NodeFoxLast updated: April 8, 2026
NODEFOX CONSENT FORMS, USER INTERFACE DISCLAIMERS, AND IMPLEMENTATION
Version 1.0 | Effective Date: April 8, 2026 | Last Updated: April 8, 2026
Beta Status Notice: NodeFox is currently provided in beta. Features, behavior, documentation, and controls may change without notice. You must independently validate suitability for your use case and maintain your own safeguards.
© 2025–2026 NodeFox LLC. All rights reserved.
IMPORTANT NOTICE — DOCUMENT PURPOSE AND SCOPE
THIS DOCUMENT PROVIDES IMPLEMENTATION GUIDANCE AND SAMPLE CONSENT LANGUAGE FOR NODEFOX'S USER INTERFACE AND CONSENT FLOWS.
Non-Binding Nature. Except where expressly incorporated into a binding agreement (such as the Terms of Service), this document does not create independent contractual obligations. This document is provided for informational and implementation purposes only.
Illustrative Only. Examples, workflows, timelines, UI mockups, and behaviors described herein are illustrative only and may change without notice. Actual implementation may vary.
No Compliance Guarantee. Nothing here guarantees legal compliance in any jurisdiction. Implementations must be reviewed with qualified counsel.
No Feature Guarantee. UI text examples may be omitted, modified, or not implemented. No user entitlement to any particular warning, guardrail, or safety feature arises from this document.
No Guarantee of Guardrails. Warnings, confirmations, limits, and safety features described herein may not detect every scenario. The absence of a warning does not mean a Workflow is safe, compliant, or low-cost. Users remain fully responsible regardless of whether any particular warning was displayed.
Security Aid Limitations. NodeFox may provide controls intended to help reduce cross-site scripting (XSS) risk and accidental API key or credential leakage. These controls are assistive only and are not guaranteed to prevent all unsafe outputs, data leakage, or downstream harm. Users are responsible for implementing and enforcing their own security controls.
Malicious Code and Unsafe Workflow Responsibility. NodeFox may provide warnings about untrusted scripts, generated code, or suspicious workflow content, but those warnings are not comprehensive and may not appear in every case. Users remain solely responsible for reviewing workflow logic, sandboxing risky execution, and preventing malicious or unauthorized behavior.
API Key Safety Baseline. Users are responsible for least-privilege API key issuance, provider-side spend limits, key rotation, secure storage, and immediate revocation if exposure is suspected. NodeFox does not guarantee detection of exposed keys or unintended key usage.
Reduced Flashing/Lighting Settings. NodeFox may offer reduced flashing/lighting or reduced animation settings. If available, users are responsible for enabling these settings and configuring their environment accordingly.
Order of Precedence. UI labels and checkboxes should warn, capture acknowledgment/authorization, and link to the binding document — without re-summarizing numeric commitments (liability caps, retention periods, response timelines). Those live in the controlling legal documents. In the event of conflict between any UI text and the Terms of Service (https://www.nodefox.ai/legal/terms), the Terms of Service control.
Operational Contact Routing. Consent and opt-out workflow requests should route to privacy@nodefox.ai. General inquiries may route to info@nodefox.ai.
Translation. If translated, translations must preserve legal qualifiers ("may" vs "will," "acknowledge" vs "agree"). The English version controls.
No Authorization for Testing. Nothing here authorizes access to data, accounts, or systems without express permission.
TABLE OF CONTENTS
- Document I: Click-Accept Consent Forms (Parts 1–13)
- Document II: User Rights and Account Management (Parts 14–21)
- Document III: Operational and Security Notifications (Parts 22–26)
- Document IV: Product Warnings and Contextual Disclaimers (Parts 27–35)
- Document V: Implementation Guidelines (Parts 36–39)
- Document VI: Legal Acceptance Flow Operations (Parts 40–43)
DOCUMENT I: CLICK-ACCEPT CONSENT FORMS
PART 1: ACCOUNT REGISTRATION
1.1 Primary Registration Checkboxes (Required)
☐ I understand that NodeFox is in beta, provided "as is" without
warranties, and not subject to any SLA or support obligation.
☐ I agree to the Terms of Service and acknowledge the Privacy Policy.
The Terms of Service incorporate additional policies including the
Acceptable Use Policy, Cookie Policy, End User License Agreement,
IP & DMCA Policy, Marketplace Terms, Refund Policy, Free Trial
Terms, and Data Processing Addendum, each as applicable to my use.
☐ I acknowledge that the Services may process Inputs and Outputs
using third-party providers; third-party costs and terms apply.
Consent Tier: Click-Accept (Binding)
1.2 Button Text
| Option | Text |
|---|---|
| A | Create Account & Accept Terms |
| B | I Agree — Create My Account |
PART 2: FREE TRIAL ACTIVATION
2.1 Free Trial Checkbox
☐ I understand and accept the Free Trial Terms
By activating this free trial, I acknowledge that:
- The trial period is as specified at activation
- The platform is in BETA and provided "as is" without warranties
- To the maximum extent permitted by law, NodeFox's liability for
free trial usage is limited as described in the Terms of Service
- I am responsible for all third-party costs (AI providers, APIs, etc.)
