NodeFoxLast updated: April 8, 2026
NODEFOX COOKIE POLICY
Version 1.0 | Effective Date: April 8, 2026 | Last Updated: April 8, 2026
Beta Status Notice: NodeFox is currently provided in beta. Features, behavior, documentation, and controls may change without notice. You must independently validate suitability for your use case and maintain your own safeguards.
© 2025–2026 NodeFox LLC. All rights reserved.
Important Notice
This Cookie Policy ("Policy") explains how NodeFox LLC ("NodeFox," "Company," "We," "Us," or "Our") uses cookies and similar tracking technologies when you visit our website, use our platform, or interact with our services.
This Policy supplements our Privacy Policy and Terms of Service. By using the Services, you acknowledge that you have read and understood this Policy. This acknowledgment does not constitute consent for non-essential cookies. In jurisdictions requiring consent for non-essential cookies, we obtain your consent via our cookie banner or preference center before placing such cookies.
Key Points Summary
This summary is for convenience only. The full Policy controls.
| Topic | Summary |
|---|---|
| Essential Cookies & Local Storage | Required for core functionality (including IndexedDB/WASM architecture); cannot be opted out |
| Functional Cookies | Remember your preferences; can be disabled |
| Analytics Cookies | Help us understand usage; require consent where applicable; can be disabled |
| Marketing/Advertising | We do not currently use advertising or marketing cookies |
| Third-Party Cookies | Limited to essential service providers; current list at Subprocessor Registry |
| Consent | Required where applicable; managed via cookie banner/preference center |
| Global Privacy Control | Honored where required by applicable law and technically feasible |
| Do Not Track | Not currently recognized (no industry standard) |
| Your Choices | Manage via banner, browser settings, or opt-out links |
| No Sale | We do not sell data collected via cookies |
Section 1. Introduction and Scope
1.1 This Policy explains what cookies and similar tracking technologies are, how we use them, and how you can control them. This Policy supplements our Privacy Policy and should be read together with it. The Terms of Service govern the contractual relationship.
1.2 Scope. This Policy applies to our website at https://www.nodefox.ai and subdomains, the NodeFox platform and web application, marketing and documentation pages, and any other online services where this Policy is posted.
1.3 Application. This Policy applies to all visitors, users of the Services, and recipients of our emails whose devices interact with the Services.
1.4 Desktop Application. The Desktop Application uses limited tracking technologies as described in the EULA and Privacy Policy. This Policy focuses primarily on web-based cookies and tracking.
Section 2. What Are Cookies
2.1 Cookies are small text files placed on your device when you visit a website. They are used to enable functionality, remember preferences, maintain sessions, provide security, and understand usage.
2.2 A cookie typically contains: the domain that set it, a lifetime, and a value (usually a unique identifier).
2.3 Cookies may be set by the website you visit (first-party) or by third-party services integrated into the website (third-party).
Section 3. How Cookies Work
3.1 When you visit a website, cookies are sent to your browser and stored on your device. When you return, the website reads the cookie to recognize you and retrieve preferences.
3.2 Cookies have attributes controlling their behavior: Name, Value, Domain, Path, Expires/Max-Age, Secure (HTTPS only), HttpOnly (not accessible to JavaScript), and SameSite (cross-site behavior).
Section 4. Types of Cookies
4.1 Session Cookies. Temporary; stored in browser memory and deleted when you close your browser. Used for authentication, session management, and security.
4.2 Persistent Cookies. Remain on your device for a specified period or until manually deleted. Used for preferences, returning user recognition, and analytics.
4.3 First-Party Cookies. Set by nodefox.ai or its subdomains. We control these directly.
4.4 Third-Party Cookies. Set by domains other than nodefox.ai by services we integrate (analytics, security, payment). We limit third-party cookies to essential service providers and those you consent to where required by law.
Section 5. Categories of Cookies We Use
| Category | Required? | Purpose | Can Be Disabled? |
|---|---|---|---|
| Strictly Necessary | Yes | Essential functionality, security, local architecture | No |
| Functional | No | Preferences and convenience | Yes |
| Analytics | No | Usage understanding | Yes (consent where required) |
| Marketing | No | We do not currently use marketing cookies | N/A |
Section 6. Strictly Necessary Cookies and Local Storage
6.1 Strictly necessary cookies and storage are essential for the Services to function. They do not require consent under most privacy laws because they are necessary to provide the service you requested.
6.2 These cannot be disabled through our cookie preference mechanisms. Blocking them via your browser may impair functionality.
