NODEFOX PRIVACY POLICY

Version 1.0 | Effective Date: April 8, 2026 | Last Updated: April 8, 2026

Beta Status Notice: NodeFox is currently provided in beta. Features, behavior, documentation, and controls may change without notice. You must independently validate suitability for your use case and maintain your own safeguards.

---

IMPORTANT PRIVACY NOTICE

THIS PRIVACY POLICY ("POLICY") GENERALLY DESCRIBES HOW NODEFOX LLC ("NODEFOX," "WE," "US," OR "OUR") COLLECTS, USES, DISCLOSES, RETAINS, TRANSFERS, AND PROTECTS PERSONAL INFORMATION WHEN YOU ACCESS OR USE OUR SERVICES.

BY ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY. IF YOU DO NOT AGREE, DO NOT USE THE SERVICES.

THE SERVICES ARE IN BETA. DATA PRACTICES MAY EVOLVE, FEATURES MAY CHANGE, AND DATA LOSS MAY OCCUR. YOU ARE RESPONSIBLE FOR MAINTAINING YOUR OWN BACKUPS.

THIS POLICY IS A DISCLOSURE DOCUMENT AND DOES NOT CREATE CONTRACTUAL WARRANTIES BEYOND THOSE REQUIRED BY APPLICABLE LAW. THE TERMS OF SERVICE GOVERN THE SERVICE RELATIONSHIP.

CONSUMER PROTECTION NOTICE. Nothing in this Policy excludes or limits any rights you have under mandatory consumer protection laws in your jurisdiction (including the European Union, United Kingdom, and Australia) that cannot be excluded or limited by contract. Any provision that would be prohibited or unenforceable under those laws is limited to the maximum extent permitted, and remaining provisions continue in full force.

---

KEY COMMITMENTS

No AI Model Training. NodeFox does not use your User Content, Input Data, Outputs, or Workflows to train general-purpose AI models. Limited exceptions exist for security, abuse prevention, and operational integrity. Anonymized behavioral signals (not substantive content) may be used for internal operational purposes such as recommendation systems, search relevance, and Workflow suggestion features. Third-party AI providers you connect have their own practices, which may include model training unless you configure opt-outs.

Orchestration Platform. NodeFox is a workflow orchestration platform, not an AI provider. You provide your own API keys. NodeFox acts as a conduit. Once data is transmitted to a third-party provider, their privacy policy governs.

No Sale. We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising.

Usage Data vs. Content. We collect operational Usage Data (execution counts, error rates, resource consumption, recursion depth metrics, execution pattern data) to operate and secure the Services. We do not routinely access your Workflows, prompts, or Outputs for general monitoring, though we may implement automated or manual review mechanisms as necessary to comply with law, enforce our Terms, protect safety, or address abuse.

Global Privacy Control. NodeFox honors GPC signals where required by applicable law and technically feasible. We do not currently sell or share personal data for behavioral advertising.

---

SUMMARY OF KEY PRACTICES

SCREEN PREVIEW (HIGH-RES)

Open the image above for a full-resolution view of the live privacy interface.

---

PART I: INTRODUCTION AND ROLES

SECTION 1. INTRODUCTION AND SCOPE

1.1 About This Policy. This Policy generally describes how NodeFox LLC collects, uses, discloses, retains, transfers, and protects Personal Information when you visit https://www.nodefox.ai (the "Site"), use our platform, use our desktop application if and when made available (the "App"), access our APIs, or otherwise interact with our services (collectively, the "Services"). Actual practices may vary based on features used, configuration choices, development stage, and applicable law.

1.2 Supplemental Agreement. This Policy supplements the Terms of Service at /legal/terms. By using the Services, you agree to both. This Policy does not independently create contractual obligations beyond those required by applicable law; the Terms of Service and Data Processing Agreement govern the contractual relationship.

1.3 Scope. This Policy applies to all users worldwide, including Site visitors, Account holders, Authorized Users, Marketplace Contributors and Purchasers, Enterprise customers, support contacts, and any individuals whose Personal Information we process in connection with the Services.

1.4 What This Policy Does Not Cover. This Policy does not apply to: third-party websites or services; third-party AI providers you connect; Third-Party Services you integrate; practices of other users; or information processed by third parties under their own policies.

1.5 Incorporated Documents. Read this Policy with our: Terms of Service; Cookie Policy (https://www.nodefox.ai/cookies); Data Processing Agreement (https://www.nodefox.ai/dpa); Acceptable Use Policy (https://www.nodefox.ai/aup); and End User License Agreement (https://www.nodefox.ai/eula).

1.6 Order of Precedence. This Policy supplements the Terms of Service. On privacy and data protection matters, the stricter of the two controls (the provision affording greater protection to your Personal Information). On data processing matters, the DPA controls. On all non-privacy matters (liability, arbitration, IP, payments), the Terms of Service control.

1.7 Applicable Law. Where local law imposes additional or different requirements, those requirements apply notwithstanding this Policy.

1.8 Language. English controls over any translation.

---

SECTION 2. DATA CONTROLLER AND PROCESSOR ROLES

2.1 When NodeFox is Controller. NodeFox is a data controller (or "business" under U.S. state laws) for: Account and registration data; billing and payment records; Usage Data and analytics; technical and device information; communications and support interactions; marketing preferences; and security logs.

2.2 When NodeFox is Processor. When you use the Services to process Personal Data on behalf of your own customers or data subjects (e.g., data flowing through Workflows or AI Features you configure), NodeFox acts as processor (or "service provider") and processes data as documented in the Terms of Service and DPA.

2.3 Your Obligations as Controller. When we act as your processor, you remain responsible for: lawful basis; privacy notices to data subjects; consents; responding to data subject requests; data protection impact assessments; legal compliance; and all data you route through Workflows, share via exports, publish to the Marketplace, or transmit to third-party AI providers.

2.4 Third-Party Data Subject Requests. If you are an end-user, customer, or employee of a NodeFox User and wish to exercise privacy rights regarding data processed within their Workflows, contact that User directly (the Controller). NodeFox acts solely as Processor and may not respond to requests from third-party data subjects. Such requests may be rejected or forwarded to the relevant User if reasonably identifiable.

