1. Introduction & Scope
This Privacy Notice ("Privacy Notice") explains how NodeOps ("NodeOps", "we", "us" or "our") collects, uses, shares, and otherwise processes personal data when you ("you", "your", or "user") visit our website (including https://nodeops.network/ and any sub-domains), applications, dashboards, interfaces, APIs, and related services or otherwise interact with us (collectively, the "Platform" or "Services").
In this Privacy Notice, 'personal data' means any information that relates to an identified or identifiable individual. 'Processing' means any operation performed on personal data, such as collection, use, storage, disclosure, or deletion. Where we use terms such as 'controller' and 'processor', such terms have the meanings given in the EU General Data Protection Regulation 2016/679 (the "GDPR"). Please read this Policy carefully. If you do not agree with this Privacy Notice or any part of it, you should immediately discontinue access to or use of the Platform. Where we rely on your consent for specific processing activities, such consent is obtained as described herein and may be withdrawn subject to applicable law.
This Privacy Notice applies to all personal data processed by us in connection with your interaction with or use of the Services, whether such data is provided directly by you, automatically collected through your use of the Services, or lawfully obtained from third party sources. It governs how we handle personal data of existing, prospective, and former users, including visitors to the Platform. This Privacy Notice forms part of, and should be read in conjunction with, NodeOps' Terms of Service (the "NodeOps Terms"). All capitalized terms not otherwise defined herein shall have the meanings assigned to them in the NodeOps Terms. In the event of any inconsistency between this Privacy Notice and the NodeOps Terms with respect to privacy matters, this Privacy Notice shall prevail.
Depending on the specific Service you access or use, one or more NodeOps entities may act as the controller for a particular processing activity. Such NodeOps entity may be identified in the applicable product interface, checkout flow, order form, program terms, or legal page for the relevant Service. If we appoint a data protection officer or similar responsible person, we will identify that contact in the Services or in an updated version of this Privacy Notice. If GDPR applies to our processing and we are required to appoint an EU or UK representative, we will provide the representative's contact details in this Privacy Notice or via a link within the Services.
In cases where NodeOps acts as a controller for personal data processed in connection with operating the Services, such as website analytics, account registration, billing administration, customer support, fraud prevention, and marketing, we determine the purposes and means of processing. In other cases, particularly for enterprise use cases where a Business User uses the Services to deploy, operate, or monitor infrastructure and processes personal data within workloads that the Business User controls, NodeOps may act as a processor on behalf of the Business User. In such cases, the relevant Business User is typically the controller for that workload data and is responsible for determining lawful bases, providing notices to individuals, and responding to data subject requests, while NodeOps processes data only in accordance with the Business User's instructions and applicable law. Where required, we can enter into a data processing addendum to reflect these roles. If you are a Business User and require execution of a data processing addendum, you may request it by contacting [email protected].
Where our Services connect you to third party providers, third party networks, wallets, or other third parties, those third parties may independently process personal data as controllers under their own privacy notices. NodeOps does not control and is not responsible for third party privacy practices.
2. Categories of Personal Data We Collect
2.1. Account & Profile Data. When you create or use an account, we may collect personal data such as your name, email address, username, organization or company name, job title, country or region, authentication-related information, and settings you choose in the Services. If you are a Business User, your administrators may provide or manage certain information about you as an authorized representative.
2.2. Communication & Support Data. When you contact us or use support channels, we may collect the content of your communications and related metadata, including your email address, any contact identifiers, the subject of your inquiry, ticket history, troubleshooting information, and any attachments or files you provide. If you participate in surveys, feedback forms, or research calls, we may collect the information you provide in those interactions.
2.3. Billing & Transaction Data. If you purchase Services, we may collect billing contact details, invoice information, and transaction metadata. Where we use payment processors, we typically receive limited payment confirmation and tokens rather than full payment card numbers. We may also process records related to refunds (if any), chargebacks, disputes, tax information where required, and subscription status.
