🔬Beta

We're in beta — products are not yet available for purchase.

Privacy Policy

Last Updated: December 21, 2024

Privacy-First. No Tracking. No Ads.

Our Privacy Promise

Nodus is built on a foundation of privacy and security. We believe your data belongs to you—not to us, not to advertisers, not to anyone else.

No Tracking
We don't track your behavior or build profiles
End-to-End Encryption
Your vault data is encrypted on your device
No Ads
Subscriptions fund us, not your data

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address (for authentication and communication)
  • Subscription tier (Free, Pro, Team, Ultimate)
  • Account creation date
  • Last login timestamp

Payment Information

Payment processing is handled by Stripe. We do NOT store your credit card information. Stripe collects:

  • Billing name and address
  • Payment method details (stored by Stripe, not us)
  • Transaction history

See Stripe's Privacy Policy

Encrypted Vault Data

Your passwords, secrets, and sensitive data are encrypted before leaving your device:

  • Vault contents (passwords, notes, files)
  • Master password (NEVER stored—we cannot decrypt your vault without it)
  • Sync metadata (last modified timestamps)

Zero-Knowledge Encryption: We use end-to-end encryption. Even if our servers were compromised, your vault data remains encrypted and unreadable.

Usage Data (Minimal)

We collect minimal technical data to operate the service:

  • Feature usage (e.g., number of passwords stored, OSINT searches performed)
  • Error logs (to fix bugs and improve reliability)
  • Device type and OS version (for compatibility)

We do NOT track which specific websites you save passwords for, what you search for, or any behavioral analytics.

OSINT Research Data

When you use OSINT tools, searches are processed server-side to aggregate public data. We temporarily log search queries for:

  • Rate limiting and abuse prevention
  • Service improvement

Search logs are anonymized and deleted after 30 days.

2. How We Use Your Information

We use collected information ONLY to:

Provide the Service: Authentication, data sync, feature access
Process Payments: Billing, subscription management, refunds
Communicate: Account updates, security alerts, support responses
Improve Security: Detect fraud, prevent abuse, fix bugs
Comply with Law: Respond to legal requests (see section 7)

What We DON'T Do:

  • Sell your data to third parties
  • Share data with advertisers
  • Track you across websites
  • Build behavioral profiles
  • Use your data for AI training

3. When We Share Information

We share data ONLY in these limited circumstances:

With Service Providers

  • Stripe: Payment processing (see Stripe's privacy policy)
  • Email Provider (Brevo): Sending authentication emails and notifications
  • Cloud Infrastructure (Turso): Database hosting for encrypted data

All service providers are bound by strict data processing agreements.

With Team Members

If you're part of a Team subscription, team owners and members can see shared passwords and data according to team permissions.

Legal Requirements

We may disclose information if required by law (court order, subpoena, etc.). We will notify you unless legally prohibited.

Business Transfers

If Nodus is acquired or merged, your data may transfer to the new entity. You'll be notified of any changes.

4. How We Protect Your Data

Security is our top priority. We implement industry-leading protections:

End-to-End Encryption
AES-256 encryption for vault data. Encrypted before leaving your device.
TLS/SSL
All data transmission uses HTTPS with TLS 1.3.
Zero-Knowledge Architecture
We cannot decrypt your vault—only you can.
Secure Authentication
Magic links instead of passwords. No password reuse risks.

Your Responsibility

No system is 100% secure. You must maintain independent backups and protect your master password. We are not liable for data loss (see Terms of Service).

5. How Long We Keep Your Data

Active Accounts: Data is retained as long as your account is active.
After Cancellation: We keep your data for 90 days to allow reactivation. After 90 days, it's permanently deleted.
Backups: Deleted data may persist in backups for up to 30 days before complete removal.
Legal Obligations: Some data (invoices, transaction records) must be retained for 7 years for tax/legal compliance.
OSINT Search Logs: Anonymized search logs are deleted after 30 days.

6. Your Privacy Rights

Under GDPR and other privacy laws, you have these rights:

Right to Access: Request a copy of all data we have about you.
Right to Correction: Update incorrect information in your account settings.
Right to Deletion: Delete your account and all associated data anytime.
Right to Export: Export your vault data in JSON format.
Right to Object: Object to processing for marketing (we don't do marketing anyway).
Right to Complain: File a complaint with your data protection authority.

To exercise these rights, email privacy@nodus.com or use the account settings in the app.

7. Law Enforcement Requests

We respect your privacy but must comply with valid legal requests.

Our Policy:
  • We require a valid court order or subpoena before disclosing data
  • We notify users unless legally prohibited (gag order)
  • We provide only the minimum data required by law
  • We publish a transparency report annually
What We Can't Provide:

Because of zero-knowledge encryption, we CANNOT decrypt your vault even if compelled by law. We can only provide: email, subscription status, last login time, and metadata.

8. Cookies and Tracking

We use minimal cookies—only what's essential:

Essential Cookies: Session authentication, security, preferences. Required for the service to work.
NO Analytics Cookies: We don't use Google Analytics, Facebook Pixel, or any tracking scripts.
NO Advertising Cookies: We don't run ads or retargeting campaigns.

You can block cookies in your browser, but some features may not work properly.

9. Children's Privacy

Nodus is not intended for users under 13. We do not knowingly collect data from children. If we discover a child's account, we'll delete it immediately. Parents who believe their child created an account should contact privacy@nodus.com.

10. International Data Transfers

Nodus is operated from Belgium. Your data may be transferred to and stored in:

  • European Union (primary data center)
  • United States (Stripe payment processing)

All data transfers comply with GDPR requirements. Non-EU providers use Standard Contractual Clauses (SCCs).

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect immediately upon posting.

Material changes will be notified via email. Continued use after changes constitutes acceptance. If you disagree, you must stop using Nodus and delete your account.

12. Contact Us About Privacy

Questions about privacy or data protection?

Privacy Email: privacy@nodus.com
Data Protection Officer: dpo@nodus.com
General Support: support@nodus.com
Mailing Address: Nodus, Belgium

Privacy Summary

✓ We Do
  • • Encrypt your vault data end-to-end
  • • Use minimal essential cookies only
  • • Give you full control over your data
  • • Delete data 90 days after cancellation
  • • Fund the service through subscriptions
✗ We Don't
  • • Sell your data to anyone
  • • Track you across websites
  • • Run ads or use ad networks
  • • Build behavioral profiles
  • • Access your encrypted vault

Your privacy is not a commodity. It's a fundamental right.

Terms of ServicePricingHome