- The trial is for evaluation only, not production use
- Data may be deleted or made inaccessible after the trial ends
Consent Tier: Click-Accept (Binding)
2.2 Free Trial with Payment Information
☐ I understand and accept the Free Trial Terms
By activating this free trial, I acknowledge that:
- The trial period is as specified — I will not be charged during
this period
- If I do not cancel before the trial ends, my payment method may
be charged for the applicable subscription
- The platform is in BETA and provided "as is"
- To the maximum extent permitted by law, NodeFox's liability for
free trial usage is limited as described in the Terms of Service
- I am responsible for all third-party costs
- I can cancel anytime in account settings or by emailing
privacy@nodefox.ai
Consent Tier: Click-Accept (Binding)
2.3 Button Text
| Option | Text |
|---|---|
| A | Start Free Trial — I Accept |
| B | Accept Terms & Start Trial |
PART 3: SUBSCRIPTION PURCHASE
3.1 Subscription Purchase Checkbox
☐ I agree to the subscription terms and understand the billing
By subscribing, I acknowledge and agree that:
- I will be charged [AMOUNT] [monthly/annually] until I cancel
- The platform is in BETA and provided "as is" without warranties
- Subscription fees are generally non-refundable per the Refund Policy
- I am responsible for all third-party costs (AI providers, APIs,
cloud services) — costs may be incurred by retries, batch
operations, scheduled runs, or loops
- NodeFox's liability is limited as described in the Terms of Service
- I can cancel anytime; cancellation stops future billing but does
not provide a refund for the current period
Consent Tier: Click-Accept (Binding)
3.2 Annual Subscription Warning
☐ I understand this is an annual commitment
I acknowledge that:
- I am committing to a 12-month subscription paid upfront
- The annual fee of [AMOUNT] is generally non-refundable per the
Refund Policy
- I accept the beta status and all disclaimers
- I am responsible for third-party costs throughout the subscription
Consent Tier: Click-Accept (Binding)
3.3 Button Text
| Option | Text |
|---|---|
| A | Subscribe & Accept Terms |
| B | Complete Purchase — I Agree |
PART 4: MARKETPLACE
4.1 Marketplace Purchase Checkbox
☐ I understand and accept the Marketplace Terms
By purchasing this Marketplace content, I acknowledge that:
- Marketplace content may be provided by NodeFox and/or third-party
Contributors; availability may change
- NodeFox does not warrant quality, functionality, or security
- Marketplace content may include code/workflows; I am responsible
for security review and compliance before use
- Content may be removed; access continuity is not guaranteed
- Marketplace purchases are generally non-refundable per the
Refund Policy
- Use is subject to the Marketplace Terms and license specified
in the listing
Consent Tier: Click-Accept (Binding)
4.2 Free Marketplace Download Checkbox
☐ I accept the license terms for this content
By downloading, I acknowledge that:
- Use is subject to the specified license terms
- NodeFox makes no warranties regarding this content
- I must review code/workflows for safety and compliance before use
- I accept the Marketplace Terms
Consent Tier: Click-Accept (Binding)
PART 5: ENTERPRISE PILOT
5.1 Enterprise Pilot Acknowledgment
☐ I acknowledge and accept the Enterprise Pilot Terms
On behalf of my organization, I confirm that:
- The platform is in BETA — not for production, mission-critical,
or regulated workloads
- This pilot is for evaluation purposes only
- No compliance reliance — AI/automation outputs are not for
compliance determinations
- Customer is responsible for all third-party costs
- For free pilots, NodeFox's liability is limited as described in
the Terms of Service
- NodeFox has no obligation to continue the pilot, features, or
access
- NodeFox may terminate the pilot at any time at its discretion
Consent Tier: Click-Accept (Binding)
PART 6: CONTRIBUTOR APPLICATION
6.1 Marketplace Contributor Checkbox
☐ I agree to the Contributor Terms and Marketplace Terms
By applying to become a Contributor, I acknowledge that:
- I own or have rights to content I submit
- I grant NodeFox the licenses described in the Marketplace Terms
- NodeFox may reject, remove, or modify submissions at its discretion
- Revenue share and payment terms are as specified and may change
- I am responsible for taxes on earnings
- I must NOT include API keys, secrets, personal data, or
confidential information in published content
Consent Tier: Click-Accept (Binding)
6.2 Content Submission Checkbox
☐ I confirm I have the rights to submit this content
By submitting, I represent that:
- I own or have obtained all necessary rights
- The content does not infringe third-party rights
- The content complies with the Acceptable Use Policy
- I have not included secrets, credentials, or PII
- I grant NodeFox the licenses described in the Marketplace Terms
Consent Tier: Click-Accept (Binding)
PART 7: BETA FEATURES
7.1 Beta Feature Activation
☐ I understand the risks of beta features
Beta features are experimental and may not work as expected; may
contain bugs, errors, or security issues; may be changed or removed
without notice; may not be documented; and are not supported. Use
is at my sole risk. Not for production or critical purposes.
