profile and account identifier information used to log you in
  • Payment processors (e.g., Stripe) – payment status, subscription status, and limited billing details
  • Analytics and security providers – information about usage patterns, performance, and potential security issues

We may combine this information with data we collect directly from you.

3.4 Aggregated and De-Identified Data

We may create aggregated or de-identified data from personal data. Once aggregated or de-identified so it cannot reasonably be linked to an individual, it is no longer treated as personal data under this Policy. We may use and share such data for any legitimate business purpose.

4. How We Use Personal Data

We use personal data for the following purposes:

  • Providing the Services – operating, maintaining, and delivering the Site, account portals, and ComfyUI-Nuvu plugin; enabling log-in and access control; verifying subscription and license status
  • Customer support – responding to questions, troubleshooting issues, and providing technical and account support
  • Improvement and analytics – monitoring usage and performance, debugging, and improving features, workflows, and user experience (including through the use of analytics and limited telemetry)
  • Security and abuse prevention – detecting, preventing, and responding to security incidents, abuse, and misuse of the Services
  • Billing and administration – processing payments, invoicing, handling subscription management, and maintaining business records
  • Communications and marketing – sending important account notices, updates about the Services, and (where permitted) information about new features or offerings. You can opt out of non-essential marketing communications at any time (see Section 9)
  • Legal and compliance – complying with legal obligations, resolving disputes, enforcing our Terms of Service and other agreements, and protecting our rights and the rights of others

We do not use customer Input or Output to train our own or third-party models, except where explicitly agreed with you in writing.

4.1 Legal Bases (EEA/UK Only)

If you are in the European Economic Area ("EEA") or the United Kingdom ("UK"), we process your personal data on one or more of the following legal bases:

  • Performance of a contract – where processing is necessary to provide the Services, manage your account, process payments, or respond to your requests
  • Legitimate interests – for example, to secure and improve the Services, prevent abuse, and communicate with you about similar products or features, provided that our interests are not overridden by your rights and interests
  • Consent – where required by law (for example, certain marketing communications or non-essential cookies). When we rely on consent, you can withdraw it at any time, without affecting the lawfulness of processing before withdrawal
  • Legal obligations – where processing is necessary to comply with legal obligations, such as accounting or regulatory requirements

4.2 Controller / Processor Role

For most personal data we collect through the Site and account portals (for example, account, billing, and usage data), Nuvu acts as an independent controller.

For any personal data we process solely on your documented instructions in connection with an enterprise agreement (if applicable), Nuvu acts as a processor (or "service provider"), and the processing terms in that agreement (and any data processing addendum) will govern.

4.3 Data Processing Addendum

For certain enterprise customers, we may agree to additional data protection terms, including a Data Processing Addendum ("DPA") with standard contractual clauses or other transfer mechanisms for international transfers. Where applicable, those terms form part of your agreement with us and will prevail over this Policy in the event of conflict.

4.4 Automated Decision-Making

We do not use your personal data to make decisions that have legal or similarly significant effects on you solely by automated means.

5. How We Disclose Personal Data

We may disclose personal data as described below:

5.1 Service Providers and Sub-Processors

We share personal data with third-party vendors that perform services on our behalf, such as:

  • Authentication and identity management
  • Payment processing
  • Hosting and infrastructure
  • Analytics, error tracking, and security
  • Email and communications

These providers are authorized to use personal data only as necessary to provide services to us and are bound by appropriate contractual and security obligations.

5.2 Affiliates and Corporate Transactions

We may share personal data with our affiliates for purposes consistent with this Policy. We may also disclose personal data in connection with a corporate transaction (such as a merger, acquisition, financing, or sale of assets), where personal data may be transferred as part of the transaction.

5.3 Legal and Safety

We may disclose personal data to third parties if we reasonably believe such disclosure is necessary to:

  • Comply with law, legal process, or lawful requests by public authorities
  • Enforce our agreements, including our Terms of Service
  • Protect the rights, property, or safety of Nuvu, our users, or the public

5.4 With Your Direction or Consent

We may disclose personal data to other third parties when you ask us to or with your explicit consent.

We do not sell personal data as that term is commonly defined under U.S. state privacy laws, nor do we share personal data with third parties for their own independent marketing purposes.

6. Cookies and Similar Technologies

We use cookies and similar technologies on the Site and certain web-based parts of the Services to:

  • Remember your preferences and login status
  • Help secure your account
  • Understand how the Services are used
  • Improve performance and user experience

Cookies are small text files stored on your device. You can configure your browser to refuse cookies or to alert you when cookies are being set. If you disable cookies, some features of the Services may not function properly.

