Privacy Policy

Effective date: 2025-09-20

Your privacy matters. This policy explains what information Colanode ("Colanode", "we", "us") collects, how we use it, and the choices you have. It covers the following properties and products:

• Website: colanode.com and subdomains
• Colanode Cloud: our hosted service at app.colanode.com
• Self‑hosted Colanode: software you run on your own infrastructure

Who is the data controller?

For the Website and Colanode Cloud, Colanode is the data controller. For self‑hosted deployments, you (or your organization) are the data controller for any data stored and processed on infrastructure you manage. We do not have access to your self‑hosted data unless you explicitly share it with us for support.

Information we collect

Information you provide to us

• Account information (Cloud): name, email address, password or SSO identifiers.
• Workspace information (Cloud): workspace name, members, roles, and settings.
• Content you create (Cloud): messages, pages, files, database records you upload or create.
• Billing information (Cloud): company details, VAT/Tax IDs, payment method (processed by our payment provider).
• Communications: support requests, feedback, survey responses, and email correspondence.

Information we collect automatically

• Log data: IP address, browser type, device/OS, referring/exit pages, timestamps, and error diagnostics.
• Usage data (Cloud): feature interactions, performance metrics, and aggregate statistics to improve reliability and UX.
• Cookies and similar storage: strictly necessary cookies for authentication and security.

Self‑hosted deployments

When you run Colanode yourself, your data remains on your systems. We do not collect content, usage, or telemetry from self‑hosted instances by default. You may optionally enable update checks or send diagnostics when requesting support. Any such sharing is under your control.

How we use information

• Provide the service: create and manage accounts, authenticate users, operate workspaces, and deliver features.
• Maintain and improve: monitor performance, fix bugs, and develop new capabilities.
• Security: detect, investigate, and prevent fraud, abuse, and security incidents.
• Support: respond to requests and help resolve issues.
• Billing: process payments, invoicing, and account notices.
• Compliance: meet legal, tax, and regulatory obligations.
• Communications: send important service updates; you can opt out of non‑essential messages.

Legal bases (EEA/UK)

• Contract: to provide Colanode Cloud and related services you request.
• Legitimate interests: to secure, maintain, and improve our services.
• Consent: where required (e.g., certain cookies or optional communications).
• Legal obligation: to comply with laws and regulatory requests.

Cookies and analytics

We use strictly necessary cookies to operate the service (e.g., session and CSRF tokens). We do not use advertising trackers or sell your personal information. If we use privacy‑preserving, cookie‑less analytics on our Website, it is aggregated and not used to identify you.

How we share information

We do not sell your personal information. We share data only with:

• Service providers: vendors that process data on our behalf (e.g., hosting, email delivery, payments, support).
• Legal and safety: to comply with law or protect rights, safety, and property.
• Business transfers: as part of a merger, acquisition, or asset sale with appropriate safeguards.

Data retention

We keep personal data only as long as necessary to provide the service and for legitimate business or legal purposes. You can request deletion of your account data. Content deleted by you may persist in backups for a limited time, after which it is purged according to our backup rotation.

Security

We implement administrative, technical, and physical safeguards, including encryption in transit, hardened infrastructure, access controls, and monitoring. No system is perfectly secure; if we learn of a breach, we will notify affected users as required by law.

International data transfers

Where data is transferred internationally, we use appropriate safeguards (for example, Standard Contractual Clauses) and limit access to what is necessary to operate the service.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability. You can exercise these rights by contacting us at hi@colanode.com. You may also lodge a complaint with your local data protection authority.

California residents

We do not sell or share personal information for cross‑context behavioral advertising. You can request access or deletion of your personal information by contacting us. We will not discriminate against you for exercising your rights.

Self‑hosted specific terms

• Your control: Your organization is the controller of data in your self‑hosted deployment.
• No default telemetry: The software does not transmit your content to Colanode by default.
• Support access: If you choose to share logs or data with us for troubleshooting, we will use it only to provide support and delete it when no longer needed.

Children

Colanode is not directed to children under 16. If you believe a child has provided us personal information, contact us and we will take appropriate steps to remove it.

Changes to this policy

We may update this policy from time to time. We will change the effective date above and, if changes are material, we will provide additional notice (e.g., via email or in‑app).

Contact

Questions or requests? Email hi@colanode.com.