Consent Tier: Acknowledge (Warning)
7.2 Early Access Program
☐ I accept the Early Access Terms
By joining, I acknowledge that:
- Features are provided "as is" without warranties
- I may provide feedback to help improve the platform
- NodeFox may use feedback without compensation
- Access may be revoked at any time
- Features may change significantly before general release
Consent Tier: Click-Accept (Binding)
PART 8: AI FEATURES
8.1 AI Feature Activation (Required First Use)
☐ I understand and accept the AI feature disclaimers
By using AI features (including AI-assisted suggestions, DSL
generation, AI-assisted network/Workflow building), I acknowledge:
- AI outputs may be inaccurate, incomplete, biased, or misleading
- AI is non-deterministic — identical inputs may yield different
results
- AI may generate workflows, networks, DSL, or scripts that are
unsafe, non-terminating, or costly — I must review and test
before running
- I am solely responsible for reviewing and verifying all AI outputs
- I am responsible for all third-party AI provider costs
- NodeFox does not guarantee detection of unsafe code, malicious
instructions, or policy-violating outputs
- AI-generated content may have uncertain IP status
- I am the human deployer and bear full legal accountability for
all AI outcomes, as described in the Terms of Service
Consent Tier: Acknowledge (Warning — Required First Use)
8.2 AI API Key Configuration
☐ I understand my responsibilities for API keys
By providing my API keys, I acknowledge that:
- I am solely responsible for all usage and costs on my accounts
- NodeFox is not liable for any third-party charges
- I am responsible for key security — use least-privilege keys and
provider-side spend limits
- Keys may be misused if my device/account is compromised
- Estimated costs are not guaranteed; actual costs may be higher
- Retries, loops, automation can amplify costs
- Provider processes data under its own terms/policy; NodeFox does
not control provider retention or training practices
Consent Tier: Acknowledge (Warning)
8.3 AI Prompt / Input Warning (First Use)
⚠️ Do not include secrets, credentials, or sensitive personal data
in AI prompts unless you intend to disclose them to the third-party
provider. Inputs and connected data may cause AI outputs to request
secrets or exfiltrate data — do not follow AI instructions blindly.
Consent Tier: Inline Notice (Informational — Persistent near prompt input)
PART 9: THIRD-PARTY INTEGRATIONS
9.1 Integration Connection
☐ I authorize this integration and accept the associated terms
By connecting, I acknowledge that:
- I authorize NodeFox to access the connected service using the
permissions I grant
- I am responsible for selecting scopes/permissions and for all
actions NodeFox performs using granted permissions
- I am responsible for compliance with the third-party terms
- I am responsible for all costs
- Data shared is subject to their privacy policy — provider
processes data under its own terms; NodeFox does not control
provider practices
- Disconnecting will not undo already-sent data or actions
Consent Tier: Click-Accept (Binding)
PART 10: DATA PROCESSING
10.1 Data Processing Acknowledgment (Enterprise)
☐ I acknowledge the data processing terms
On behalf of my organization, I acknowledge that:
- NodeFox processes data as described in the Privacy Policy
- The Data Processing Addendum applies to personal data processing
- Where required, a separate DPA execution may be needed for
enterprise use
- Subprocessors are listed at
https://www.nodefox.ai/legal/subprocessors
- Data may be processed in the United States and other jurisdictions
Consent Tier: Acknowledge (Warning)
PART 11: COOKIES
11.1 Cookie Banner — Full Version
┌─────────────────────────────────────────────────────────────┐
│ 🍪 We use cookies │
│ │
│ We use cookies and similar technologies to provide and │
│ improve our services. │
│ │
│ • Essential — Required for the platform to function │
│ • Analytics — Help us understand usage patterns │
│ • Functional — Remember your preferences │
│ • Marketing — Deliver relevant content │
│ │
│ Cookie Policy: https://www.nodefox.ai/legal/cookies │
│ │
│ [Accept All] [Essential Only] [Manage Preferences] │
└─────────────────────────────────────────────────────────────┘
Consent Tier: Click-Accept (Binding for non-essential cookies) Note: For EU/UK traffic, non-essential cookies must not fire until explicit button-based consent. "By continuing" consent is insufficient.
11.2 Cookie Preferences Modal
Cookie Preferences
☑ Essential Cookies (Required — cannot be disabled)
☐ Analytics Cookies
☐ Functional Cookies
☐ Marketing Cookies
[Save Preferences] [Accept All]
PART 12: MARKETING
12.1 Marketing Opt-In (Must be optional, unchecked by default)
☐ I would like to receive product updates, tips, and promotional
communications from NodeFox. (Optional)
I can unsubscribe at any time. See Privacy Policy.
Note: Marketing consent must never be required for service access.
PART 13: FEEDBACK
13.1 Feedback Form Consent
☐ I understand how my feedback may be used
- NodeFox may use my feedback to improve the platform without
compensation
- Feedback is not confidential unless separately agreed in writing
- NodeFox is not obligated to implement suggestions
- I grant NodeFox a perpetual license per the Terms of Service
- Do not include secrets, API keys, or PII in feedback
Consent Tier: Acknowledge (Warning)
DOCUMENT II: USER RIGHTS AND ACCOUNT MANAGEMENT
PART 14: ACCOUNT DELETION
14.1 Account Deletion — Initial Screen
⚠️ Delete Your Account
Deleting your account is permanent and irreversible.
What happens:
- Account, profile, Workflows, configurations, settings — deleted
from active systems
- Marketplace purchases no longer accessible
- Active subscriptions cancelled (no refund for unused time)
- Team/organization access revoked
What is NOT deleted:
- Data legally required to be retained (tax records, legal holds)
- Aggregated, anonymized analytics data
- Backup copies (may persist for a limited period)
- Data shared with third-party services (per their policies)
- Published Marketplace content (may remain unless separately
removed)
- LOCAL APPLICATION DATA: Workflows, execution logs, and data
cached locally on your device (IndexedDB, OPFS, Desktop App).
You must manually clear browser caches and uninstall the local
application to eradicate your local footprint.