6.3 Strictly necessary cookies and storage include:
- Authentication: Identify you when logged in, maintain sessions, verify identity
- Security: CSRF protection, bot detection, rate limiting, request integrity
- Session Management: State maintenance, navigation tracking, form data, timeouts
- Load Balancing and Edge Routing: Traffic distribution, geographic routing, consistent session routing, availability
- Cookie Consent: Recording your cookie preferences
6.4 Local-First Architecture (Strictly Necessary). Because the Services utilize a local-first, WebAssembly (WASM) architecture, the use of IndexedDB, local storage, session storage, and the Origin Private File System (OPFS) to store Workflow states, execution data, application configurations, and cached content is classified as Strictly Necessary for performance of the contract. This local data storage is fundamental to the operation of the Services, is not used for tracking or advertising, and cannot be declined via cookie consent mechanisms.
6.5 Strictly necessary cookies are typically session cookies, first-party, secure, and HttpOnly.
Section 7. Functional Cookies
7.1 Functional cookies enable enhanced functionality and personalization. They may be set by us or by third-party providers whose services we integrate.
7.2 Functional cookies are used strictly for user-requested features such as language/display preferences, theme settings, feature configurations, recently accessed items, and onboarding state. They are not used for advertising profiling, behavioral tracking, or cross-context analytics.
7.3 Functional cookies require consent in jurisdictions that mandate it. They can be disabled through our preference center or browser settings, though disabling them may affect convenience features.
7.4 Functional cookies may persist for varying periods depending on their purpose.
Section 8. Analytics and Performance Cookies
8.1 Analytics cookies collect information about how you use the Services to help us understand usage patterns, identify issues, and improve the user experience.
8.2 Analytics cookies may collect: pages visited, time spent, links clicked, scroll depth, errors, device/browser information, approximate location, referral source, and navigation patterns.
8.3 Analytics cookies are not intended to collect the substantive content of your Workflows, prompts, Outputs, User Secrets, or credentials. Diagnostics may include limited technical context. If we associate analytics data with your Account for logged-in users, it is for usage understanding, not advertising.
8.4 Analytics cookies require consent where applicable law mandates it. They can be disabled through our preference center, browser settings, or third-party opt-out mechanisms.
8.5 If enabled, we may use third-party analytics providers. These providers may place their own cookies and may act as independent controllers for their own processing purposes where enabled. Their processing is subject to their own privacy policies. The specific configuration (including IP anonymization and data retention) may vary and is subject to change.
8.6 Analytics data may be aggregated and de-identified for reports that do not identify individuals.
Section 9. Marketing, Advertising, and Social Media
9.1 NodeFox does not currently use marketing, advertising, or targeting cookies. We do not currently display third-party advertisements, track you across other websites for advertising, share cookie data with advertising networks, use retargeting cookies, or build advertising profiles.
9.2 We do not currently engage in cross-context behavioral advertising as defined by the CCPA.
9.3 If we introduce marketing cookies in the future, we will update this Policy and obtain consent where required.
9.4 Social Media. The Services may include links to social media profiles or, in limited cases, embedded social features. If you interact with social media features, the platform may set its own cookies under its own privacy policy. Some platforms may set cookies passively when a page loads, even without interaction. This is outside our control. Where possible, we use static links rather than embedded widgets.
9.5 If a user embeds a third-party widget (such as a video or external content) inside a shared Workspace or Marketplace documentation, NodeFox does not control cookies deployed by that user-generated embed.
Section 10. Detailed Cookie Inventory
10.1 The following tables list cookies that may be used on the Services. These are representative examples as of the Last Updated date. As we update infrastructure, specific cookie names may change, though their category and functional purpose will remain consistent. The controlling current list is our preference center.
Strictly Necessary:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
session_id | Authenticated session | Session | First-party |
csrf_token | CSRF protection | Session | First-party |
auth_token | Authentication session token | Session/Persistent | First-party |
sb-* | Supabase authentication | Session/Persistent | First-party |
__cf_bm | Cloudflare bot management | 30 minutes | Third-party |
cf_clearance | Cloudflare security challenge | Varies | Third-party |
cookie_consent | Cookie preferences | 1 year | First-party |
Functional:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
locale | Language preference | 1 year | First-party |
theme | Display theme | 1 year | First-party |
sidebar_state | Sidebar visibility | 1 year | First-party |
recent_workflows | Recently accessed workflows | 30 days | First-party |
onboarding_complete | Onboarding completion | 1 year | First-party |
Analytics (if enabled/consented):
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
_ga | Analytics — user distinction | 2 years | Third-party |
_ga* | Analytics — session state | 2 years | Third-party |
_gid | Analytics — user distinction | 24 hours | Third-party |
_gat | Analytics — request throttle | 1 minute | Third-party |
Section 11. Third-Party Cookies
11.1 We limit third-party cookies to essential services and those you consent to where required. Third parties control their own cookie names, values, durations, and processing.
