Privacy Policy
Privacy Policy NodeSource, Inc. Effective Date: May 1, 2025
1. Scope
This Privacy Policy explains how NodeSource, Inc. (“NodeSource,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards information when you:
Visit nodesource.com or any webpage that links to this notice (the “Websites”);
Use our SaaS, on-prem, or downloadable offerings—N | Solid, N | Solid Copilot, N | Sentinel, and related services (the “Products”); or
Communicate with us by email, phone, events, social media, or support tickets.
2. Information We Collect
Category | Examples | Source | Purpose | Retention* |
Account Data | Name, business email, role, billing address | You / reseller | Contract performance, billing, support | Life of contract + 7 yrs (tax & audit) |
Product Telemetry | CPU usage, heap snapshots, stack traces (may include file paths & function names) | Product agent | Service delivery, security alerts, performance optimization | Configurable by customer (default = 13 months) |
AI Interaction Data | Prompts you send to N | Solid Copilot / N | Sentinel and generated suggestions | You (voluntary) |
Website & Marketing | IP address, browser type, referring URL, pages visited | Cookies / logs | Site analytics, fraud prevention | 13 months |
Support & Feedback | Crash dumps, log files, screenshots | You (optional) | Troubleshoot issues | Deleted 30 days after ticket closure |
*We may keep data longer where required by law or to protect our legal rights.
3. How We Use Information (Legal Bases)
Basis | Typical Activities |
Contract | Creating an account, delivering the Products, fulfilling SLAs |
Legitimate Interests | Securing our infrastructure, preventing fraud, improving features, communicating with existing customers |
Consent | Optional marketing emails, beta programs, training AI models (opt-in only) |
Legal Obligation | Tax, bookkeeping, responding to lawful requests |
3-A. Marketing Communications
When you submit a “Contact Us” form, download content, attend a webinar, or sign up for a NodeSource Product trial or Paid service, we may send you product updates, invitations to events, newsletters, or other marketing material.
Legal basis – We rely on:
Consent (EEA/UK/Switzerland and any region that requires an affirmative opt-in for prospects).
Legitimate interests (existing customers or business contacts), balanced against your privacy rights.
Your choices – Every marketing email includes an “unsubscribe” or “manage preferences” link. You can also opt out at any time by emailing privacy@nodesource.com. We honor opt-out requests within 10 business days (U.S.) or without undue delay (EEA/UK).
We do not sell or rent your contact details to third parties for their own marketing. If we co-sponsor an event or webinar, we will tell you at the point of collection if your data will be shared with that partner.
4. Cookies & Analytics
We use only:
Strictly Necessary Cookies – to deliver site functionality and security.
Analytics Cookies – to understand how the site is used (e.g., Google Analytics with IP-anonymization).
When you first visit, a cookie-consent banner lets you accept or adjust preferences. You can also manage cookies via your browser settings or the “Cookie Preferences” link in our footer.
5. International Data Transfers
NodeSource participates in the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the DPF, and the Swiss-U.S. DPF for transfers of personal data from the EEA, UK, and Switzerland to the United States. Where the DPF is unavailable, we rely on the European Commission’s 2021 Standard Contractual Clauses (SCCs) or other approved safeguards.
6. Sharing & Sub-processors
We disclose personal data only to:
Service providers (cloud hosting, customer-success software, email, analytics) bound by written agreements that include confidentiality and data-protection obligations;
Authorized resellers or implementation partners you designate;
Public authorities when legally compelled;
Successor entities in the event of a merger, acquisition, or asset sale (you will be notified of any material change).
A live list of sub-processors appears at nodesource.com/legal/sub-processors and is updated at least 30 days before changes take effect.
7. Security
We apply industry-standard safeguards, including:
TLS 1.2+ encryption in transit;
AES-256 encryption at rest;
Role-based access controls;
Regular vulnerability scanning, penetration tests, and third-party audits;
24 × 7 infrastructure monitoring and incident-response procedures.
8. Use of AI Services: N | Solid Copilot and N | Sentinel
NodeSource’s N | Solid product includes optional AI-powered features—N | Solid Copilot and the N | Sentinel performance assistant—that provide diagnostic insights and code-optimization suggestions by analyzing performance telemetry and, in some cases, customer-provided code.
Data Handling and Privacy Protections
No Retention of Customer Data or Source Code – Data used by N | Sentinel is processed in memory and is never stored or retained by NodeSource or its AI service providers.
Customer-Initiated Data Sharing – Source-code analysis occurs only when you deliberately supply code (either via runtime context or pasted snippets). NodeSource never collects source code autonomously.
Secure, Ephemeral Processing – Profiling data, telemetry, and code snippets are used solely to generate current-session recommendations and are discarded immediately afterward.
No AI-Training Use – Telemetry and source code are not used to train any machine-learning or AI models.
These safeguards ensure you maintain full control over your proprietary information while benefiting from intelligent diagnostics and optimization.
For questions about AI data handling, email privacy@nodesource.com.
9. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
Region | Rights |
EEA / UK / Switzerland | Access • Rectification • Erasure • Restriction • Portability • Objection • Lodge a complaint with a supervisory authority |
California, Colorado, Connecticut, Utah, Virginia | Access • Deletion • Correction • Portability • Opt-out of “sale” or “sharing” of personal data • Limit use of sensitive data |
Other Regions | Rights granted by local law |
Submit requests via privacy@nodesource.com or our online form. We will respond within 30 days for EEA/UK requests and 45 days for U.S. state requests (extensions permitted by law).
Opt-out of marketing emails at any time by clicking the “unsubscribe” link or contacting us.
10. Data Retention
Data Type | Default Retention | Notes |
Website logs & analytics | 13 months | Aggregated thereafter |
Product telemetry (SaaS) | 13 months | Configurable shorter/longer by customer |
Support artifacts | 30 days after ticket closure | Deleted sooner on request |
Contract & billing records | Life of contract + 7 yrs | Legal & accounting |
11. Children
Our Websites and Products are not directed to children under 13 (or 16 in the EEA). We do not knowingly collect such data. If you believe we have inadvertently collected a child’s information, contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced via email to account administrators or a banner on our Websites at least 30 days before they take effect. The “Effective Date” at the top indicates when the latest version became active.
13. Contact Us
Data Protection Team NodeSource, Inc. 2212 Queen Anne Avenue
N 759, Seattle 98109
✉️ privacy@nodesource.com