2.4. Usage, Device & Log Data. When you use the Services, we may automatically collect technical and usage information, including IP address, approximate location inferred from IP address, device identifiers, browser type, operating system, language settings, timestamps, pages viewed, features used, referral URLs, error logs, diagnostic data, request logs, and performance telemetry. We may collect similar data through cookies and similar technologies as described in Section 8.
2.5. Security Data. We may collect information used to protect the Services and users, such as login history, authentication events, suspected fraud indicators, abuse signals, rate-limit events, and security-related logs. Where appropriate, we may maintain records of sanctions-screening outcomes, compliance holds, or other risk controls.
2.6. Wallet & Blockchain Data. If you connect a wallet, interact with token-related features, or perform on-chain actions through interfaces we provide, we may process your wallet address, chain identifiers, and transaction identifiers. Blockchain networks are generally public, and personal data that appears on a public blockchain may be visible to anyone; we do not control how third parties collect or use public blockchain data. If you associate a wallet address with an account or provide it to us, we may link that wallet address to your account.
2.7. Third Party Provider Interaction Data. If you use marketplace features or interact with third party providers through the Services, we may collect information about your requests, deployments, provider selection, service consumption, and associated metadata. If you act as a provider, we may collect onboarding and verification information and operational data relating to service performance, capacity, and compliance, to the extent applicable.
2.8. Code, Configuration & Scan-related Data. If you use security scanning, observability, monitoring, or similar features, you may submit or connect code repositories, configurations, logs, artifacts, and related information. We may process the materials you submit and may generate scan outputs, findings, and reports. Depending on what you submit, these materials may include personal data, such as email addresses in commits, usernames, IP addresses in logs, or other identifiers.
2.9. AI & Agent Feature Data. If you use AI-based features, terminals, or agent tooling, we may process your prompts, inputs, and outputs to provide the feature, maintain safety and security, and improve functionality. If you connect third party model providers or "bring your own key", your inputs and outputs may also be processed by those third parties under their terms and privacy practices. You should avoid entering sensitive personal data into AI features unless you have a lawful basis and appropriate safeguards.
2.10. Marketing & Preferences Data. If you subscribe to newsletters or product updates, join waitlists, or opt in to marketing communications, we collect your contact details and preferences, and we maintain records of your consent, subscription status, and unsubscribe actions. We may also infer limited preference information based on engagement with our communications, such as opens or clicks, where permitted by law and settings.
2.11. Information From Third Parties. We may receive personal data from third-party sources, such as analytics providers, marketing platforms, partners, event organizers, referral sources, identity or compliance screening providers (if used), and business intelligence sources, but only to the extent permitted by law and consistent with this Privacy Notice.
3. How We Use Personal Data
3.1. We process personal data to provide the Services, including creating and administering accounts, authenticating access, enabling deployments and operational workflows, providing dashboards and APIs, facilitating marketplace interactions, and delivering requested features.
3.2. We process personal data to respond to inquiries, provide technical support, send service-related notifications, and communicate about security issues, updates, and administrative matters. Service-related communications are not marketing and may be sent regardless of marketing preferences where necessary to operate the Services.
3.3. We process personal data to process payments, manage subscriptions, issue invoices, maintain financial and accounting records, and handle refunds, chargebacks, disputes, and collections, as applicable.
3.4. We process personal data to secure the Services, protect users, detect and prevent fraud and abuse, enforce rate limits and technical restrictions, investigate suspicious activity, and comply with applicable security and compliance obligations.
3.5. We process personal data to understand how users interact with the Services, to diagnose issues, to test and develop new features, and to improve performance and user experience. Where feasible, we use aggregated or de-identified data for analytics and product improvement.
3.6. If you opt in or if otherwise permitted by law, we process personal data to send newsletters, product announcements, ecosystem updates, event invitations, and similar communications. We also process your preferences and engagement to manage communication frequency and relevance, where permitted.