[Continue to Delete] [Cancel]
14.2 Account Deletion — Confirmation
☐ I understand and accept the consequences
- This action is permanent and irreversible
- All data deleted from active systems; backups may persist for a
limited period; legal holds may apply
- Active subscription cancelled without refund
- I have exported any data I wish to keep
- Local data remains on my device until I manually clear it
Enter your password: [________________]
Type "DELETE" to confirm: [________________]
☐ I confirm I want to permanently delete my account
[Delete My Account] [Cancel]
Consent Tier: Click-Accept (Binding — Irreversible Action)
PART 15: DATA SUBJECT RIGHTS (DSAR)
15.1 DSAR Request Form
Exercise Your Data Rights
Under applicable data protection laws, you may have rights regarding
your personal data.
Request Type:
☐ Access ☐ Correction ☐ Deletion ☐ Portability
☐ Restriction ☐ Objection ☐ Withdraw Consent ☐ Other
Name: [________________]
Account Email: [________________]
☐ I confirm this request is made by me or I am authorized to
make it on behalf of the data subject.
[Submit Request]
15.2 DSAR — Acknowledgment
Request Received
Request ID: [DSAR-XXXXXX]
Submitted: [Date]
We will respond within the timeframe required by applicable law.
Extensions may apply for complex requests. You will be notified
of any extension.
Questions? Contact privacy@nodefox.ai with your Request ID.
15.3 DSAR — Data Download
Your data export is available for download. Encrypted and
password-protected. Link may expire for security.
☐ I acknowledge this contains my personal data and I am
responsible for its security once downloaded.
[Download & Acknowledge]
PART 16: CCPA PRIVACY RIGHTS
16.1 Do Not Sell or Share
☐ Do Not Sell or Share My Personal Information
This opt-out does not affect sharing necessary to provide
services, sharing with service providers, or legal compliance.
For processing confirmation and routing, contact privacy@nodefox.ai.
[Save Preference]
PART 17: SUBSCRIPTION MANAGEMENT
17.1 Cancellation — Initial Screen
Cancel Your Subscription
Your plan: [Plan Name]
Billing cycle ends: [Date]
When you cancel:
- Retain access until [End Date]
- No further charges
- No refund for current period (per Refund Policy)
- Data may be retained for a limited time per the Privacy Policy
- You can resubscribe at any time
[Continue to Cancel] [Keep My Subscription]
17.2 Cancellation — Confirmation
☐ I confirm my cancellation
- Subscription ends on [Date]
- No refund for current period
- Data may be retained for a limited time per the Privacy Policy
- I am responsible for exporting data I wish to keep
[Cancel My Subscription] [Keep Subscription]
Consent Tier: Click-Accept (Binding)
17.3 Annual Cancellation Warning
⚠️ Annual subscriptions are generally non-refundable.
Cancelling ends access at the end of the annual period ([Date]).
☐ I understand and accept.
[Confirm Cancellation] [Keep Subscription]
PART 18: TEAM AND ORGANIZATION
18.1 Team Invitation Acceptance
You've been invited to join [Organization Name] as [Role].
- Your activity may be visible to administrators
- Do not store secrets in plaintext in shared workspaces
- You remain bound by NodeFox's Terms of Service
☐ I accept this invitation
[Join Organization] [Decline]
PART 19: API KEYS AND DEVELOPER ACCESS
19.1 API Key Generation
⚠️ Important:
- Treat this key like a password — shown only once
- You are responsible for all actions and costs using this key
- Rate limits, retries, and automation can amplify costs
- Revoke immediately if compromised
- NodeFox may revoke/rotate keys if compromise is suspected
☐ I understand my responsibilities for this API key
[Generate API Key] [Cancel]
Consent Tier: Click-Accept (Binding)
PART 20: SECURITY SETTINGS
20.1 Enable 2FA
☐ I have saved my backup codes in a secure location
[Enable 2FA] [Cancel]
PART 21: EXPORT AND PORTABILITY
21.1 Data Export Request
Select what to export:
☐ Account information ☐ Workflows (JSON) ☐ Settings
☐ Execution history ☐ All data
☐ I understand this export may take time to prepare
You may receive a notification when your export is ready.
[Request Export]
21.2 Data Export Ready
Your export is ready. Link may expire after a limited period.
☐ I acknowledge this contains my data and I am responsible for
its security once downloaded.
[Download Export]
DOCUMENT III: OPERATIONAL AND SECURITY NOTIFICATIONS
PART 22: TERMS UPDATES
22.1 Material Change — Blocking Consent
⚠️ Important Terms Update — Action Required
Our terms have been updated with material changes. You must accept
to continue using NodeFox. If you do not agree, you may export your
data and close your account.
☐ I have read and agree to the updated Terms of Service
☐ I have read and agree to the updated Privacy Policy
[Accept and Continue]
Don't agree? [Export Data] | [Close Account]
Consent Tier: Click-Accept (Binding — Blocking)
Note: "Remind Me Later" must NOT be available for material changes. Limited access (export only) until acceptance.
PART 23: SECURITY INCIDENTS
23.1 Breach Notification
Security Incident Notification
Date: [Date]
What happened: [Description]
What may be affected: [Categories]
What we are doing: [Actions — framed as "may include"]
What you should do:
☐ Change your password
☐ Enable 2FA
☐ Review account activity
Details may change as investigation evolves.
☐ I acknowledge receipt of this notification
[Acknowledge]
Note: Frame remediation as "may include" — not promises. Breach notice provided "as required by applicable law."