11.2 We utilize third-party service providers for hosting, authentication, security, payments, and analytics. For the current list of infrastructure providers, their purposes, and links to their privacy policies, see our Subprocessor Registry.
11.3 You may opt out of third-party cookies through their own mechanisms, browser settings, or privacy extensions.
11.4 Headless API and Webhook Security Cookies. When the Services are accessed programmatically via APIs or inbound webhooks configured by a Customer, security infrastructure (e.g., Cloudflare) may automatically inject strictly necessary bot-management and rate-limiting cookies into the HTTP response. The Customer configuring the webhook is solely responsible for obtaining any required consents from their end-users for these necessary security cookies.
11.5 Embedded Third-Party Content. Embedded third-party content (social embeds, hosted video, documentation, fonts, user-generated iframes) may set cookies or similar identifiers. NodeFox does not control those cookies and is not responsible for third-party tracking through embedded content.
Section 12. Cookies on the Website and in the Application
12.1 Public Website. When you visit public pages, we may set strictly necessary cookies for security and functionality, functional cookies to remember preferences (with consent where required), and analytics cookies (with consent where required).
12.2 Logged-In Experience. Additional cookies for authentication, security verification, and personalization.
12.3 Cookie Banner. Where required by applicable law and technically feasible, we display a cookie banner allowing you to accept, reject non-essential cookies, or customize preferences.
12.4 Desktop Application. The Desktop Application stores authentication tokens in your operating system's secure credential storage (not browser cookies), local preferences, and telemetry data per your settings. When the Application opens web-based features (authentication flows, embedded webviews), standard web cookies may apply.
Section 13. Cookies in Emails
13.1 Our marketing emails may contain tracking technologies (tracking pixels/web beacons) that indicate whether you opened the email. Email tracking is used only where lawful. Transactional/service emails may contain minimal tracking where permitted by law.
13.2 Email tracking may collect: whether and when you opened the email, approximate location, and device/email client.
13.3 Enterprise email security gateways (such as Proofpoint, Mimecast, or similar scanners) may automatically pre-fetch tracking pixels, resulting in an "opened" status even if you have not personally viewed the email.
13.4 Unsubscribe from marketing emails via the unsubscribe link. Transactional emails cannot be unsubscribed while you maintain an active Account. Disable image loading in your email client to prevent pixel tracking (may affect display).
Section 14. Local Storage and Similar Technologies
14.1 HTML5 Local Storage. We may use local storage (larger than cookies, does not expire automatically, not sent with HTTP requests) for caching, application state, offline functionality, and preferences. Clear via browser developer tools or settings.
14.2 Session Storage. Similar to local storage but cleared when you close the tab/window. Used for temporary session state and form data.
14.3 IndexedDB and OPFS. IndexedDB is a browser database storing larger amounts of structured data. It is fundamental to the Services' local-first WASM architecture. IndexedDB data persists until you clear it or until browser storage cleanup mechanisms remove it. Standard "Clear Cookies" commands in some browsers do not automatically clear IndexedDB or OPFS data. Complete removal may require explicitly selecting "Clear Site Data" or using browser developer tools.
14.4 Browser Storage Eviction. HTML5 local storage, OPFS, and IndexedDB are subject to storage quotas and automated eviction policies enforced by your browser or operating system. If your device's disk space is low, your browser may permanently and silently delete local databases. NodeFox is not liable for loss of local data caused by browser storage eviction.
14.5 Service Workers and Cache Storage. The Services may register browser Service Workers and utilize Cache Storage for offline functionality and performance. Standard "Clear Cookies" commands may not automatically unregister Service Workers or clear PWA caches. Full removal may require manually unregistering Service Workers via browser developer tools.
14.6 Fingerprinting. NodeFox does not currently use browser fingerprinting for tracking or advertising profiling and does not currently create persistent fingerprint identifiers. We may use limited device signals (IP, user-agent, session tokens) for security, fraud prevention, and bot detection where technically necessary. Third-party security services (such as Cloudflare) may use fingerprinting techniques for bot detection under their own policies.
14.7 Payment Security Telemetry. During checkout and billing, payment processors (e.g., Stripe) may utilize advanced device fingerprinting and behavioral telemetry strictly for fraud risk scoring and anti-money laundering compliance. This is classified as strictly necessary security and operates independently of cookie consent preferences.