2.5 Organization Administrator Rights. If you access the Services as an Authorized User under an Organization or Team Account, Organization Administrators may access your User Content, view Execution Logs, monitor Usage Data, modify permissions, and export data. NodeFox disclaims liability for such disclosures, which are inherent to B2B provision of the Services.

2.6 Data Processing Agreement. The DPA at https://www.nodefox.ai/dpa applies automatically unless otherwise agreed in writing. Enterprise customers may request a signed DPA at legal@nodefox.ai.

2.7 Contact Information.

2.8 Data Protection Officer. The DPO can be contacted at dpo@nodefox.ai for questions, rights requests, concerns, or processing information inquiries. The DPO operates with appropriate independence.

2.9 EU/EEA & UK GDPR Representatives (Article 27).

EU Representative: Euverify Ltd (Ireland), Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23 AT2P, Ireland. Email: gdpr@euverify.com

UK Representative: Euverify Ltd (UK), 3rd Floor, 86-90 Paul Street, London EC2A 4NE, United Kingdom. Email: gdpr@euverify.com

GDPR Request Portal: https://gdpr.euverify.com/verify/40de1847-966c-42c5-bc95-9ad6c91c3348

---

SECTION 3. DEFINITIONS

"Account" — your user account on the Services. "Aggregated Data" — data aggregated and de-identified such that it is not reasonably likely to identify any individual. "AI Features" — any AI, ML, LLM, NLP, or automated capabilities accessible through the Services, whether via third-party providers (using your API keys) or NodeFox directly (including the Suggest feature). "App" — the NodeFox desktop application, if and when made available. "Authorized Users" — individuals authorized under an organization's Account. "Biometric Information" — data from biological characteristics used to identify an individual. "CCPA" — the California Consumer Privacy Act as amended by the CPRA; "sell," "sale," "share," and "sharing" have the CCPA/CPRA meanings. "Crash Reports" — diagnostic data, memory dumps, stack traces, and error logs automatically generated on crashes or failures. "DPA" — the Data Processing Agreement. "Execution Logs" — records of Workflow execution including times, status, errors, and metadata. "GDPR" — General Data Protection Regulation (EU) 2016/679. "Hosted Services" — cloud-based features, if and when made available. "Input Data" — data you submit to AI Features for processing. "Integration Credentials" — API keys, OAuth tokens, access tokens, refresh tokens, passwords, private keys, or other credentials for third-party integrations. "Marketplace" — the NodeFox marketplace, as it becomes available. "Marketplace Content" — templates, workflows, custom nodes, and other content on the Marketplace. "Outputs" — results, data, content, or materials generated by or through the Services. "Personal Data" / "Personal Information" — any information identifying or reasonably linkable to an identified or identifiable natural person or household, as defined under applicable law; we use the term matching your jurisdiction. "Processing" — any operation on Personal Data, automated or not. "Sensitive Personal Information" — Personal Information revealing racial/ethnic origin, religion, health, sexual orientation, biometrics, genetics, precise geolocation, or other categories defined as sensitive under applicable law. "Services" — all websites, software, applications, APIs, tools, platforms, Marketplace, Hosted Services, App, and related features operated by NodeFox. "Site" — https://www.nodefox.ai and subdomains. "Subprocessor" — a third-party service provider engaged by NodeFox to process Personal Data. "Suggest Feature" — the AI-powered feature that helps guide Workflow creation, enabled by default, operating via your own API keys. "Telemetry" — operational data automatically collected, including execution success/failure, error traces, token counts, recursion depth, execution duration, and performance indicators. "Third-Party Services" — third-party websites, platforms, APIs, integrations, AI providers, or services you access through the Services. "UK GDPR" — the GDPR as incorporated into UK law. "Usage Data" — data about your use of the Services (execution counts, feature utilization, error rates, performance metrics, resource consumption, recursion depth, execution anomaly data, execution patterns, cost/billing signals), excluding substantive User Content and Outputs. "User Content" — any content, data, workflows, configurations, files, or materials you upload, create, submit, or generate. "Workflow" — any automated process, sequence, logic, network, or orchestration created using the Services. "Workspace" — your virtual environment for managing Workflows and configurations.

---

PART II: INFORMATION WE COLLECT

SECTION 4. CATEGORIES OF PERSONAL INFORMATION

4.1 Categories Summary.

Service provider disclosures are not "sales" or "sharing" under applicable privacy laws.

4.2 Sources. We collect from: you directly; automatically via cookies, logs, and Telemetry; third parties (authentication providers, payment processors); and publicly available sources (limited).

4.3 User Content May Contain Personal Information. Depending on your Workflow configurations, User Content may contain third-party Personal Information. You are the controller for such data.

---

SECTION 5. ACCOUNT AND REGISTRATION INFORMATION

5.1 Required. Email address; password (stored hashed only; we cannot retrieve originals); and name.

5.2 Optional. Company name; role/title; industry; intended use cases; referral source.

5.3 Authentication Data. Login timestamps; session tokens; MFA status; OAuth tokens (for Google Sign-In or other providers); and failed login attempts.

5.4 Google Sign-In. We receive name, email, and profile picture (if available) from Google — not your Google password. Governed by Google's Privacy Policy. You may revoke access via Google Account settings.

---

SECTION 6. PRODUCT, WORKSPACE, AND WORKFLOW DATA

6.1 Workflow Configurations. We may process: Workflow graphs, node configurations, Workspace metadata, Workflow names/descriptions, and trigger configurations.

6.2 Execution Data. Execution Logs (start/end times, status, errors); execution metadata; and diagnostic data.

6.3 Input and Output Data. Depending on configuration: Input Data, Outputs (including AI-generated content), and intermediate data.

6.4 Local vs. Hosted Processing. The Services use a local-first architecture. Certain features execute locally via WebAssembly (WASM), with data stored in your browser's IndexedDB, local storage, or Origin Private File System (OPFS). Cloud features (including Hosted Services, if available) transmit data to NodeFox servers and may involve Subprocessors. Even when Workflows execute locally, NodeFox may collect operational Telemetry (execution success/failure, error traces, token counts, resource metrics) for billing, licensing, analytics, and abuse prevention.

6.5 Integration Credentials. Designated Integration Credential fields are encrypted at rest using industry-standard encryption, accessed only to execute your configured integrations, and your responsibility to manage and rotate.

