// LEGAL_COMPLIANCE : PRIVACY_POLICY

Privacy Policy.

LAST_UPDATED: 2026-04-02REGION: GLOBAL

NSKY CLOUDVERSE SOLUTIOS INC. (“NSKY,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share information in connection with our platform, including the Nero Discovery 15-Minute Audit service and related products (collectively, the “Services”).

1. Information We Collect

1.1 Account Information

When you create an account or authenticate via Google Sign-In, we receive your name, email address, and profile picture from your Google account. We use this information solely to identify you within the NSKY platform.

1.2 GCP Project Metadata

To perform the audit, you must upload a scoped Google Cloud Service Account JSON key. We use this key exclusively to authenticate with your specific GCP project and provision the isolated staging environment. The JSON key is processed in volatile memory for the duration of the setup and is never stored in our databases. We do not use Google Sign-In OAuth to fetch or list your GCP projects.

1.3 BigQuery Metadata (INFORMATION_SCHEMA Only)

During the 15-Minute Audit, our scanner reads metadata from your BigQuery INFORMATION_SCHEMA views (table schemas, partition configurations, job statistics). We do not read, copy, or analyze your actual table data, row contents, or query results.

1.4 Usage Data

We collect standard analytics data (page views, feature usage, browser type) through Vercel Analytics to improve our platform.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate you and provide access to the platform
  • Perform the 15-Minute Audit by analyzing BigQuery metadata in your selected GCP project
  • Generate optimization recommendations and cost savings projections
  • Communicate with you about the Services
  • Improve and develop new features

3. Zero-Retention Architecture

NSKY employs a Zero-Retention data architecture. All BigQuery metadata analysis is performed in-flight within the us-central1 (Iowa, USA) region. Audit findings are stored temporarily in a client-scoped Firestore collection and are automatically purged after the analysis window expires. We do not maintain long-term copies of your BigQuery metadata.

4. Data Residency

All data processing and ephemeral caching occurs exclusively in the us-central1 (Iowa, USA) GCP region. Your metadata never leaves US jurisdiction, ensuring compatibility with CCPA, CPRA, and enterprise SOC2 compliance requirements.

5. Google API Services Disclosure

NSKY Cloudverse's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you authenticate via Google Sign-In to access the platform, we request standard authentication scopes ( openid, profile, email) solely to identify you and provision your user account.

Specifically:

  • Scopes requested: openid, profile, email.
  • Token handling: We use these scopes only for authentication. We do not request or store refresh tokens, nor do we request scopes that allow us to read your GCP infrastructure via your user account.
  • No data sharing: Information obtained through Google APIs is not transferred to any third-party application, service, or person.

6. Service Account Security

After the onboarding step, NSKY accesses your BigQuery metadata solely through GCP-native Service Account Impersonation — a mechanism that creates time-limited, scoped tokens without storing long-lived credentials. You retain full control over the service account created in your project and may revoke NSKY's access at any time by deleting the nsky-nero-discovery-agent service account from your IAM console.

7. Information Sharing

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

  • Service providers: We use Google Cloud Platform for infrastructure. Data processing occurs within the us-central1 region.
  • Legal obligations: We may disclose information if required by law, regulation, or valid legal process.
  • Business transfers: In the event of a merger, acquisition, or asset sale, user information may be transferred as part of that transaction.

8. Data Retention

Account information (name, email) is retained for as long as your account is active. Audit findings are retained for a maximum of 90 days unless you request earlier deletion. OAuth tokens are never retained — they are revoked immediately after use.

9. Your Rights

Under applicable data protection frameworks (including CCPA for California residents), you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Withdraw consent for data processing

To exercise any of these rights, contact us at privacy@nsky.cloud.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last Updated” date.

11. Contact

If you have questions about this Privacy Policy, please contact:

NSKY CLOUDVERSE SOLUTIOS INC.
San Francisco, CA, United States
privacy@nsky.cloud