PART 24: VULNERABILITY DISCLOSURE
24.1 Responsible Disclosure
☐ I will not access others' data or degrade services
☐ I will not publicly disclose before resolution
☐ I will provide sufficient detail to reproduce
☐ I will allow a reasonable time for remediation
☐ I will comply with all applicable laws
NodeFox may, in its discretion, acknowledge reports, work with
researchers, and provide updates. NodeFox does not intend to pursue
legal action against good-faith researchers acting in strict
compliance, except where required by law.
☐ I have read and agree to the Responsible Disclosure Policy
[Submit Vulnerability Report]
PART 25: LEGAL PROCESS
25.1 Legal Hold Notice
⚠️ Legal Hold — Preserve All Information
Hold ID: [LH-XXXXXX]
☐ I must preserve all potentially relevant information
☐ I must NOT delete, modify, or destroy relevant information
☐ This hold remains until written release
☐ I will notify privacy@nodefox.ai of relevant information
☐ I acknowledge receipt and understand my obligations
[Acknowledge]
25.2 Subpoena Notification
NodeFox has received legal process that may require disclosure
of your account information.
NodeFox may provide notice unless prohibited or where notice
would be inappropriate. We recommend consulting an attorney.
☐ I acknowledge receipt
[Acknowledge] [Contact Legal]
PART 26: BETA PROGRAMS
26.1 Beta Program Application
☐ I agree to the Beta Program Terms
- Beta features are experimental and may not work correctly
- I may provide feedback and report bugs
- Beta information is confidential
- Features may be changed or removed
- Support is not guaranteed
- NodeFox may remove me from the program at any time
[Apply to Beta Program]
Consent Tier: Click-Accept (Binding)
DOCUMENT IV: PRODUCT WARNINGS AND CONTEXTUAL DISCLAIMERS
PART 27: AI AND GENERATED CONTENT
27.1 AI Output — Inline (Persistent)
🤖 AI-generated · May contain errors · Verify before use
Consent Tier: Inline Notice (Informational)
27.2 AI-Generated Workflow/Network/DSL Label
🤖 AI-generated workflow. Verify before use. Not guaranteed safe,
compliant, complete, or low-cost.
Consent Tier: Inline Notice (Informational — Persistent)
27.3 AI Code Generation Warning
⚠️ AI-Generated Code
This code was generated by AI and may be destructive. Before using:
- Review for errors, security issues, and malicious patterns
- Test in a safe sandbox environment
- Do not run in production without verification
- You are responsible for all consequences of execution
- NodeFox does not guarantee detection of unsafe code
[Understood]
Consent Tier: Acknowledge (Warning)
PART 28: THIRD-PARTY COSTS
28.1 Pre-Action Cost Warning
💰 This Action May Incur Third-Party Costs
Provider Estimated Cost
──────────────────────────────
[Provider] ~$X.XX
⚠️ Estimates only — actual costs may be higher
⚠️ Retries, loops, schedules, webhooks, or triggers can cause
repeated calls and significant costs
⚠️ NodeFox may not stop in-flight requests; costs may continue
after you click stop
⚠️ You are solely responsible for all third-party costs
☐ Don't warn me for costs under $[threshold]
[Cancel] [Proceed — I Accept]
Consent Tier: Acknowledge (Warning — Dismissible with Threshold)
28.2 Batch/Bulk High-Cost Warning
⚠️ High Cost Warning — Batch Operation
Items: [N]
Est. per item: ~$X.XX
EST. TOTAL: ~$XX.XX
⚠️ ACTUAL COSTS MAY BE SIGNIFICANTLY HIGHER
⚠️ NodeFox has no duty to warn or prevent spend
Type "PROCEED" to confirm: [________________]
[Cancel] [Proceed]
28.3 Inline Cost Estimate
[Execute] 💰 Est. ~$0.05
Consent Tier: Inline Notice (Informational)
PART 29: WORKFLOW EXECUTION
29.1 First Workflow Execution (Required)
▶️ Execute Workflow
Before executing workflows:
- Workflows interact with external systems — actions may be
irreversible
- You are responsible for all outcomes
- Third-party costs may be incurred on every execution
- Stop/pause is best-effort — in-flight actions may complete
- Runs may execute more than once; design idempotency
- You bear full accountability as human deployer
- Test thoroughly before production use
☐ I understand my responsibilities
[Cancel] [Execute Workflow]
Consent Tier: Acknowledge (Warning — Required First Use)
29.2 External System Write Warning
⚠️ This workflow will modify external systems
System Action
──────────────────────────────
[System] [Action]
These actions may be difficult or impossible to reverse.
☐ I authorize these actions and accept responsibility for outcomes
[Cancel] [Execute]
Consent Tier: Acknowledge (Warning)
29.3 Stop/Halt Limitations (First time user presses Stop)
⚠️ Stop Is Best-Effort
Stopping a workflow does not guarantee immediate halt:
- In-flight API calls and webhook deliveries may complete
- Third-party actions already dispatched cannot be recalled
- Costs may continue accruing after stop
- Duplicate or partial executions may occur
- External side effects may be irreversible
☐ I understand stop/pause limitations
[Cancel Stop] [Attempt Stop]
Consent Tier: Acknowledge (Warning — Required First Use)
29.4 Recursive Logic / Runaway Execution Warning
⚠️ Runaway Execution Risk Detected
This Workflow contains loop nodes or recursive logic.