HARDCODED SECRETS WARNING. If you hardcode API keys, passwords, credentials, or Personal Data into plaintext node fields, code nodes, prompt text, Workflow names, comments, or configuration values, that data is treated as standard User Content, may appear in Execution Logs and Telemetry, and will NOT receive encryption protections applied to designated Integration Credential fields. If you share, export, or publish Workflows containing hardcoded secrets, you are solely responsible for any resulting disclosure.

6.6 Uploaded Files. File content and metadata are generally retained until deletion or Account termination, subject to Sections 30–31.

6.7 MCP Translation Data. Open-source components may process Input Data, Integration Credentials, and Workspace metadata for MCP integrations. These components are subject to their own licenses and the same security standards we apply generally, but we cannot guarantee they are error-free. Not used for AI model training.

6.8 Suggest Feature. Enabled by default. Helps guide Workflow creation using AI models via your own API keys. Your Workflow context and prompts are transmitted to your configured third-party AI provider under that provider's privacy policy.

---

SECTION 7. PAYMENT AND BILLING

7.1 All payment processing is handled by Stripe, Inc. NodeFox does not store full card numbers, CVV, or complete billing addresses. Stripe acts under its own privacy policy (https://stripe.com/privacy).

7.2 NodeFox receives from Stripe only: last four card digits; card type; expiration; billing postal code and country; transaction confirmation/amount; payment status; and fraud risk indicators.

7.3 We retain billing records (invoices, amounts, plan history, refunds, credits, disputes) for tax and legal compliance.

---

SECTION 8. USAGE DATA AND ANALYTICS

8.1 Purpose. We may collect Usage Data to: operate and secure the Services; detect uncontrolled recursion, runaway loops, fan-out storms, and execution anomalies; enforce billing and usage limits; monitor threats; develop features; optimize performance; troubleshoot; enforce spend/budget limits; and prevent malicious code execution, SSRF attacks, and unauthorized outbound requests.

8.2 Categories. Usage Data may include: (a) Core Workflow Execution Metrics (such as daily total node executions, average nodes per network run, fastest and slowest execution duration times, success/failure rates, and recursion depth metrics); (b) Resource Consumption & Billing Signals (such as daily total token consumption, and potentially other standard infrastructure metrics like generalized compute time, bandwidth usage, or API call volumes); (c) Feature Utilization Telemetry (we may track high-level telemetry, such as which integrations or node types are utilized, without accessing the substantive content of your configurations); (d) Session and Access Patterns (session duration, login timestamps, and UI navigation paths); (e) Error and Performance Metrics (error rates, latency, Crash Reports, and system health indicators); and (f) Approximate Geolocation (country, region, and city derived from IP address).

8.3 Exclusions. Usage Data excludes: substantive content of User Content, prompts, or Outputs; specific data within Workflows; confidential business information; third-party Personal Data in Workflows; file contents; and prompt text. However, if you hardcode sensitive data into plaintext fields, it may appear in Usage Data and Telemetry.

8.4 Content Access. NodeFox does not routinely access Workflow content for general analytics. We may implement automated or manual review as necessary to: comply with law; enforce Terms; protect safety; address abuse; detect CSAM; or investigate malicious code, unauthorized network activity, or abuse patterns. Any access is event-driven, limited in scope, and not used for general-purpose model development.

---

SECTION 9. TECHNICAL AND DEVICE INFORMATION

9.1 We automatically collect: device type, OS, browser type/version, device identifiers, screen resolution, language, time zone, IP address, ISP, connection type, referring URL, access/error/security/API logs.

9.2 App-Specific. If the App is available and you use it: version, installation date, update history, Crash Reports, and performance metrics. Crash Reports may inadvertently capture snippets of User Content or Integration Credentials active in memory at the time. Used strictly for debugging; we do not intentionally harvest sensitive data from Crash Reports.

9.3 Anti-Fraud Technologies. To protect the platform, enforce rate limits, and prevent bot abuse, NodeFox may use device fingerprinting, canvas hashing, CAPTCHA telemetry, and network telemetry. These are strictly necessary for security, operate independently of marketing cookies, and cannot be opted out of via cookie consent.

---

SECTION 10. COMMUNICATIONS AND SUPPORT

10.1 Support. We collect: communication content, contact info, ticket info, attachments, and resolution information.

SUPPORT SANITIZATION DUTY. Do not include unredacted Sensitive Personal Information, third-party PII, or raw Integration Credentials in support tickets, emails, attachments, or screenshots. NodeFox does not proactively scan or redact inbound support communications. You assume responsibility for sensitive data you inject into support channels.

10.2 Feedback. Feedback, feature requests, bug reports, and survey responses are assigned to NodeFox under the Terms of Service and may be integrated into product roadmaps and engineering systems. Such submissions are exempt from Right to Erasure requests to the extent they do not contain Sensitive Personal Information (Section 31.6). "Training" in retention context means support staff training, not AI model training.

---

SECTION 11. THIRD-PARTY SOURCES

We receive information from: OAuth providers (profile info, tokens, unique ID — not your password); Stripe (transaction confirmations, fraud indicators, dispute notifications, limited payment details); IP geolocation services (approximate location); and publicly available sources (limited).

---

SECTION 12. SENSITIVE PERSONAL INFORMATION

12.1 NodeFox does not intentionally collect Sensitive Personal Information (SSNs, financial account numbers except via Stripe, precise geolocation, racial/ethnic origin, religion, politics, union membership, genetics, biometrics, health, sexual orientation, criminal history, or immigration status).

12.2 If you include Sensitive Personal Information, Integration Credentials, API keys, or trade secrets in User Content, Workflows, support communications, Execution Logs, shared Workspaces, Marketplace submissions, or other submissions, you do so at your own risk. If you share logs, Workspaces, or exports externally, you are responsible for redaction.

12.3 If you process Sensitive Personal Information through Workflows, you instruct NodeFox to process it and are solely responsible for consents, safeguards, legal compliance, and permitted use under our Terms.

---

SECTION 13. INFORMATION WE DO NOT COLLECT

NodeFox does not intentionally collect: government identifiers (SSN, national ID, passport, driver's license, tax ID); biometric data; genetic information; health information; precise geolocation (GPS/location within 1,850 feet); phone numbers (not required; may be provided voluntarily); or date of birth/age (we rely on your representation that you are 18+). These categories may appear incidentally in User Content, support communications, or Crash Reports if you or your Workflows include them.

