1) Overview
This Privacy Policy explains how NodeCrest (“we”, “us”, “our”) collects, uses, and protects personal information when you use our websites, dashboards, and related services (the “Service”).
By using the Service, you consent to the practices described here.
2) Scope
This Policy applies to information we process about account holders, team members, and site visitors. It does not cover third-party services you access via integrations; their privacy practices are governed by their own policies.
3) Data We Collect
- Account Data. Email, username, password hash, linked identity provider IDs (e.g., Discord, Minecraft), plan and billing metadata where applicable.
- Service Usage. Actions in the dashboard, API usage, feature flags, rate-limit counters, error events.
- Logs & Device. IP address, user-agent, timestamps, referrer, and basic request headers for security and diagnostics.
- Support. Messages you send us (e.g., email, forms), attachments you provide, and related context.
- Payments. We rely on a payment processor for card data. We receive limited billing status (e.g., success, last 4 digits, expiry month/year) but not full card numbers.
4) How We Use Data
- Provide, operate, and improve the Service.
- Authenticate users and maintain sessions.
- Prevent abuse, enforce limits, and secure accounts.
- Measure performance and fix bugs.
- Send essential notices about your account, security, or service changes.
- Comply with law and respond to lawful requests.
6) Analytics & Diagnostics
We may record aggregate usage metrics and error reports to understand reliability and performance. We aim to avoid storing more data than needed and to apply retention limits.
7) Emails & Communications
- Transactional. Password resets, sign-in codes, critical service notices. You cannot opt out of strictly necessary transactional emails.
- Announcements. Product updates or tips. You can unsubscribe at any time using the link in those emails.
9) Data Retention
We keep personal data only as long as necessary for the purposes described here, to comply with legal obligations, resolve disputes, and enforce agreements. We apply different retention windows for logs, billing records, and support content based on necessity.
10) Security
We use reasonable technical and organisational measures to protect personal data, including encryption in transit, access controls, and least-privilege practices. No method of transmission or storage is 100% secure.
11) International Transfers
We may process data in countries other than your own. When we transfer personal data, we take steps designed to ensure an appropriate level of protection consistent with applicable law.
12) Your Rights
Depending on your region, you may have rights to access, correct, delete, or export your personal data, and to object or restrict certain processing. You can also withdraw consent where processing is based on consent.
To exercise rights, contact us as described below. We may need to verify your identity before responding.
13) Children
Our Service is not directed to children under the age required by local law to provide valid consent. We do not knowingly collect personal data from such children. If you believe a child provided personal data, contact us and we will take appropriate action.
14) Changes to this Policy
We may update this Policy from time to time. If changes are material, we will provide reasonable notice (for example, via the dashboard or email). Your continued use of the Service after changes take effect means you accept the updated Policy.
15) Contact
Questions or requests? Email [email protected].
16) Definitions
- Personal Data: Any information that identifies or can reasonably be linked to an identifiable person.
- Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
- Service: The websites, dashboards, APIs, and related features provided by NodeCrest.