- Infinite loops can consume massive API credits in seconds
- You are strictly liable for all costs from runaway executions
- NodeFox does not refund overages caused by infinite loops
- Stop is best-effort — in-flight calls may complete
☐ I have set appropriate API spending limits and accept the risk
[Cancel] [Execute]
Consent Tier: Acknowledge (Warning — Required when loops detected)
PART 30: AUTOMATION AND SCHEDULING
30.1 Schedule Activation
📅 Activate Scheduled Workflow
Workflow: [Name]
Schedule: [Frequency]
Next run: [Date/Time]
⚠️ Important:
- Runs automatically without prompts
- Each run may incur third-party costs
- Runs may execute more than once — design idempotency
- External systems affected each run
- Stop is best-effort for scheduled runs
Est. per run: ~$X.XX
Est. monthly: ~$XX.XX (estimates only)
☐ I understand this will run automatically
[Cancel] [Activate Schedule]
30.2 Webhook/Trigger Activation
🔗 Enable External Trigger
Trigger URL: https://api.nodefox.ai/wh/xxxxx
⚠️ Security:
- Anyone with this URL can trigger your workflow
- A leaked URL can be weaponized by bots to drain your connected
API credits
- Consider authentication and rate limiting
⚠️ Cost:
- Each trigger may incur costs
- You are strictly liable for all overages from a leaked URL
- Runs may duplicate — design idempotency
☐ I understand the security and cost implications
[Cancel] [Enable Trigger]
PART 31: DATA HANDLING
31.1 Sensitive Data Upload
⚠️ Data Upload Notice
- You must have the right to upload this data
- Data may be processed by third-party services (including AI)
- NodeFox may not detect sensitive data reliably — you remain
responsible for classification and compliance
- Do not upload without safeguards: SSNs, credit cards, PHI,
or other regulated data
☐ I confirm this data is appropriate to upload
☐ Don't show this again
[Cancel] [Upload]
31.2 Healthcare / Financial Data Warnings
⚠️ NodeFox is NOT designed for HIPAA-regulated workloads and does
not have a BAA in place. / NodeFox is NOT PCI-DSS certified.
Do not process PHI / cardholder data without appropriate
safeguards and legal review.
☐ This data does not contain PHI / payment card information
☐ I accept full responsibility for this data
[Cancel] [Proceed]
Consent Tier: Acknowledge (Warning — Required)
PART 32: CREDENTIALS AND SECURITY
32.1 API Key Storage
🔐 You are storing an API key in NodeFox.
- Keys are stored using encryption where technically feasible —
no system is 100% secure
- You are responsible for key security
- Rotate if compromise suspected
- Set permissions/limits at the provider
☐ I understand my security responsibilities
[Cancel] [Save Key]
32.2 Untrusted Code Execution Warning
☢️ Untrusted Code Execution
You are about to execute third-party code.
- This code may access your local environment, Workflow data,
and connected API keys
- NodeFox has not audited this code for malicious intent,
credential harvesting, or spyware
- You execute this at your own risk
☐ I have independently reviewed this code and accept all risks
[Cancel] [Run Untrusted Code]
Consent Tier: Acknowledge (Warning — Required first use per code source)
32.3 DSL / Script Execution Warning (First Use)
⚠️ Script / DSL Execution
You are running user-authored or AI-generated code.
- Code may make network requests, access data, consume resources
- Malicious code may attempt credential harvesting or data exfil
- Sandbox limitations may exist; containment is not guaranteed
- You are responsible for all consequences, costs, and side effects
- NodeFox is not responsible for your code
☐ I understand the risks of script/DSL execution
[Cancel] [Execute]
Consent Tier: Acknowledge (Warning — Required First Use)
PART 33: SHARING, EXPORT, AND SECRETS HYGIENE
33.1 Export/Share Contains Credentials Warning
⚠️ This export/share may contain sensitive data
Options:
☐ Export/share WITHOUT credentials (recommended — default)
☐ Export/share WITH credentials
If including credentials, type "EXPORT WITH SECRETS" to confirm:
[________________]
⚠️ Anyone with this file/link will have access to included
credentials. You must redact secrets and PII before sharing
externally. NodeFox is not responsible for your disclosures.
☐ I understand the security implications
[Cancel] [Export/Share]
Consent Tier: Acknowledge (Warning)
33.2 Marketplace Publish — Secrets Check
⚠️ Before publishing to the Marketplace:
- Ensure NO secrets, credentials, API keys, or PII are included
- NodeFox does not audit published content for secrets
- You are solely responsible for any exposure
☐ I confirm this content contains no secrets or PII
[Cancel] [Publish]
33.3 Support Upload / Log Attachment
⚠️ Before uploading to support:
- Redact secrets, API keys, credentials, and unnecessary PII
- NodeFox may process attachments using service providers
- See Privacy Policy for data handling
☐ I have redacted sensitive information
[Cancel] [Upload]
PART 34: PHOTOSENSITIVE CONTENT AND ACCESSIBILITY
34.1 Visual Mode Selection (First Launch / Settings)
⚠️ PHOTOSENSITIVE EPILEPSY AND SEIZURE WARNING
NodeFox includes visual indicators such as node execution flashes,
activity animations, and rapidly changing visual patterns that may
trigger seizures, migraines, or adverse reactions in individuals
with photosensitive epilepsy or similar conditions.
Select your visual mode:
☐ Standard Mode — Includes animated node execution indicators,
activity flashes, and visual effects
☐ Reduced Animation Mode — Minimizes flashing, animation, and
rapidly changing visual patterns (where available)
⚠️ If you have a history of seizures, epilepsy, photosensitivity,
or neurological conditions, consult a medical professional before
use. Select Reduced Animation Mode or discontinue use if you
experience discomfort.