---

PART III: HOW WE COLLECT AND USE INFORMATION

SECTION 14. HOW WE COLLECT

Directly from you (registration, configuration, uploads, payments via Stripe, support, feedback, Marketplace); automatically (cookies, logs, Telemetry, analytics, anti-fraud technologies, Workflow execution metrics); and from third parties (OAuth providers, Stripe, geolocation services, referral sources, public sources).

---

SECTION 15. HOW WE USE YOUR INFORMATION

15.1 Providing Services. Account creation/maintenance; authentication; Workflow execution; integrations; Marketplace; payments; transactional communications; and support.

15.2 Operating and Improving. Platform stability; bug resolution; capacity planning; Usage Data analysis (not substantive content); feature development; Aggregated Data generation; UX improvement; and A/B testing.

15.3 Clarification. "Improving the Services" means reliability, performance, security, billing, abuse prevention, recommendation systems, search relevance, and Workflow suggestion features via Usage Data and Aggregated Data. NOT training general-purpose AI models on your content (see Section 17).

15.4 Security and Safety. Fraud/abuse prevention; unauthorized access prevention; subscription enforcement; Terms monitoring; incident investigation; detecting runaway loops, fan-out storms, and retry storms; enforcing spend limits; blocking SSRF, malicious code, and unauthorized outbound requests; quarantining malicious content; and protecting rights, property, and safety. NodeFox may provide controls intended to aid in reducing cross-site scripting (XSS) risk and accidental API key leakage, but these controls are not guaranteed to prevent all incidents. You remain responsible for implementing and enforcing your own security controls and credential practices.

15.5 Legal. Legal compliance; responding to authorities; legal claims; Terms enforcement; audit requirements; and contractual obligations.

15.6 Communications. Service notices; support responses; security alerts; policy change notices; and promotional communications (with consent where required).

---

SECTION 16. LEGAL BASES (EEA/UK/SWITZERLAND)

16.1 Applies to EEA/UK/Swiss users. We process only with a valid legal basis.

16.2 Contract (Art. 6(1)(b)). Account management, providing Services, payments, Workflow execution, transactional communications, support.

16.3 Legitimate Interests (Art. 6(1)(f)). Secure/reliable platform; fraud/abuse detection; Usage Data analytics; platform safety for automation/AI features (detecting runaways, enforcing spend limits, blocking malicious activity); UX improvement; Terms compliance; IP protection; business management; and user communications.

16.4 Legal Obligation (Art. 6(1)(c)). Tax/accounting; court orders; regulatory requirements; mandatory reporting.

16.5 Consent (Art. 6(1)(a)). Marketing (where required); non-essential cookies (in the EEA/UK, analytics cookies are set only with consent); surveys; other consent-based processing. Withdraw anytime via privacy@nodefox.ai, unsubscribe links, cookie preferences, or in-app controls. Withdrawal doesn't affect prior lawfulness.

---

SECTION 17. NO AI MODEL TRAINING BY NODEFOX

17.1 Commitment. NodeFox does not use your User Content, Input Data, Outputs, or Workflows to train, fine-tune, develop, or improve general-purpose AI models. Applies to all tiers (Free, Paid, Trial, Enterprise).

17.2 What We Do Not Do. We do not: use your Workflows, prompts, inputs, outputs, or files to train general-purpose AI models; provide your content to third parties for AI training; aggregate user content for AI training; or use your data to fine-tune, distill, or improve language models for general-purpose use.

17.3 Permitted Operational Uses. NodeFox may use limited processing for: (a) security and threat detection; (b) abuse/fraud prevention; (c) anomaly detection (including runaway loops); (d) operational integrity; (e) improving platform features through anonymized behavioral signals excluding substantive content (e.g., recommendation systems, search relevance, Workflow suggestion features); and (f) internal proprietary classifiers solely to detect spam, fraud, CSAM, or network abuse. Internal operational ML on anonymized Usage Data or Aggregated Data (spam filters, anomaly detection, recommendation systems, abuse classifiers) is excluded from the general-purpose prohibition. Internal safety models are never public or used for generative purposes.

17.4 Alignment with Terms of Service. The Terms of Service Section 9.10 contains the canonical no-training statement. To the extent of any conflict, the stricter of the two controls (greater protection against use of your content for AI training).

17.5 Third-Party AI Providers. This commitment applies only to NodeFox. Third-party providers may use your data for training unless you configure opt-outs. Each has different policies. You are responsible for reviewing provider policies, configuring opt-outs, understanding provider retention practices, and ensuring compliance. NodeFox cannot configure opt-outs on your behalf, cannot guarantee deletion at providers, and does not control their training or retention.

---

SECTION 18. AGGREGATED AND DE-IDENTIFIED DATA

18.1 We may aggregate and de-identify Personal Information into Aggregated Data that is not reasonably likely to identify any individual.

18.2 Because Aggregated Data is not Personal Information under applicable law, NodeFox retains the unrestricted right to use, share, license, and commercialize it for any lawful purpose (analytics, product development, research, benchmarking, capacity planning, security analysis, industry reports in non-identifying form), without compensation to you.

18.3 We maintain safeguards against re-identification. Attempts to re-identify are prohibited under the Terms of Service. Methods may evolve and are not guaranteed to eliminate all theoretical re-identification risk.

18.4 Use of Aggregated Data does not constitute ownership over your underlying User Content.

---

PART IV: HOW WE SHARE INFORMATION

SECTION 19. SHARING OVERVIEW

19.1 NodeFox does not sell Personal Information. Does not share for cross-context behavioral advertising. Is not a consumer-facing advertising business.

19.2 Categories. We may share with: service providers/Subprocessors; third-party AI providers you configure; professional advisors under confidentiality; in business transfers; for legal compliance; with consent; as Aggregated Data; and with vendors for abuse detection, billing enforcement, and incident investigation.

19.3 User-Controlled Disclosure. Any disclosure you cause — sharing links, exporting Workspaces/logs, Marketplace publishing, connecting integrations, routing data to AI providers — is user-directed. NodeFox is not responsible for recipients' handling. You are responsible for sanitizing sensitive data before sharing.

---

SECTION 20. SERVICE PROVIDERS AND SUBPROCESSORS

20.1 We share with providers in: cloud infrastructure; security; payment processing; email; analytics; and authentication.

