Privacy Policy
Updated March 31st, 2026
Nuat Computer Software LLC (“Nuat,” “we,” “us,” or “our”), doing business as Nuat Games and operating the Nucleus service, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access or use our website (https://nucleus-edu.com/ and subdomains) and the Nucleus application (collectively, the “Service”).
By using the Service you acknowledge that you have read and understood this Policy. If you do not agree, you must not use the Service.
Definitions and Key Terms
- Cookie: A small amount of data generated by a website and saved by your web browser, used to identify your browser, provide analytics, and remember information about you.
- Company: Nuat Computer Software LLC (doing business as Nuat Games).
- Country: United Arab Emirates.
- Customer: The company, organization, or person that signs up to use the Nucleus Service.
- Device: Any internet-connected device such as a phone, tablet, or computer that can be used to visit Nucleus and use the services.
- IP address: A number assigned to every device connected to the Internet, often used to identify the location from which a device is connecting.
- Personal Data: Any information that directly, indirectly, or in connection with other information allows for the identification of a natural person.
- Service: The service provided by Nucleus as described in the relative terms and on this platform.
- Third-party service: Advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
- Website: Nucleus's site, accessible via https://nucleus-edu.com.
- You: A person or entity registered with Nucleus to use the Services.
Information We Collect
Information You Provide
When you sign in via Google or Clever, we receive your email address and full name. We do not request or collect any other personal information unless you voluntarily submit it.
Automatically Collected Information
When you visit our Service, we automatically collect certain information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical information. We also collect pseudonymized analytics data to measure user engagement, retention rates, and drop-off funnels. This information is primarily needed to maintain the security and operation of our Service, and for our internal analytics and reporting purposes.
How We Use Your Information and Lawful Bases
We process Personal Data only when we have a valid legal basis (GDPR Article 6 where applicable; equivalent standards under UAE PDPL, CCPA/CPRA).
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Account creation and authentication | Performance of contract | Email + full name |
| Providing and maintaining the Service | Performance of contract | Email + full name |
| Pseudonymized analytics (engagement, retention, drop-off) | Consent (GDPR Art 6(1)(a)) where required; otherwise legitimate interests | Pseudonymized usage data |
| Security, fraud prevention, legal compliance | Legitimate interests / legal obligation | IP address + technical data |
| Non-essential cookies / analytics (where consent required) | Consent (freely given, granular, withdrawable) | Cookie data |
You may object to processing based on legitimate interests at any time via account settings or by contacting us; we will stop unless we demonstrate compelling grounds.
Data Retention
We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy. Account data is retained for the duration of the account and deleted or anonymized within 12 months after account deletion or prolonged inactivity, unless retention is required by law. Pseudonymized analytics data is retained for no longer than 12 months and is periodically reviewed for deletion.
Sharing and Third-Party Processors
We do not sell Personal Data (CCPA/CPRA §1798.100).
We share data only with the following vetted Processors under Data Processing Agreements (GDPR Art 28):
- Google LLC and Clever Inc. – receive only email and full name solely for authentication.
- Google Analytics 4 with IP anonymization enabled – receives only pseudonymized data.
We do not sell or share Personal Data, including for cross-context behavioral advertising purposes as defined under CPRA. We may disclose data to affiliates or in the event of a merger/sale of assets, provided the recipient agrees to equivalent protections.
International Transfers
Where Personal Data is transferred outside the UAE or EEA, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission. Where required, we conduct transfer impact assessments and apply supplementary safeguards such as encryption and access controls.
Your Rights
You may exercise rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (where applicable). California residents have additional rights under CCPA/CPRA. To exercise any right, please contact us. We will respond within one month (GDPR) or 45 days (CCPA/CPRA).
Cookies and Tracking Technologies
We use strictly necessary cookies for functionality and pseudonymized analytics cookies. Non-essential cookies are only deployed after obtaining your prior consent through a granular cookie banner where required by law. We do not use tracking technologies for cross-site advertising. You may withdraw your consent at any time.
Children's Privacy (COPPA / GDPR Art 8)
Nucleus is an educational platform that includes content suitable for young students. The Service may be used by children under 13. We comply with the Children's Online Privacy Protection Act (COPPA), GDPR Article 8, and applicable UAE laws.
We do not knowingly collect Personal Data from children under 13 without verifiable parental consent or, in the school context, consent from a school official acting in the student's educational interest. We apply strict data minimization for child users and do not use children's Personal Data for behavioral advertising, profiling, or automated decision-making.
Parents or guardians may review, correct, or delete their child's Personal Data at any time by contacting us.
Security
We implement appropriate technical and organizational measures (GDPR Art 32) to protect Personal Data, including encryption in transit, access controls, and regular security reviews. No method is 100% secure; we cannot guarantee absolute security.
Links to Other Websites
This Policy applies only to the Service. We are not responsible for the privacy practices of third-party websites.
Changes to This Privacy Policy
We may update this Policy. Material changes will be notified via the Service or email at least 30 days before they take effect. Continued use after notification constitutes acceptance of the revised Policy.
Governing Law
This Policy is governed by the laws of the United Arab Emirates. Any disputes shall be subject to the exclusive jurisdiction of the courts of the UAE, without prejudice to any mandatory consumer protections or data-subject rights under GDPR, CCPA/CPRA, or other applicable law.
Contact Us
For questions, rights requests, or complaints:
- Email: admin@nuatgames.com
- Via the in-app support form (if available)