Consent Tier: Acknowledge (Warning — Required First Launch)
34.2 Standard Mode Confirmation
⚠️ You have selected Standard Mode
Standard Mode includes flashing lights, animated node execution
indicators, and rapidly changing visual patterns.
By proceeding with Standard Mode, you acknowledge and assume all
risks associated with exposure to animated and flashing visual
content, including the risk of seizures, migraines, and adverse
reactions.
- You are responsible for configuring your OS, browser, and
assistive technology to meet your needs
- NodeFox does not guarantee the effectiveness of any reduced-
animation mode
- Nothing in the Services constitutes medical advice
- TO THE MAXIMUM EXTENT PERMITTED BY LAW, NODEFOX SHALL NOT BE
LIABLE FOR PERSONAL INJURY ARISING FROM VISUAL CONTENT
☐ I understand the risks and choose Standard Mode
[Go Back] [Accept & Continue]
Consent Tier: Click-Accept (Binding)
34.3 Reduced Animation Mode Notice
You have selected Reduced Animation Mode.
Reduced animation minimizes but may not eliminate all flashing or
animated content. Effectiveness is not guaranteed. You may change
this setting at any time in Settings > Accessibility.
If you experience discomfort, discontinue use immediately.
Consent Tier: Inline Notice (Informational)
PART 35: BETA AND EXPERIMENTAL FEATURES
35.1 Beta Feature First-Use
🧪 Beta Feature — Experimental
- May not work correctly; may change or be removed
- Not documented; not supported
- Not for production or critical purposes
- Use at your own risk
☐ I understand the risks
☐ Don't show this again for beta features
[Cancel] [Continue]
35.2 Beta Badge (Inline)
[Feature Name] 🧪 Beta
35.3 Production Deployment Warning
⚠️ You are deploying to PRODUCTION
NodeFox is in BETA — not intended for production use:
- May contain bugs, errors, or incomplete features
- No SLA or uptime guarantees
- Production use is at your sole risk
☐ I accept full responsibility for production use
[Cancel] [Deploy to Production Anyway]
35.4 Compliance Helper Disclaimer
ℹ️ Informational only. Not legal advice. Not a compliance
solution. You are solely responsible for compliance with
applicable laws and regulations.
Consent Tier: Inline Notice (Informational — wherever compliance tools appear)
DOCUMENT V: IMPLEMENTATION GUIDELINES
PART 36: CONSENT TIERS AND UX DESIGN
36.1 Three-Tier Framework
| Tier | Name | Purpose | Action | Legal Effect |
|---|---|---|---|---|
| 1 | Click-Accept | Binding actions | Checkbox + Button | Contractual |
| 2 | Acknowledge | Warnings | Checkbox or Button | Documents awareness |
| 3 | Inline Notice | Education | None required | Informational |
36.2 Consent Fatigue Prevention
- Limit modal popups to 1–2 per session for returning users
- Batch related consents where legally appropriate
- Use "Don't show again" for non-critical warnings only
- Reserve blocking modals for legally required consents
36.3 Dismissal Rules
| Type | Can Dismiss? | "Don't Show Again"? | Persists? |
|---|---|---|---|
| Legal acknowledgments | No | No | Yes (once) |
| Beta warnings (first use) | After accepting | No | Yes |
| Cost warnings | Yes | Yes (with threshold) | Preference |
| Stop/halt limitations | After accepting | No | Yes |
| Script/DSL execution | After accepting | No | Yes |
| Sharing/secrets | Every occurrence | No | No |
| Photosensitive warning | After mode selection | No | Yes |
| Security warnings | No (must act) | No | N/A |
| Info toasts | Auto-dismiss | N/A | No |
PART 37: LEGAL AND COMPLIANCE
37.1 Checkbox Requirements
- Checkboxes unchecked by default (pre-checked invalid under GDPR/CCPA)
- Affirmative action required (scrolling/continued use insufficient)
- Marketing consent always optional and separate
- All referenced documents accessible via hyperlink opening in new tab
37.2 Consent Record Schema
{
"consent_id": "uuid",
"user_id": "uuid",
"consent_type": "string",
"consent_tier": "click_accept|acknowledge|inline",
"timestamp": "ISO 8601",
"ip_address": "string (where legally permitted)",
"user_agent": "string",
"device_fingerprint": "string (hashed — Desktop App EULA)",
"installation_source": "web|desktop_mac|desktop_windows",
"terms_version": {
"terms_of_service": "version_date",
"privacy_policy": "version_date",
"aup": "version_date"
},
"ui_text_version_hash": "string",
"checkboxes_checked": ["array"],
"form_version": "string",
"method": "checkbox|click|signature",
"jurisdiction_region": "string (if available)"
}
Critical: Consent logs must NOT store prompts, API keys, raw Workflow content, or outputs.