20.2 The current Subprocessor list (names, purposes, locations) is maintained at https://www.nodefox.ai/subprocessors and controls over any examples in this Policy. For DPA customers, change notifications are available per the DPA.

20.3 All providers are contractually: bound to protect Personal Information; prohibited from using it for their own purposes; limited to specified purposes; subject to confidentiality; required to implement security measures; and required to assist with data subject requests where applicable.

---

SECTION 21. THIRD-PARTY AI PROVIDERS

21.1 NodeFox is an orchestration platform, not an AI provider. AI capabilities come from third-party providers you configure with your own API keys.

21.2 You are solely responsible for: obtaining/managing keys; permissions; monitoring usage and costs (including runaway loop risk where fees may accrue rapidly); and complying with provider terms.

21.3 NodeFox acts as conduit. We structure data flow but do not control: provider processing; model behavior; output accuracy; provider retention; provider training practices; or provider downstream use.

21.4 Once transmitted, the provider's policies govern. Third-party providers may retain your data under their own policies. NodeFox cannot guarantee provider deletion or opt-out.

21.5 You are responsible for: reviewing provider policies; configuring opt-outs; preventing sensitive data (including Integration Credentials) from being in prompts/inputs routed to providers; and consequences of provider actions.

21.6 Safety Throttles. NodeFox may implement safety throttles or rate limits against runaway executions but does not guarantee prevention of all unintended spend. You remain solely responsible for monitoring costs.

21.7 Common provider policies: OpenAI (https://openai.com/policies/privacy-policy); Anthropic (https://www.anthropic.com/privacy); Google (https://policies.google.com/privacy). Check current versions.

---

SECTION 22. BUSINESS TRANSFERS

22.1 Personal Information may be transferred in: mergers, acquisitions, asset sales, reorganizations, financings, or bankruptcy.

22.2 We will notify you of material changes as required by applicable law.

22.3 NodeFox will seek to require successors to maintain protections no less protective than this Policy, subject to applicable law. Following transfer, your information may become subject to the acquirer's policy as permitted by law.

22.4 In potential transactions, we may share limited information with acquirers/advisors under confidentiality.

---

SECTION 23. LEGAL REQUIREMENTS AND DISCLOSURES

23.1 We may disclose when necessary to: comply with law; respond to lawful requests (courts, regulators, law enforcement); enforce Terms; or protect rights/property/safety.

23.2 Where legally permitted and appropriate, we may attempt to notify you and limit disclosure. We may comply without notice where prohibited, futile, involving emergencies, or jeopardizing investigations.

23.3 In emergencies involving danger to life or safety, we may disclose without notice or process.

23.4 Transparency. NodeFox may publish transparency information regarding government requests where legally permitted. NodeFox may receive orders prohibiting disclosure of their existence. Current information, if any, at /legal.

---

SECTION 24. MARKETPLACE PRIVACY

24.1 Contributor display names, public profile info, aggregate stats, and descriptions may be visible. Do not include Integration Credentials or Sensitive Personal Information in Marketplace submissions.

24.2 Purchaser identity is not shared with Contributors by default. Exception: NodeFox may disclose Purchaser identity/transaction logs to Contributors where strictly necessary for payment disputes, IP theft claims, chargebacks, or law enforcement.

24.3 Aggregated analytics (downloads, ratings) may be provided to Contributors without identifying individual Purchasers.

24.4 Third-Party Marketplace Content. If you install custom nodes, plugins, or templates from third-party Contributors, they may transmit your data to external servers outside NodeFox's control. NodeFox does not review individual Contributors' privacy practices. You assume full responsibility for auditing third-party component behavior.

---

PART V: COOKIES AND TRACKING

SECTION 25. COOKIES AND TRACKING

25.1 Types. (a) Strictly Necessary: authentication, security, session management, anti-fraud (including device fingerprinting and network telemetry). Cannot be disabled. Basis: contract performance. (b) Functional: preferences and settings. Basis: legitimate interests or consent. (c) Analytics: usage understanding. In the EEA/UK, set only with consent. Basis: consent (EEA/UK) or legitimate interests elsewhere.

25.2 Non-essential cookies are not set before consent where legally required.

25.3 Control cookies via our consent mechanism or browser settings. Disabling may affect functionality.

25.4 Cookie details: https://www.nodefox.ai/cookies.

25.5 Local Storage. We use HTML5 local storage, session storage, IndexedDB, and OPFS for preferences, caching, offline functionality, authentication, and Workflow data storage. NodeFox cannot remotely delete local browser data. Upon Account deletion or erasure request, you are solely responsible for clearing your browser cache, local storage, and application data.

25.6 Pixels. We may use web beacons in emails and on the Site for opens, engagement, conversions, and activity tracking.

---

SECTION 26. DO NOT TRACK AND GLOBAL PRIVACY CONTROL

26.1 DNT. No common standard exists; we do not currently respond to DNT signals.

26.2 GPC. NodeFox honors GPC signals strictly to the extent required by applicable law (including California CCPA/CPRA and Colorado CPA) and where technically feasible. We do not currently sell or share for behavioral advertising. If your jurisdiction does not mandate GPC, NodeFox may treat the signal as a voluntary preference.

26.3 GPC applies to the browser/device sending the signal; may not connect to your Account unless logged in; set on each device separately.

26.4 Headless/API Access. Browser-based privacy signals (GPC, cookies, consent) apply to browser interactions only. Programmatic, headless, or API-based interactions are server-to-server and not subject to browser-based signaling.

---

PART VI: DATA STORAGE, SECURITY, AND RETENTION

SECTION 27. DATA STORAGE AND LOCATION

27.1 Services hosted and data processed primarily in the United States. No guarantee of residency; data may be processed where NodeFox or Subprocessors operate.

27.2 No data residency options outside the U.S. currently offered. If your requirements mandate specific residency, the Services may not be appropriate. You are solely responsible for assessing compliance.

27.3 NodeFox may offer regional options in the future at its discretion.

---

SECTION 28. SECURITY MEASURES

28.1 We implement reasonable administrative, technical, and organizational security measures appropriate to the scale and risk profile of the Services, which may evolve.