3.7. We process personal data to comply with legal obligations, respond to lawful requests, manage regulatory and compliance risk, and establish, exercise, or defend legal claims.
3.8. Lawful Bases for Processing. Where GDPR or UK GDPR applies, we rely on one or more of the following lawful bases depending on the context:
- (a) Contract: We process personal data where necessary to perform a contract with you or to take steps at your request prior to entering into a contract, such as creating your account, providing paid services, enabling requested deployments, and administering subscriptions.
- (b) Legitimate interests: We process personal data where necessary for our legitimate interests, such as operating and improving the Services, maintaining security, preventing fraud, enforcing terms, and communicating with you about service-related matters, provided those interests are not overridden by your rights and interests. Where we rely on legitimate interests, you may have the right to object as described in Section 10 of this Privacy Notice.
- (c) Consent: We process personal data based on your consent where required or appropriate, such as for certain marketing communications and for non-essential cookies and similar technologies in jurisdictions that require opt-in consent. You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- (d) Legal obligation: We process personal data where necessary to comply with legal obligations, including recordkeeping, accounting, tax obligations, sanctions compliance, and responding to lawful requests.
- (e) Public interest: In limited cases, we may process personal data to protect vital interests or where necessary for tasks carried out in the public interest, such as responding to urgent security incidents, where applicable.
4. Disclosures & Sharing of Personal Data
4.1. We share personal data with vendors and service providers that perform services on our behalf, such as hosting and infrastructure providers, analytics providers, email delivery providers, customer support platforms, security tooling vendors, and payment processors. These providers are authorized to process personal data only as necessary to provide services to us and subject to contractual obligations.
4.2. Where you choose to engage with a provider, partner, or integration through our Services, we may share necessary data to facilitate that relationship, such as account identifiers, deployment metadata, or contact information required for provisioning or support. In these cases, the provider or partner may process personal data as an independent controller under their own privacy notice.
4.3. We may share personal data within the NodeOps entities to operate, maintain, and improve the Services, to provide support, and for internal administration, subject to this Privacy Notice.
4.4. We may disclose personal data to law enforcement, regulators, courts, or other parties where we believe in good faith that disclosure is necessary to comply with law, protect the rights and safety of NodeOps, our users, or others, investigate fraud or security incidents, or enforce our agreements.
4.5. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be disclosed and transferred as part of that transaction, subject to appropriate safeguards and notice where required by law.
4.6. We do not sell personal data for monetary consideration as "sale" may be defined under certain laws. We may use analytics and advertising tools as described in Section 8 of this Privacy Notice, subject to consent where required.
5. Transfer of Personal Data
5.1. The Services may be provided using resources and service providers located in multiple countries. As a result, your personal data may be transferred to, stored in, or accessed from countries outside your country of residence, including countries that may not provide the same level of data protection.
5.2. Where GDPR or UK GDPR applies and we transfer personal data to a country that is not recognized as providing an adequate level of protection, we will implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum or other approved mechanisms, and, where appropriate, supplementary measures.
5.3. You may request additional information about international transfers and safeguards by contacting us at [email protected].
6. Data Retention
6.1. We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Notice, including providing the Services, maintaining records, meeting legal obligations, resolving disputes, and enforcing agreements. Retention periods vary depending on the type of data, the purpose of processing, and legal requirements.
6.2. Account data is generally retained while your account is active. After account closure, we may retain certain account data for a period necessary for legitimate business purposes such as security, fraud prevention, dispute resolution, and compliance, after which we delete or anonymize it where feasible.
6.3. Billing and financial records are typically retained for the period required by applicable tax and accounting laws. Support and communications data is retained for as long as needed to resolve issues and maintain support history, after which it may be deleted or anonymized.
6.4. Security logs and abuse-prevention data are retained for periods consistent with security needs and legal obligations, and may be retained longer where needed to investigate incidents or enforce our terms.