14.8 Marketplace Component Storage. Third-party Marketplace Content (custom nodes, templates) may execute JavaScript that reads, writes, or injects cookies, local storage, or IndexedDB entries. NodeFox disclaims liability for unauthorized tracking, storage use, or data collection by third-party Marketplace components. You are responsible for auditing code of community components you execute.
14.9 Server-Side Equivalents. Certain purposes served by cookies (fraud detection, rate limiting, security logging, abuse prevention) may also be implemented server-side using IP addresses, user-agent strings, session tokens, and request headers, regardless of your cookie preference settings. Opting out of non-essential cookies does not disable server-side security measures.
Section 15. Your Cookie Choices
15.1 You have several options: our cookie preference center (where available), browser settings, third-party opt-out mechanisms, and Global Privacy Control.
15.2 We do not condition access to the Services on acceptance of non-essential cookies. However, strictly necessary cookies and local storage are required for core functionality; blocking them via your browser may impair or prevent use of the Services.
15.3 Browser Settings. Most browsers allow you to block, delete, and manage cookies. Consult your browser's documentation for instructions. Private/incognito mode limits cookie persistence but does not prevent cookies during the session.
15.4 Strict Browser Interference. Privacy-focused browsers (e.g., Brave, Safari ITP) and aggressive ad-blocking extensions may classify strictly necessary cross-subdomain authentication tokens as "third-party trackers," causing login failures or redirect loops. NodeFox is not liable for service degradation caused by your browser blocking strictly necessary authentication cookies. You may need to whitelist nodefox.ai domains.
15.5 Embedded Context Degradation. If you embed NodeFox interfaces or forms into external websites (e.g., via iframes), browser privacy engines may block NodeFox's authentication cookies as cross-site trackers, causing embedded elements to fail. NodeFox is not responsible for degradation in embedded contexts caused by third-party cookie restrictions.
15.6 Shared Devices. Cookie preferences are saved at the browser profile level, not the NodeFox Account level. On shared devices or shared browser profiles, consent preferences set by other users apply to your session. NodeFox is not liable for tracking resulting from inherited consent settings on shared hardware.
Section 16. Cookie Consent Management
16.1 Where required by applicable law and technically feasible, we display a cookie banner on first visit explaining our use of cookies, providing accept/reject/customize options, and linking to this Policy.
16.2 Our preference center (where available) allows you to review categories, enable/disable non-essential categories, and change preferences at any time. Access via "Cookie Settings" in the website footer or by clearing cookies and revisiting.
16.3 Your preferences are stored in a first-party cookie. Clearing cookies will prompt you again.
16.4 Consent Records. We may retain consent logs (timestamp, region, preferences selected, device/browser signals) for compliance and auditing purposes. Consent records may be retained longer than cookie lifetimes.
Section 17. Do Not Track and Global Privacy Control
17.1 Do Not Track. There is no universally accepted standard for DNT signals. We do not currently change practices based on DNT signals. DNT does not override consent choices in our preference center.
17.2 Global Privacy Control. NodeFox recognizes and honors GPC signals where required by applicable law and technically feasible. When we detect a GPC signal, we treat it as an opt-out of sale/sharing of personal information and an opt-out of certain tracking, to the extent required by applicable law. GPC applies per browser/device. Enable via privacy-focused browsers or extensions supporting GPC (https://globalprivacycontrol.org). GPC is recognized under certain U.S. state privacy laws and other applicable regulations.
Section 18. Regional Cookie Consent
18.1 EEA/UK/Switzerland. Where the ePrivacy Directive, GDPR, or UK GDPR applies, we obtain consent before placing non-essential cookies. Our consent mechanism is designed to be freely given (for non-essential cookies), specific, informed, and based on affirmative action, to the extent required by applicable law. Where required, non-essential cookies are not set before consent is obtained. You may withdraw consent at any time via our preference center, browser settings, or privacy@nodefox.ai.
18.2 California. We do not sell personal information collected through cookies. We do not share personal information collected through cookies for cross-context behavioral advertising. We do not intentionally collect sensitive personal information through cookies. We honor GPC signals. Where required, we may provide a "Do Not Sell or Share" link.
18.3 Other Jurisdictions. We obtain consent and follow applicable cookie requirements as required by applicable law. Our default approach for jurisdictions without specific cookie consent requirements is transparency through this Policy, cookies for legitimate purposes, data minimization, no advertising cookies, and honoring GPC where required.
Section 19. Children and Cookies
19.1 The Services are not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 where required by applicable law). We do not target cookies to children.