28.2 Measures may include: security policies/procedures; employee training; least-privilege access; confidentiality agreements; vendor evaluation; incident response; industry-standard encryption at rest; authentication controls; MFA for internal systems; logging/monitoring; vulnerability management; secure development; and network security.

28.3 No system is completely secure. We cannot guarantee absolute security. Threats evolve. You use the Services at your own risk.

28.4 Certifications. NodeFox is not certified under SOC 2, ISO 27001, or similar frameworks unless explicitly confirmed in writing. Any statements about evaluation or pursuit of certifications are forward-looking, non-binding, and may be abandoned at NodeFox's discretion without liability.

---

SECTION 29. SECURITY INCIDENT RESPONSE

29.1 We maintain incident response procedures to: detect incidents; contain impact; investigate root causes where feasible; attempt to remediate known critical vulnerabilities; notify affected parties as required by law; and document for improvement.

29.2 If we confirm a material security incident involving unauthorized access to your Personal Information, we will notify you as required by applicable law. Information may be provided in phases. Our obligation is limited to the Account's registered email. NodeFox is not responsible for downstream notifications to your customers, clients, or end-users; you assume that responsibility. For processor incidents, notifications follow the DPA.

29.3 Notification does not constitute admission of fault, liability, or waiver of defenses, and shall not be deemed evidence of any vulnerability, breach, or compromise.

---

SECTION 30. DATA RETENTION

30.1 We retain Personal Information as long as necessary for collection purposes, unless law requires longer.

30.2 Retention by Category.

30.3 Data Minimization. NodeFox may prune, truncate, or permanently delete Execution Logs, temporary artifacts, and historical Telemetry at any time without notice. Do not rely on NodeFox as a compliance archive or system of record.

30.4 Data in backups persists until cycled in ordinary course. Complete eradication from all backups is not instantaneous.

---

SECTION 31. DATA DELETION

31.1 Account Deletion. Upon deletion or termination, we take steps as required by law to delete or de-identify Personal Information, except: legally required retention; Aggregated Data; backup data (deleted when cycled); tax/billing records; security/abuse logs; and Feedback (Section 10.2). Deletion processes may take up to 90 days via standard backup cycling. Residual copies may persist in cached or archived systems temporarily.

31.2 Local Data. Data in your browser (IndexedDB, local storage, OPFS) is outside NodeFox's remote control. You must clear it manually.

31.3 Upstream Tokens. We discard stored OAuth tokens and Integration Credentials from active databases on deletion. Refresh tokens may lag naturally. Deleting your NodeFox Account does not automatically sever third-party provider connections. You must revoke NodeFox's access at each provider.

31.4 How to Request. Contact privacy@nodefox.ai; use Account settings deletion; or submit a rights request.

31.5 Verification. We may verify identity before processing.

31.6 Exceptions. We may retain despite a deletion request where: (a) required by law; (b) necessary for legal claims; (c) required for security/fraud/abuse; (d) necessary for billing/tax; (e) required to complete a transaction; (f) Feedback/product contributions (Section 10.2); (g) Account under investigation or data subject to legal hold (retained until resolved); (h) data contributed to shared Organization Workspaces (Section 31.7); or (i) otherwise permitted by law.

31.7 Enterprise/Team Data. Under an Organization Account, your erasure right applies to personal profile metadata. Workflows, logs, configurations, or User Content contributed to shared Workspaces are the Organization's property and responsibility. NodeFox will not delete shared Workspace data for individual Authorized User requests; direct those to your Organization.

31.8 We may anonymize as alternative to deletion. Anonymized data is not subject to deletion requests.

---

PART VII: INTERNATIONAL DATA TRANSFERS

SECTION 32. TRANSFERS

32.1 If you access from outside the U.S., your data transfers to and is processed in the U.S.

32.2 We rely on: Standard Contractual Clauses (SCCs) per Commission Implementing Decision (EU) 2021/914; UK International Data Transfer Addendum; Swiss-appropriate mechanisms; Data Privacy Framework (where certified); and supplementary technical/organizational measures including industry-standard encryption, access controls, monitoring, and incident response. NodeFox has assessed the legal framework in destination countries and implemented supplementary measures where appropriate.

32.3 SCCs are incorporated into the DPA. Module 2 (Controller-to-Processor) where we process on your behalf; Module 1 (Controller-to-Controller) where we are independent controller.

32.4 NodeFox is not certified under the EU-U.S., UK, or Swiss-U.S. Data Privacy Framework unless stated at /legal. Status at that URL controls.

---

PART VIII: YOUR PRIVACY RIGHTS

SECTION 35. OVERVIEW

35.1 Depending on location and law, you may have rights to: access, rectification/correction, erasure/deletion, restriction, portability, objection, automated decision-making protections, consent withdrawal, complaint, and non-discrimination.

35.2 Where this Policy describes rights more broadly than law requires, our obligations are limited to the legal minimum. Nothing here creates obligations beyond applicable law.

35.3 No Charge except where permitted for manifestly unfounded or excessive requests.

35.4 Response Timeframes. 30 days for GDPR (extendable by two months with notice); 45 days for CCPA/CPRA (extendable by 45 days with notice); otherwise as required by law.

---

SECTION 36. RIGHT OF ACCESS

You may request access to your Personal Information. We provide information in commonly used, machine-readable electronic formats (JSON, CSV) when requested electronically. We may withhold: information adversely affecting others' rights; privileged information; trade secrets or proprietary abuse-detection methodologies; internal risk scores, fraud indicators, or security telemetry that would compromise security or interfere with investigations; and information exempt under law.

Synthetic Data. AI Outputs may "hallucinate" data resembling real Personal Information. NodeFox does not index AI Outputs by identity. We are not obligated to fulfill DSARs for hallucinated data in Execution Logs.

---

SECTION 37. RIGHT TO RECTIFICATION

You may request correction of inaccurate or incomplete information. Update directly in Account settings, contact support@nodefox.ai, or submit to privacy@nodefox.ai.

---

SECTION 38. RIGHT TO ERASURE

You may request deletion where: data no longer necessary; consent withdrawn; you object without overriding grounds; unlawful processing; required by law; or other applicable grounds. Subject to exceptions in Sections 30–31.

---

SECTION 39. RIGHT TO RESTRICTION

You may request restriction where: you contest accuracy; processing unlawful but you prefer restriction; we no longer need data but you need it for claims; or objection pending. When restricted, we store but do not process (except with consent or for claims), as required by law.