37.3 Rules for UI Text
- Never restate numeric legal terms in UI (liability caps, DSAR days, retention days, response timelines)
- UI should link to the controlling document for specifics
- Numeric commitments belong in legal docs, not user-facing modals
PART 38: TECHNICAL REQUIREMENTS
38.1 Display
- Consent text clearly visible; minimum 12px font recommended
- Links visually distinguishable
- Consent appears before action is completed
- Mobile-responsive; touch targets minimum 44px
38.2 Accessibility
- Checkboxes properly labeled for screen readers
- Keyboard accessible with visible focus indicators
- Target WCAG 2.x Level AA as reference (not a compliance commitment)
- Do not rely on color alone
PART 39: QUICK REFERENCE
39.1 Mandatory Disclaimers (Cannot Be Permanently Dismissed)
| Disclaimer | Trigger |
|---|---|
| Beta acknowledgment | First login |
| AI output warning | First AI use |
| Third-party cost responsibility | First cost-incurring action |
| External system write authorization | First external modification |
| Stop/halt limitations | First stop attempt |
| Script/DSL execution warning | First script/DSL run |
| Recursive logic / runaway warning | Loop detection |
| Photosensitive / visual mode | First launch |
| Production deployment | Production use |
| Mission-critical use | Critical marking |
| Healthcare data | PHI detection |
| Financial data | PCI detection |
| Untrusted code execution | Third-party code run |
| Sharing/export secrets | Every occurrence |
| Delete confirmation | Any deletion |
39.2 Prohibited Practices
| Practice | Status |
|---|---|
| Pre-checked consent boxes | ❌ Prohibited |
| Bundling unrelated consents | ❌ Prohibited |
| Hidden or obscured terms | ❌ Prohibited |
| Requiring marketing consent for service | ❌ Prohibited |
| Dark patterns to manipulate consent | ❌ Prohibited |
| Restating numeric legal terms in UI | ❌ Prohibited |
| Storing prompts/keys in consent logs | ❌ Prohibited |
| "By continuing" consent for non-essential cookies | ❌ Prohibited |
| Implying regulatory maturity not achieved | ⚠️ Avoid |
DOCUMENT VI: LEGAL ACCEPTANCE FLOW OPERATIONS
PART 40: CANONICAL ACCEPTANCE FLOW STATES
40.1 Acceptance State Model
Acceptance state SHOULD be modeled as a deterministic lifecycle:
Unseen -> Presented -> Affirmatively Accepted -> Recorded -> Verified -> Active
Additional conditional states:
Stale (version mismatch) | Revoked (where applicable by law) | Disputed
40.2 Minimum Transition Rules
Presented -> Acceptedrequires explicit affirmative user action (checkbox and/or explicit acceptance button as applicable).Accepted -> Recordedrequires successful persistence of acceptance record metadata.Recorded -> Verifiedrequires schema-level validation of required fields.Verified -> Activepermits the protected product action.- Any failure in steps 2–4 MUST route to a blocked or retry state and MUST NOT silently proceed.
40.3 Version-Aware Enforcement
Acceptance MUST be bound to specific legal/policy versions (for example, Terms version date or policy hash). If required version does not match the current enforceable version, route to re-acceptance before allowing protected actions.
PART 41: REQUIRED ACCEPTANCE EVENT FIELDS
41.1 Required Event Payload
At minimum, each acceptance event SHOULD include:
- event id (UUID or equivalent unique identifier)
- user id / account id
- workspace id (if applicable)
- document identifiers and versions
- consent tier (
click_accept,acknowledge,inline_notice) - timestamp (ISO 8601 UTC recommended)
- consent surface id (sign-up modal, billing checkout, policy update gate, etc.)
- evidence of affirmative action (
checkbox ids,button id, method) - locale/jurisdiction context where available
41.2 Optional but Recommended Fields
- IP address and user-agent where legally permitted
- device/session identifier
- UI content hash for displayed legal text
- workflow/run correlation id when acceptance gates a workflow action
41.3 Data Minimization Rule
Acceptance events MUST NOT include raw prompts, API keys, secret tokens, private model inputs, or unrelated workflow payload content.
PART 42: POLICY UPDATE AND RE-ACCEPTANCE FLOW
42.1 Triggering Events
Re-acceptance workflows SHOULD be considered when:
- Terms, Privacy Policy, or other binding policy has a material update
- billing terms materially change for affected users
- product behavior introduces new high-impact risk categories
42.2 Re-Acceptance UX Sequence (Recommended)
- Present concise summary of what changed and effective date.
- Provide direct links to full updated documents.
- Require affirmative re-acceptance for affected actions.
- Record updated version acceptance metadata.
- Restore protected feature access only after successful verification.
42.3 Degraded Access Model
Until re-acceptance is completed, implementations may:
- allow read-only access to account/workspace data
- block policy-sensitive writes, publishing, execution, or billing actions
- provide export and account-close pathways where required by law
PART 43: FLOW QUALITY, TESTING, AND AUDIT OPERATIONS
43.1 Test Matrix (Minimum)
Validate acceptance flows across:
- first-time acceptance
- re-acceptance after policy update
- stale version detection
- partial/failed persistence of acceptance records
- duplicate-submission and idempotency behavior
- interrupted sessions and recovery behavior
43.2 Monitoring and Alerting
Track and alert on:
- acceptance persistence failures
- version mismatch rates
- blocked-action rates due to missing acceptance
- unusual spikes in disputed acceptance events
43.3 Audit Readiness
Maintain evidence that can answer:
- which legal text/version was presented
- which user accepted, when, and by what action
- which protected actions were blocked or permitted based on acceptance state
- how policy updates were propagated and enforced
43.4 Operational Ownership
Acceptance flow operations SHOULD have named owners across product, legal/privacy, and engineering/security functions, with documented escalation paths for disputes, incidents, and regression response.
END OF CONSENT FORMS, UI DISCLAIMERS, AND IMPLEMENTATION
© 2025–2026 NodeFox LLC. All rights reserved.
NodeFox LLC | PO Box 1667, Ross, CA 94957, United States | https://www.nodefox.ai