Privacy Policy

NodeZro.com Ltd (Company No. 13737105) ("NodeZro", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

NodeZro.com Ltd is the data controller responsible for your personal data. Our contact details are:

NodeZro.com Ltd
Company No. 13737105
Email: info@nodezro.com
Website: https://nodezro.com

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

• Request a demo or risk snapshot: Name, email address, company name, job title, phone number, and domain names
• Create an account: Name, email address, password, company information
• Contact us: Name, email address, message content, and any information you choose to provide
• Subscribe to our services: Billing information, payment details, company details
• Use our platform: Configuration settings, user preferences, saved searches and reports

2.2 Information Collected Automatically

When you access our website or services, we automatically collect:

• Device information: IP address, browser type, operating system, device identifiers
• Usage data: Pages visited, time spent, clicks, features used, referral sources
• Location data: General geographic location based on IP address
• Cookies and similar technologies: As described in our Cookie Policy

2.3 Information from Third Parties

We may receive information about you from:

• Public sources: Publicly available internet data for asset discovery purposes
• Analytics providers: Website analytics and usage statistics
• Payment processors: Transaction confirmation and payment status
• Business partners: If you are referred to us or engage through a partner

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract performance: To provide our services and fulfill our contractual obligations
• Legitimate interests: To improve our services, prevent fraud, and ensure security
• Legal obligation: To comply with applicable laws and regulations
• Consent: Where you have given explicit consent for specific processing activities

3.2 Purposes of Processing

We use your information to:

• Provide our services: Deliver asset discovery, risk analysis, and governance tools
• Process transactions: Handle billing, payments, and account management
• Communicate with you: Send service updates, respond to inquiries, provide support
• Improve our platform: Analyze usage patterns, develop new features, enhance user experience
• Marketing: Send promotional materials (with your consent) about our services
• Security: Protect against fraud, unauthorized access, and security threats
• Compliance: Meet legal and regulatory requirements
• Analytics: Understand how our services are used and measure effectiveness

4. How We Share Your Information

We do not sell your personal data. We may share your information with:

4.1 Service Providers

We engage third-party service providers who process data on our behalf:

• Cloud hosting providers: For infrastructure and data storage
• Payment processors: To process subscription payments
• Analytics providers: To analyze website and service usage
• Communication platforms: To send emails and notifications
• Customer support tools: To provide technical assistance

All service providers are bound by data protection agreements and process data only as instructed.

4.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms and Conditions
• Protect the rights, property, or safety of NodeZro, our users, or others
• Prevent fraud or security threats

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity, subject to the same privacy protections.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)
• Data processing agreements with service providers
• Adequacy decisions recognizing equivalent data protection standards

6. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy or as required by law:

• Account data: For the duration of your account plus 6 years for legal and tax purposes
• Customer data: As specified in your subscription agreement, typically with 30-day export period post-termination
• Marketing data: Until you unsubscribe or request deletion
• Website analytics: Typically 26 months
• Transaction records: 6 years for tax and accounting purposes

After the retention period, we securely delete or anonymize your personal data.

7. Your Data Protection Rights

Under UK GDPR, you have the following rights:

7.1 Right of Access

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when data is no longer necessary or you withdraw consent.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

7.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format and transmit it to another controller.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal data properly:

Information Commissioner's Office
Website: https://ico.org.uk
Phone: 0303 123 1113

To exercise any of these rights, please contact us at info@nodezro.com. We will respond within one month of your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access controls: Role-based access, multi-factor authentication, least privilege principles
• Network security: Firewalls, intrusion detection, DDoS protection
• Monitoring: Continuous security monitoring and logging
• Incident response: Procedures for detecting, responding to, and recovering from security incidents
• Regular testing: Penetration testing, vulnerability assessments, security audits
• Employee training: Regular security awareness training for all staff

For more details, see our Security & Trust Center.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

12. Marketing Communications

With your consent, we may send you marketing communications about our services, features, and promotions. You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at info@nodezro.com
• Updating your preferences in your account settings

Note: Even if you opt out of marketing communications, we will still send you essential service-related messages.

13. Automated Decision-Making

Our platform uses automated processing and AI to analyze digital assets and assess risks. However, we do not make solely automated decisions that produce legal effects or significantly affect you without human oversight. Risk assessments and recommendations are tools to support your decision-making, not replace it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our platform

Your continued use of our services after such notification constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NodeZro.com Ltd
Company No. 13737105
Email: info@nodezro.com
Website: https://nodezro.com

This Privacy Policy is effective as of January 2025 and complies with UK GDPR and Data Protection Act 2018.