We may also use third-party analytics tools (for example, to understand how visitors use the Site). These providers may set their own cookies or similar technologies. We do not allow them to use data collected via our Services for their own independent marketing to you.

Where required by law, we will present a cookie banner or similar mechanism to obtain your consent to non-essential cookies and analytics.

7. On-Premise Operation and Your Environment

Nuvu's products are designed to run largely in your own or your organization's environment (including your local hardware, networks, storage, and cloud infrastructure). Consistent with our Terms of Service:

  • You are responsible for securing and maintaining your environment, including your local ComfyUI instance, storage volumes, and connected infrastructure
  • We do not provide primary storage or backup for your Customer Content, Input, or Output unless specifically stated in a separate agreement
  • The data we receive from your environment is limited to what is necessary to operate the Services (e.g., license checks, telemetry, and any assets you intentionally upload or share with us)

8. Data Security and Retention

8.1 Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal data from accidental loss and from unauthorized access, use, alteration, or disclosure. That said, no system or method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

The security of your information also depends on you. You are responsible for maintaining the security of your devices and account credentials and for deciding what information to transmit to us via email, chat, or other channels.

8.2 Retention

We retain personal data for as long as reasonably necessary to:

  • Provide the Services
  • Comply with legal, tax, or accounting obligations
  • Resolve disputes and enforce our agreements
  • Maintain appropriate business and security records

Retention periods vary depending on the type of data and the purposes for which we use it. When personal data is no longer needed, we will delete, anonymize, or otherwise dispose of it in a secure manner.

9. Your Choices and Rights

9.1 Email and Marketing Preferences

You can opt out of non-essential marketing emails by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at privacy@nuvulabs.ai

We may still send you transactional or service-related messages (for example, about your account, security, or important updates), even if you opt out of marketing communications.

9.2 Cookies and Tracking

You can manage cookies through your browser settings and, where provided, through any cookie banner or preferences tool on our Site. If you block or delete cookies, some parts of the Services may not function properly.

Some browsers or extensions support Global Privacy Control (GPC) or similar signals. Where legally required and technically feasible, we will treat such signals as a request to limit certain types of tracking or processing.

9.3 State-Law Privacy Rights (U.S.)

Depending on where you live, you may have certain rights under state privacy laws, which can include the right to:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your personal data, subject to legal exceptions
  • Request that we limit or opt out of certain uses of your personal data (for example, targeted advertising or "sale" of data, if applicable)

To exercise these rights, contact us at privacy@nuvulabs.ai with "Privacy Request" in the subject line and describe your request and the jurisdiction you reside in. We may need to verify your identity before fulfilling your request.

If we deny your request, you may have the right to appeal by contacting us at the same address and indicating "Privacy Request Appeal" in the subject line. We will respond to appeals as required by applicable law.

We do not currently "sell" personal data or use it for cross-context behavioral advertising in a manner that would trigger opt-out rights under many state privacy laws, but we nonetheless honor valid rights requests where those laws apply.

9.4 EEA/UK Rights

If you are in the EEA or UK, you may have the right, subject to applicable law, to:

  • Request access to your personal data
  • Request correction of inaccurate or incomplete personal data
  • Request deletion of your personal data
  • Request restriction of processing of your personal data
  • Object to processing of your personal data where we rely on legitimate interests
  • Request portability of certain personal data in a structured, commonly used, machine-readable format

You also have the right to lodge a complaint with your local data protection authority. However, we encourage you to contact us first so we can try to address your concerns directly.

You can exercise these rights by contacting us at privacy@nuvulabs.ai with "GDPR/UK Privacy Request" in the subject line and describing your request. We may need to verify your identity before responding.

10. International Data Transfers

If you access the Services from outside the United States, your personal data may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate. These locations may have data-protection laws that differ from those in your jurisdiction.

Where required by law, we will implement appropriate safeguards (such as standard contractual clauses) to protect personal data transferred across borders. You can contact us for more information about such safeguards.

11. Changes to This Policy

We may update this Policy from time to time. When we do, we will change the "Last updated" date at the top and, where required, provide additional notice (for example, by email or prominent notice on the Site).

Your continued use of the Services after an updated Policy becomes effective means you accept the revised Policy.

12. Contact Us

If you have questions about this Policy, our privacy practices, or if you wish to exercise your privacy rights, you can contact us at privacy@nuvulabs.ai.