Privacy Policy

Last updated: 2026-06-08

This Privacy Policy explains how NodeKeeper ("we", "us") collects, uses, and protects your personal information when you use our Service. It is part of, and incorporated by reference into, our Terms of Service. Please read carefully.

1. What We Collect

• Account Data: email, username (SRP protocol — **passwords are never transmitted or stored**; we keep only the verifier needed for authentication)
• Payment Data: handled directly by Stripe; **we never see or store your card number**. We retain only Stripe-returned customer_id / subscription_id for order management.
• License Data: SHA-256 hash of your machine fingerprint (non-reversible) and/or IP CIDR you declare
• Usage Telemetry: coarse anonymous data (operation types, client version, login counts) used to improve the product
• Logs: IP address, User-Agent, timestamps for security and abuse prevention (retained 30 days)

2. What We Don't Collect

• Website content / files / databases you host with NodeKeeper
• Specific business data inside databases you manage
• Any runtime data or application logs on your servers
• Raw machine fingerprints (we store SHA-256 hashes only)
• Card numbers, CVV, bank account details (all handled directly by Stripe)

3. Purposes & Legal Bases

We process your data only on the following lawful bases: (a) performance of contract (delivering the Service you purchased, issuing license tokens); (b) legal obligations (tax, anti-money-laundering, recordkeeping); (c) legitimate interests (fraud prevention, service security, product improvement); (d) your consent (marketing emails — revocable any time).

4. Data Storage & Cross-Border Transfer

Our primary database is hosted in Canada (OVH); encrypted fields use AES-256-GCM. Payments are processed by Stripe (US / Ireland). Static assets are delivered via Cloudflare (global edge); edge nodes do not persistently retain sensitive user data. For EU users, cross-border transfers are governed by Standard Contractual Clauses (SCCs).

5. Retention

Data is retained while your account is active. After account closure: personal data is wiped within 30 days; order / invoice / tax records are retained for 7 years (legal obligation); license tokens are kept (pseudonymized) for 1 year for audit; logs are retained 30 days.

6. Cookies & Similar Technologies

The public marketing site sets no cookies. The admin panel uses session cookies for login state (HttpOnly + Secure + SameSite=Lax) — strictly necessary, not used for advertising or tracking. We do not embed third-party tracking cookies (Google Analytics, etc.).

7. Third-Party Data Processors

• Stripe (US / Ireland) — payment processing; data shared: email, order amount, customer_id
• Cloudflare (global) — CDN + DDoS protection; data shared: visit IP, User-Agent (not persistently retained at edge)
• OVH (Canada) — primary database infrastructure; hosts all NodeKeeper business data
• We do not use Google Analytics, Facebook Pixel, ad-tracking, or similar third-party data collection services

8. Your Rights

To the extent permitted by applicable law (GDPR / CCPA, etc.), you have the following rights, which you may exercise any time via [email protected]:

• Right of access: request what personal data we hold about you
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten"): delete account → Settings → Delete account, wiped within 30 days
• Right to data portability: email request, JSON archive within 3 business days
• Right to restriction of processing in specific circumstances
• Right to object to processing based on legitimate interests (including marketing)
• Right to withdraw consent previously given (does not affect processing already done)
• Right to lodge a complaint with your local data protection authority

9. Children's Privacy

The Service is **not directed to children under 16**. We do not knowingly collect personal information from children under 16. If we become aware of inadvertent collection, we will delete it immediately.

10. Data Breach Notification

If a breach affecting your personal data occurs, we will notify affected users by email within 72 hours of confirmation, and report to supervisory authorities as required by applicable law.

11. Changes to This Policy

We may update this Policy with the Service. Material changes will be notified via email or sign-in page; the effective date on this page will be updated. Continued use implies acceptance.

12. Contact Us

Privacy / data protection inquiries: [email protected] · WhatsApp: +81 70-9306-6006 · QQ Service (China): 780281151