---

SECTION 40. RIGHT TO DATA PORTABILITY

You may receive your data in structured, commonly used, machine-readable format where required by law and technically feasible. We may transmit directly to another controller where feasible. NodeFox does not guarantee exported data will be formatted for compatibility with any third-party system, competitor, or alternative tool. Portability excludes inferred/derived data and data where transfer would affect others' rights.

---

SECTION 41. RIGHT TO OBJECT

You may object to: legitimate-interest processing (we cease unless compelling grounds override); direct marketing (we cease; no balancing test); and research/statistics. Submit to privacy@nodefox.ai.

---

SECTION 42. AUTOMATED DECISION-MAKING

42.1 NodeFox does not make automated decisions producing legal or similarly significant effects without human involvement. Exception: Automated fraud detection, rate-limiting, and abuse-prevention systems may automatically suspend Accounts, block IPs, or throttle access for anomalous/malicious behavior. These are security measures, not "automated decision-making" subject to human review under applicable law, to the maximum extent permitted.

42.2 If you configure automation (Workflows, AI-generated networks, Suggest-created logic, DSL-generated automation), you are the controller responsible for legal compliance, disclosures, oversight, and data subject rights.

42.3 AI Outputs are tools for your use, not automated decisions by NodeFox about you. May contain hallucinated data (Section 36).

---

SECTION 43. CONSENT WITHDRAWAL

Withdraw via privacy@nodefox.ai, unsubscribe links, cookie preferences, Account settings, in-app controls, or Account deletion. Prospective only; doesn't affect prior lawfulness.

---

SECTION 44. COMPLAINTS

You may lodge complaints with supervisory authorities (EEA: https://edpb.europa.eu/about-edpb/about-edpb/members\_en; UK: ICO, https://ico.org.uk; Swiss: FDPIC, https://www.edoeb.admin.ch). We encourage contacting privacy@nodefox.ai first.

---

SECTION 45. EXERCISING YOUR RIGHTS

Contact: privacy@nodefox.ai (include "Privacy Rights Request" in subject); NodeFox LLC, PO Box 1667, Ross, CA 94957; or GDPR Portal: https://gdpr.euverify.com/verify/40de1847-966c-42c5-bc95-9ad6c91c3348. Some rights exercisable via Account settings.

---

SECTION 46. VERIFICATION

46.1 We verify identity before processing requests. May require account authentication.

46.2 If we cannot verify after reasonable efforts, we will inform you of additional information needed. If you registered with pseudonym, disposable email, or VPN and we cannot verify you, we are not obligated to acquire additional Personal Information for verification, and the request may be denied.

46.3 Good Faith Fulfillment. If NodeFox fulfills a request in good faith based on provided verification but a malicious actor successfully impersonated the requestor, NodeFox shall not be liable for resulting unauthorized disclosure, to the maximum extent permitted by law.

---

SECTION 47. AUTHORIZED AGENTS

You may designate an agent for requests. We may require written authorization, identity verification (yours and agent's), and authority confirmation. Valid power of attorney may suffice. We may contact you directly.

---

SECTION 48. APPEALS

If denied, appeal to privacy@nodefox.ai with "Appeal" in subject. Handled per applicable law. If unsatisfied, file complaint with relevant authority or attorney general.

---

PART IX: JURISDICTION-SPECIFIC RIGHTS

SECTION 49. CALIFORNIA (CCPA/CPRA)

49.1 Applies to California residents. In the preceding 12 months:

49.2 Rights. Know, Delete, Correct, Opt-Out of Sale (we don't sell), Opt-Out of Sharing (we don't share for ads), Limit Sensitive PI Use, and Non-Discrimination.

49.3 Exercise via privacy@nodefox.ai or Section 45 methods. GPC honored per Section 26.2.

49.4 Financial Incentives. We do not offer financial incentives for PI collection/retention/sale. Referral credits or promotional programs, if offered, will be disclosed separately as required.

49.5 We do not knowingly collect PI from California residents under 16.

---

SECTION 50. OTHER U.S. STATES

50.1 NodeFox seeks to comply with applicable state privacy laws, including those of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, New Jersey, Tennessee, Indiana, New Hampshire, Maryland, Minnesota, Nebraska, and other states with comprehensive privacy legislation. Because this list changes, current coverage is at https://www.nodefox.ai/legal/state-privacy.

50.2 Rights generally include: access, correction, deletion, portability, and opt-out of targeted advertising/sale/profiling. Scope varies by state.

50.3 Exercise via privacy@nodefox.ai. GPC honored per Section 26.2. Appeals handled per applicable state law.

50.4 Nevada. We do not sell PI as defined by NRS Chapter 603A.

---

SECTION 51. EEA (GDPR)

NodeFox LLC is controller for processing in this Policy; processor as in Section 2. Rights per Articles 15–22, 7(3), 77. Legal bases in Section 16. Transfers in Sections 32–34. Supervisory authority list: https://edpb.europa.eu/about-edpb/about-edpb/members\_en. EU Rep: Euverify Ltd (Section 2.9). DPO: dpo@nodefox.ai.

---

SECTION 52. UK (UK GDPR)

Rights equivalent to GDPR under UK GDPR and Data Protection Act 2018. ICO: https://ico.org.uk. UK Addendum for transfers. UK Rep: Euverify Ltd (Section 2.9).

---

SECTION 53. SWITZERLAND

Rights under the Swiss FADP. Transfers via SCCs with Swiss modifications. FDPIC: https://www.edoeb.admin.ch.

---

SECTION 54. CANADA

54.1 We comply with PIPEDA and substantially similar provincial legislation to the extent applicable. Rights: access, correction, consent withdrawal, complaints to the Office of the Privacy Commissioner (https://www.priv.gc.ca).

54.2 Quebec Law 25. We comply to the extent applicable. Rights: access, rectification, erasure, complaints to the Commission d'accès à l'information du Québec.

54.3 CASL. Transactional communications as permitted; marketing with consent; unsubscribe anytime.

---

SECTION 55. BRAZIL (LGPD)

Rights under the LGPD: confirm processing, access, correct, anonymize/block/delete, portability, consent deletion, sharing info, deny consent info, withdraw consent, and complain to ANPD (https://www.gov.br/anpd).