19.2 If we learn we have collected data from a child below the applicable age threshold, we will take appropriate steps as required by law.
Section 20. Data Collected Through Cookies
20.1 Data collected through cookies and similar technologies may include: technical data (IP address, browser, OS, device, screen resolution, language); usage data (pages visited, time spent, links clicked, features used, referral source); preference data (language, theme, display settings); session data (session ID, auth state, navigation); and analytics data (aggregated usage, traffic, user flows).
20.2 We do not intentionally collect through cookies the substantive content of Workflows, prompts, or Outputs; User Secrets or credentials; or sensitive personal information (except via payment processor security on checkout pages). Third-party embeds and analytics may incidentally capture additional technical context.
Section 21. How We Use Cookie Data
21.1 We use cookie data for: essential operations (authentication, sessions, security, core functionality); personalization (preferences, customization); analytics (usage understanding, performance measurement, issue identification); and security and abuse prevention (fraud detection, bot prevention, rate limiting, account protection).
21.2 We do not currently use cookie data for advertising, building advertising profiles, cross-context behavioral advertising, or selling to third parties.
Section 22. Sharing and Retention
22.1 Sharing. We share cookie data only with: service providers operating on our behalf under contract; as required by law; and in connection with business transfers. We do not sell cookie data. Third-party analytics providers receive data directly through their cookies when enabled and may act as independent controllers under their own policies.
22.2 Retention. Session cookies are deleted when you close your browser. Persistent cookies are deleted at expiration or when you delete them. Server-side logs derived from cookie events are retained per our Privacy Policy and may persist longer in aggregated/de-identified form.
22.3 Deletion. Delete cookies at any time via browser settings. This may log you out and reset preferences.
Section 23. Security
23.1 We implement security measures appropriate to the beta nature, scale, and risk profile of the Services. Cookies have inherent security limitations (transmitted with HTTP requests, stored on your device, potentially accessible to malware). No security measure constitutes a warranty or guarantee.
23.2 You are responsible for keeping your browser and device secure, using secure networks, and protecting against malware.
Section 24. Cross-Device Tracking
24.1 NodeFox does not currently engage in cross-device tracking for advertising purposes and does not currently build cross-device advertising profiles.
24.2 If you are logged into your Account on multiple devices, we may associate activity across devices for providing a consistent experience, syncing preferences, synchronizing Workflow states and live updates via WebSockets or real-time listeners, and security monitoring. This is account-linked activity, not fingerprinting-based cross-device tracking.
Section 25. Third-Party Websites
25.1 The Services may link to third-party websites. This Policy does not apply to those sites. We encourage you to review their privacy and cookie policies. Links do not imply endorsement.
Section 26. Updates to This Policy
26.1 We may update this Policy to reflect changes in practices, technology, or law. We may provide notice by posting with a new "Last Updated" date, displaying a notice, or updating the cookie banner.
26.2 Continued use after changes constitutes acknowledgment of the updated Policy. This acknowledgment is not cookie consent for opt-in jurisdictions; consent continues to be managed via the banner/preference center where required.
26.3 Prior versions may be available upon request.
Section 27. Contact
| Purpose | Contact |
|---|---|
| Cookie / Privacy Questions | privacy@nodefox.ai |
| DPO | dpo@nodefox.ai |
| General Support | info@nodefox.ai |
| Consent / Opt-Out Operations | privacy@nodefox.ai |
| Legal | legal@nodefox.ai |
Mailing Address: NodeFox LLC, PO Box 1667, Ross, CA 94957, United States
EU Representative: Euverify Ltd (Ireland), Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23 AT2P, Ireland. gdpr@euverify.com
UK Representative: Euverify Ltd (UK), 3rd Floor, 86-90 Paul Street, London EC2A 4NE, United Kingdom. gdpr@euverify.com
NodeFox does not guarantee response times unless expressly agreed in writing.
Cookie Quick Reference
| Action | How To |
|---|---|
| Manage cookie preferences | Cookie banner or website footer ("Cookie Settings") |
| Clear cookies | Browser settings → Clear browsing data |
| Clear local storage/IndexedDB | Browser settings → Clear site data (or developer tools) |
| Block third-party cookies | Browser settings → Cookies |
| Enable Global Privacy Control | Use supported browser or extension |
| Unsubscribe from marketing emails | Unsubscribe link in email |
| Contact us | privacy@nodefox.ai |
Third-party opt-out tools are provided by the respective third parties and may change; availability is not guaranteed by NodeFox.
© 2025–2026 NodeFox LLC. All rights reserved.