6.5. Marketing consent records and suppression records are retained as long as necessary to demonstrate compliance and to ensure we honour unsubscribe and opt-out requests, even if other account data is deleted.
6.6. If you request deletion, we will comply to the extent required by applicable law and subject to lawful exceptions, including where retention is necessary for legal obligations or legitimate interests such as security and fraud prevention.
7. Security Measures
7.1. We implement technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. Such measures may include access controls, logging, encryption in transit, and security monitoring.
7.2. No system is completely secure. You are responsible for maintaining appropriate security for your account and for safeguarding credentials, API keys, and wallets. If you believe your account has been compromised, you should contact us promptly.
8. Cookies, Analytics & Similar Technologies
8.1. We use cookies and similar technologies, such as pixels, SDKs, and local storage, to operate the Services, maintain sessions, remember preferences, understand usage, and improve performance.
8.2. Certain cookies and technologies are essential to operate the Services, such as those required for security, authentication, and load balancing. These are generally set automatically when you use the Services.
8.3. We may also use non-essential cookies, such as analytics and marketing cookies, to understand how users interact with the Services and to measure the effectiveness of communications and campaigns. Where required by law, including in the EEA/UK, we will request your consent before placing non-essential cookies. You can manage your cookie preferences through our cookie banner or preference centre where provided, and you may also adjust browser settings to control cookies, although this may affect functionality.
8.4. We may use analytics providers to help us understand usage patterns. Depending on configuration, analytics may collect identifiers such as IP address, device identifiers, and usage events. Where required, we will configure analytics tools to respect consent choices and, where feasible, to reduce data collection.
9. Marketing Communications & Consent Management
9.1. If you subscribe to our newsletters, sign up for announcements, join waitlists, or otherwise opt in to marketing communications, we will send you communications related to product updates, ecosystem announcements, events, and similar topics. We will obtain opt-in consent where required by law and will maintain records of your consent.
9.2. You can unsubscribe from marketing communications at any time by using the unsubscribe link in any marketing email or by contacting [email protected]. Unsubscribe requests are typically processed promptly, but you may still receive service-related communications necessary to administer your account or provide the Services.
9.3. We maintain suppression lists to ensure we respect unsubscribe and opt-out requests. Suppression lists may retain limited information, such as email address and opt-out status, for compliance purposes.
9.4. If you are a Business User and you provide personal data to us about your employees, contractors, or end users, you are responsible for ensuring you have a lawful basis to do so, and that you provide appropriate notices to those individuals.
10. Your Rights & Choices
Depending on where you live and the laws that apply, you may have rights regarding your personal data, including rights to access, correct, delete, object to certain processing, restrict processing, and receive a copy of your data in a portable format.
10.1. Right of access. You have the right to request confirmation of whether we hold any off-chain personal data about you. You may request access to such personal data at any time. If you exercise your right of access, we will provide you with a copy of the personal data we hold about you as well as information relating to its processing.
10.2. Right of rectification. You have the right to ask us to rectify or complete any personal data in our possession that you consider to be inaccurate or incomplete.
10.3. Right of erasure. You can ask us to delete your personal data if, for example, it is no longer necessary for the processing we carry out. We will use our best efforts to comply with your request. Please note, however, that we may have to retain some or all of your personal data if we are required to do so by applicable law or if the personal data is necessary for the establishment, exercise, or defence of our rights.
10.4. Right to restriction of processing. You may request that we restrict or limit the processing of your personal data under certain conditions (e.g., pending verification of accuracy or in case of an objection). In such cases, we will temporarily refrain from processing your personal data until necessary verifications have been made or until we comply with your requests.
10.5. Right to object. You may object at any time, on grounds relating to your particular situation, if we use your personal data. We will then stop processing of your personal data unless there are overriding legitimate grounds for continuing to process your personal data (for example, if your personal data is necessary for the establishment, exercise, or defence of our rights or the rights of third parties in court proceedings). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal. You can also object at any time to our processing of your personal data for marketing or analytics purposes.
