Skip to main content
NODERAN
Back to Home

Privacy Policy

Last updated: May 18, 2026

1. Introduction

At Noderan ("we", "our", or "us"), we are committed to protecting the privacy and security of our users' data. This Privacy Policy describes how we collect, process, store, and safeguard your information when you use our AI-powered automation platform and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with these terms, please discontinue use of the Service immediately.

2. Data We Collect

We collect information necessary to provide, improve, and personalise our Service. The categories of data we may collect include:

  • Account Information: Name, email address, password (hashed), and profile picture when you register.
  • Usage Data: Pages visited, features used, agent execution logs, credit consumption records, and timestamps.
  • Configuration Data: Agent definitions, workflow configurations, and integration credentials you choose to store.
  • Technical Data: IP address, browser type, operating system, device identifiers, and crash reports.
  • Payment Data: Billing address and payment method details processed securely by our payment provider (Iyzico). We do not store raw card numbers.

3. How We Use Data

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Authenticate users and maintain session security via Firebase Authentication.
  • Process payments and manage your credit balance.
  • Send transactional notifications (run completions, billing receipts, low-credit alerts).
  • Monitor Service health, detect abuse, and prevent fraud.
  • Comply with applicable laws, regulations, and legal obligations.

We do not sell your personal data to third parties for advertising purposes.

4. AI Data Processing

AI Inference Policy

Noderan utilises advanced AI models to execute automation tasks. By using our Service, you acknowledge and agree that:

  • Input Data: Prompts, files, and configurations you provide to agents may be processed by our AI inference engine to generate outputs.
  • No Training on User Data: We strictly do not use your proprietary business data or customer data to train our foundational models without your explicit, written consent.
  • Ephemeral Processing: Data processed during an agent run is transient and retained only for the duration necessary to complete the task and provide execution logs, after which it is handled per our retention schedule.
  • Sub-Processors: We may route inference requests through third-party AI providers (e.g., Anthropic, Google Gemini, OpenAI) subject to their respective data processing agreements.

5. Third-Party Services

Our Service relies on a curated set of third-party sub-processors to ensure reliability, scalability, and security. Key processors include:

Google Firebase

Authentication, Firestore database, and Cloud Storage. Data is encrypted at rest and in transit.

Workflow Automation

Workflow orchestration for logic execution. All data passing through workflows is secured via TLS 1.3.

Google Cloud Run

Serverless API hosting within the EU (europe-west3 region) ensuring GDPR-compliant data residency.

Sentry

Error monitoring and performance tracking. PII is scrubbed from crash reports before ingestion.

A complete list of sub-processors is available upon request at [email protected].

6. Security

We employ enterprise-grade security measures to protect your data, including:

  • Encryption at rest: AES-256 for all stored data.
  • Encryption in transit: TLS 1.3 enforced on all connections.
  • Access control: Role-based access with mandatory multi-factor authentication for all administrative accounts.
  • Infrastructure compliance: Hosted on SOC 2-compliant Google Cloud infrastructure.
  • Firestore security rules: Privileged fields (credits, plan tier, role) are write-locked to server-side administrative operations only.

Despite our measures, no system is 100% secure. If you discover a vulnerability, please disclose it responsibly to [email protected].

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to our legal retention obligations.
  • Portability: Receive your data in a machine-readable format.
  • Objection / Restriction: Object to or restrict certain types of processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Contact & Data Protection Officer

For privacy-related inquiries, to exercise your data rights, or to contact our Data Protection Officer (DPO), please reach out at:

[email protected]

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification at least 14 days before they take effect.

Get Started Free

Ready to automate?

No credit card required. Your first automation goes live in under 2 minutes.

Start for Freeor book a free demo →