---

SECTION 56. AUSTRALIA AND NEW ZEALAND

56.1 Australia. We comply with APPs under the Privacy Act 1988 to the extent applicable. Access, correction, complaints to OAIC (https://www.oaic.gov.au). Nothing excludes Australian Consumer Law rights.

56.2 New Zealand. We comply with Privacy Act 2020 to the extent applicable. Access, correction, complaints to Privacy Commissioner (https://www.privacy.org.nz).

---

SECTION 57. OTHER INTERNATIONAL

57.1 We seek to comply with applicable data protection laws in your jurisdiction, including Japan (APPI), Singapore (PDPA), South Korea (PIPA), India (DPDP Act), South Africa (POPIA), Mexico (LFPDPPP), Thailand (PDPA), and others. Exercise rights via privacy@nodefox.ai. Current jurisdictional provisions at https://www.nodefox.ai/legal/international-privacy.

57.2 EU AI Act. NodeFox monitors the EU AI Act (Regulation 2024/1689) and similar frameworks. NodeFox is an orchestration platform, not an AI provider. We will update practices as required.

---

PART X: SPECIAL CATEGORIES

SECTION 58. CHILDREN'S PRIVACY

58.1 Services for 18+ only. We do not knowingly collect PI from anyone under 18 or market to minors.

58.2 We comply with COPPA by not knowingly collecting from children under 13. Services are not designed for children.

58.3 If we learn we collected PI from someone under 18, we will take commercially reasonable steps to delete as required by law.

58.4 Prohibition. Consistent with the Terms of Service, you are strictly prohibited from using the Services to process, store, or transmit Personal Information of children under 13 (or applicable digital consent age). NodeFox provides a general audience B2B service with no COPPA compliance mechanisms (no verifiable parental consent tools). Do not use the Services for children's data.

---

SECTION 59. BIOMETRIC DATA

59.1 NodeFox does not intentionally collect biometric identifiers or information.

59.2 Zero-Knowledge. If our systems temporarily process images, voice recordings, or files containing biometric characteristics in your Workflows, NodeFox operates with "zero knowledge" of biometric nature. We do not run facial recognition, extract biometric templates, or capture identifiers for our own use. We provide infrastructure for your configured processing.

59.3 You are solely responsible for compliance with all applicable biometric privacy laws (including BIPA, CUBI, Washington state law, and any other applicable laws), including obtaining consents, providing disclosures, and implementing protections.

---

SECTION 60. HEALTH AND GENETIC INFORMATION

60.1 We do not intentionally collect health or genetic information. NodeFox is not HIPAA-covered and not designed for HIPAA-regulated data.

60.2 NodeFox is not designed for state consumer health data laws (Washington My Health My Data Act, Connecticut provisions, or similar). If you process health data through the Services, you are solely responsible for compliance.

---

SECTION 61. PRECISE GEOLOCATION

We do not intentionally collect precise geolocation (GPS/location within 1,850 feet). Approximate location only (country/region/city from IP) for security, compliance, localization, and analytics.

---

SECTION 62. GOVERNMENT IDENTIFIERS

We do not intentionally collect government IDs (SSN, national ID, passport, driver's license, tax ID).

---

PART XI: ADDITIONAL INFORMATION

SECTION 63. THIRD-PARTY LINKS AND SERVICES

63.1 This Policy does not apply to third-party websites (links do not imply endorsement). When connecting Third-Party Services, their policies apply; they may retain your data under their own policies; you are responsible for reviewing.

63.2 Open Source Components. The Services incorporate open-source components (including for MCP integrations) subject to their own licenses and our security standards generally. We cannot guarantee OSS components are error-free. NodeFox is not responsible for OSS vulnerabilities.

---

SECTION 64. COMMUNICATIONS

64.1 Marketing. With consent where required. By creating an Account, you acknowledge we may send service-related emails, feature announcements, and newsletters as permitted by law. Opt out anytime via unsubscribe link, Account settings, or privacy@nodefox.ai.

64.2 Non-Optional. Transactional, service announcement, and legal communications cannot be opted out while maintaining an Account, to the extent permitted by law.

64.3 Delivery. Sent to your Account email. You are responsible for maintaining a current address and ensuring receipt. If notices bounce or are rejected, NodeFox's notification obligations are deemed satisfied to the maximum extent permitted by law. NodeFox has no obligation to locate alternative contact methods.

---

SECTION 65. BETA STATUS AND DATA RISKS

65.1 The Services are in beta (may remain indefinitely). Features may change or malfunction without notice. Beta includes automation, AI, and Workflow features, which may cause unexpected executions, outputs, or costs.

65.2 Heightened risk of data loss, corruption, or unavailability. Data persistence not guaranteed. Logs, exports, shared Workspaces, and Execution Logs may contain sensitive data or Integration Credentials depending on your configuration — you are responsible for what you upload, create, and share.

65.3 You are solely responsible for independent backups. NodeFox is not a backup service.

65.4 To the maximum extent permitted by law and the Terms of Service, NodeFox is not liable for beta-related data loss.

65.5 Privacy Rights and Beta Data Loss. NodeFox may be unable to fulfill DSARs, Right to Know, or portability requests to the extent requested data was inadvertently lost, corrupted, or deleted due to system bugs, infrastructure failures, or beta instability before fulfillment. NodeFox will inform you if this occurs.

---

SECTION 66. CHANGES TO THIS POLICY

66.1 We may update this Policy from time to time.

66.2 For material changes: at least 30 days' advance notice via updated Policy on the Site, email, or in-Service notice. Non-material changes: posted on the Site.

66.3 Continued use after changes constitutes acceptance, except where law requires affirmative consent.

66.4 If you disagree, stop using the Services and request Account deletion.

---

SECTION 67. CONTACT INFORMATION

Mailing: NodeFox LLC, PO Box 1667, Ross, CA 94957, United States

EU/UK Rep: Euverify Ltd — Ireland (Cork T23 AT2P) and UK (London EC2A 4NE). Email: gdpr@euverify.com

Listing contact addresses does not create implied support commitments beyond applicable law.

---

QUICK REFERENCE

---

END OF PRIVACY POLICY

© 2025–2026 NodeFox LLC. All rights reserved.

NodeFox LLC | 2108 N St, Suite N, Sacramento, CA 95816, United States | https://www.nodefox.ai