NodeVault ("Service," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our supply chain risk intelligence platform. Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.
When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your name and email from Google. We do not receive or store your Google password.
Payment processing is handled entirely by Stripe, Inc. We do not receive, store, or have access to your full credit card number, bank account number, or other sensitive payment details. Stripe may share with us a truncated card number (last 4 digits), card type, and billing address for transaction record purposes. Stripe's handling of your payment information is governed by Stripe's Privacy Policy.
The Service allows you to upload CSV files, spreadsheets, and other data containing shipping records, addresses, order information, and logistics data ("User Data"). This data may include business names, physical addresses, shipment volumes, costs, and other supply chain information. You are solely responsible for the content and legality of any data you upload.
We strongly advise that you do not upload data containing personally identifiable information (PII) of individuals, such as Social Security numbers, driver's license numbers, individual consumer names, or personal health information. If you choose to upload data containing PII, you do so at your own risk and are responsible for compliance with all applicable data protection laws.
When you access the Service, we automatically collect certain technical information, including your IP address, browser type and version, operating system, device type, referring URL, pages visited within the Service, time spent on pages, and the date and time of access. This information is collected via server logs and, where applicable, analytics tools.
We use essential cookies to maintain your authenticated session and remember your preferences. We may also use analytics cookies (such as Vercel Analytics or similar services) to understand usage patterns. These analytics tools collect aggregated, non-personally-identifiable usage data. You can disable non-essential cookies in your browser settings, though this may affect certain functionality.
We use the information we collect for the following purposes:
(a) To provide, operate, and maintain the Service, including processing your uploaded data, generating cost estimates, scenario models, and supply chain visualizations; (b) To process payments and manage your subscription; (c) To authenticate your identity and secure your account; (d) To communicate with you about your account, including service announcements, billing notifications, and responses to your inquiries; (e) To improve, personalize, and optimize the Service; (f) To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity; (g) To comply with legal obligations and enforce our Terms of Service.
We do not sell, rent, lease, or trade your personal information or User Data to any third party for marketing purposes. We do not use your User Data to train machine learning models or for any purpose other than providing the Service to you.
We may share your information only in the following limited circumstances:
We share data with third-party providers that help us deliver the Service. These providers are contractually obligated to use your data only for the purpose of providing their services to us and are prohibited from using it for their own purposes. Current third-party providers include:
Stripe, Inc. — Processes payments. Receives your payment method details, billing address, and transaction amounts. Stripe Privacy Policy.
Mapbox, Inc. — Provides geocoding and map visualization. When you upload addresses, they are transmitted to Mapbox's API for geocoding (converting addresses to geographic coordinates). Mapbox Privacy Policy.
Supabase, Inc. — Provides database hosting, authentication, and storage infrastructure. Your account information and User Data are stored on Supabase's infrastructure. Supabase Privacy Policy.
Vercel, Inc. — Provides website hosting and deployment infrastructure. May collect technical information such as IP addresses and usage data. Vercel Privacy Policy.
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service of any change in ownership or use of your information.
We implement commercially reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include encrypted data transmission (TLS/SSL), secure authentication, and access controls.
However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. You acknowledge that you provide your information at your own risk.
In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of discovering the breach, in accordance with applicable law, by email and/or prominent notice on the Service. Such notification will describe the nature of the breach, the data affected, and the steps we are taking in response.
We retain your account information and User Data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will permanently delete your account information and User Data within 30 days, except where we are required to retain certain data by law (for example, financial transaction records may be retained for tax and accounting purposes for up to 7 years).
You may request deletion of your account and data at any time by contacting us at support@nodevault.app. Upon deletion, your data will be permanently removed from our active systems. Residual copies in backups will be purged within 90 days.
Regardless of your location, you have the right to: access the personal information we hold about you; request correction of inaccurate information; request deletion of your account and data; export your User Data in a commonly used format (CSV); and withdraw consent to data processing (which may require closing your account).
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights: the right to know what personal information we collect, use, and disclose; the right to request deletion of your personal information; the right to opt-out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising); and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at support@nodevault.app. We will verify your identity before processing any request.
If you are located in the EEA, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our legal bases for processing are: performance of our contract with you (providing the Service), your consent, and our legitimate interests in operating and improving the Service. For GDPR-related inquiries, contact us at support@nodevault.app.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at support@nodevault.app.
Your information may be transferred to and processed in countries other than the country in which you reside, including the United States. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we and our service providers operate. We take appropriate safeguards to ensure that your information receives an adequate level of protection.
Some web browsers transmit "Do Not Track" (DNT) signals. The Service does not currently respond to DNT signals because there is no industry standard for compliance. We will update this policy if a standard is established.
The Service may contain links to third-party websites or services that are not operated or controlled by us. This Privacy Policy does not apply to third-party sites. We are not responsible for the privacy practices of any third-party website. We encourage you to review the privacy policies of any third-party sites you visit.
We reserve the right to update this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where practicable, notify you by email. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
NodeVault
Email: support@nodevault.app