10.6. Right to data portability. Where applicable and technically feasible, you may request portability of the personal data you have provided us with. At your request, we will provide you with your personal data in a readable and structured format, for transfer to another service provider. The portability of your personal data applies only to personal data that you have provided to us or that result from your activity on the Platform, under the condition that the disclosure of your personal data does not infringe the rights of third parties. If we are unable to comply with our request, we will inform you of the reasons for our refusal.
10.7. Right to withdraw consent. You have the right to withdraw consent at any time for processing of your personal data based on consent. Withdrawing your consent prevents us from processing your personal data but does not affect the lawfulness of the processing carried out before the withdrawal.
10.8. Right to complain. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Information Commissioner (OIC) in the British Virgin Islands. If you are located in the European Economic Area or the United Kingdom, you may have the right to lodge a complaint with your local data protection authority if you believe our processing violates applicable law.
If you are a resident of California or another U.S. state with a comprehensive privacy law, you may have additional rights, which can include rights to know categories of personal information collected, categories of sources, purposes of use, categories of disclosures, and to request deletion or correction, subject to statutory exceptions. We do not sell personal information, and where "sharing" for cross-context behavioural advertising is regulated, we provide mechanisms to opt out where required.
11. Children's Data
Our Services are not intended for anyone who is under the age of 18 (eighteen) years of age or a minor under their respective jurisdictions, or where the Services are being accessed ("Minor").
We do not intend to or knowingly collect any data related to a Minor. If you believe that any kind of data related to a Minor has been collected or provided to us, please contact us at [email protected] so we can take appropriate steps.
12. Third Party Links & Integrations
12.1. The Services may contain links to third party websites or may integrate with Third Party Services such as wallets, exchanges, restaking frameworks, blockchain networks, providers, analytics tools, and AI model providers. This Privacy Notice does not apply to such Third Party Services. Your interactions with Third Party Services are governed by their own terms and privacy notices, and NodeOps is not responsible for their privacy practices.
12.2. If you choose to connect Third Party Services to the Services, you may be permitting those third parties to access information associated with your account or usage, depending on the integration. You should review the permissions you grant and the third party's privacy practices.
12.3. Wallet & On-chain Data. Wallet addresses and on-chain transaction data are generally public. NodeOps may process wallet addresses and transaction identifiers when you connect a wallet or use token-related features. We may associate wallet addresses with your account if you provide them or connect them.
Because public blockchain data is outside our control, deletion or modification of on-chain data is generally not possible. Where you request deletion, we can delete or de-identify off-chain account associations and records to the extent feasible, subject to legal and security exceptions.
13. Changes to This Privacy Notice
We reserve the right to amend this Privacy Notice at any time and may update this Privacy Notice from time to time to reflect changes in the law, our data collection, use or sharing practices, advances in technology, changes in features or the Services, security measures, or compliance requirements. The "Last Updated" date above indicates when this Privacy Notice was most recently revised. We therefore encourage you to review this Privacy Notice regularly.
When required by applicable law, we will provide notice of material changes, which may include posting a notice within the Services, sending an email, or using other communication methods reasonably designed to reach users. Your continued use of the Services after an update becomes effective, constitutes acknowledgement and confirmation that you have read and understood the latest version of this Privacy Notice, to the extent permitted by law.
14. Contact Information
If you have any questions or comments about this Privacy Notice, our privacy practices, the processing of your personal data under this Privacy Notice, including the exercise of your rights as detailed above, please contact us by email at [email protected].
We may request information necessary to verify your identity and to process the request securely. We may decline or limit a request where permitted by law, including where we cannot verify identity, where complying would violate the rights of another person, where requests are manifestly unfounded or excessive, where information is protected by legal privilege, where compliance would require disproportionate effort, or where legal obligations require retention. Where we deny a request, we will provide an explanation to the extent required by law.