Privacy Policy
Effective date: March 4, 2026 · Last updated: March 4, 2026
Nodereel ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights in relation to it. It applies to all visitors and users of nodereel.com and our related services (collectively, the "Service").
1. Information We Collect
Information you provide directly
- Account data: your name, email address, and password when you register.
- Billing data: payment method details collected and stored by Stripe on our behalf (we never store raw card numbers).
- Content data: product names, descriptions, brand briefs, and other inputs you provide when building workflows.
- Communications: messages you send to our support team.
Information collected automatically
- Usage data: pages visited, features used, workflow executions, job logs, and timestamps.
- Device and log data: IP address, browser type, operating system, and referrer URL.
- Cookies and similar technologies: session cookies and analytics identifiers (see Section 5).
Information from third parties
- If you sign in via a third-party OAuth provider, we receive basic profile data (name, email) from that provider.
- Stripe provides us with payment status, subscription state, and billing events.
2. How We Use Your Information
- To create and manage your account and workspace.
- To execute your workflows and deliver generated content.
- To process billing, manage subscriptions, and send payment-related notifications.
- To send transactional emails (account confirmations, password resets, job completion alerts).
- To send product updates and marketing emails — you can unsubscribe at any time.
- To monitor service performance, detect abuse, and debug issues.
- To improve the Service through aggregated, anonymised analytics.
- To comply with legal obligations and enforce our Terms of Service.
We do not sell your personal data to third parties, and we do not use your workflow content to train AI models without your explicit consent.
3. Third-Party Services
We use the following sub-processors and third-party services. Each has its own privacy policy governing their handling of data:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication & database | Account data, workflow data |
| Stripe | Payment processing | Email, billing details |
| Cloudflare R2 | Video & asset storage | Generated media files |
| Google Gemini | Script & text generation | Product brief content |
| Kling AI | AI video generation | Prompts, persona images |
| Loops | Transactional & marketing email | Email address, name |
| Vercel | Frontend hosting | Request metadata, IP |
We require all sub-processors to handle your data securely and only for the purposes described above.
4. Data Storage and Security
Your data is stored on infrastructure provided by Supabase (PostgreSQL) and Cloudflare R2. All data is encrypted in transit using TLS. Database data is encrypted at rest. We implement access controls, authentication guards, and row-level security to prevent unauthorised access.
While we take security seriously, no system is completely secure. We cannot guarantee absolute security and are not liable for breaches beyond our reasonable control. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.
5. Cookies and Tracking
We use the following types of cookies and similar technologies:
- Essential cookies: Required for authentication and session management. Cannot be disabled.
- Analytics cookies: We use anonymised analytics to understand usage patterns and improve the Service. No personally identifiable information is used for analytics.
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.
6. Data Retention
We retain your account data and workflow history for as long as your account is active. Generated video files stored in Cloudflare R2 may be retained for up to 90 days after generation, or until your account is deleted.
When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance reasons (e.g., billing records for tax purposes, which we retain for up to 7 years).
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Request an export of your data in a machine-readable format.
- Objection: Object to processing of your data for direct marketing or where we rely on legitimate interests.
- Restriction: Request that we restrict processing of your data in certain circumstances.
To exercise any of these rights, email us at privacy@nodereel.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
8. GDPR and CCPA
EEA/UK users (GDPR): Our legal bases for processing are: performance of a contract (account and subscription management), legitimate interests (service improvement, security), legal obligation, and — where required — your consent (marketing communications). You have the right to lodge a complaint with your national data protection authority.
California users (CCPA): We do not sell personal information as defined by the CCPA. California residents may request disclosure of the categories of personal information collected and the purposes for which it is used by contacting us at privacy@nodereel.com.
9. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.
10. International Data Transfers
Your data may be processed in countries other than where you reside, including the United States. Where we transfer data from the EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses or equivalent safeguards. By using the Service, you acknowledge that your data may be transferred and processed internationally.
11. Changes to This Policy
We may update this Privacy Policy periodically. If we make material changes, we will notify you by email or by posting a notice in the dashboard at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.
12. Contact
For privacy-related enquiries, data requests, or concerns, please contact us at: privacy@nodereel.com
For general support: support@nodereel.com