Data Controller
The data controller responsible for your personal data is:
NodeStories sp. z o.o.
Żelazna 51/53, 00-841 Warsaw, Poland
Email: support@nodestories.com
We are the controller of the personal data you provide to us. This Privacy Policy explains how we collect, use, and protect your personal data in connection with our website and software products.
Data We Collect
| CATEGORY | EXAMPLES | SOURCE |
|---|---|---|
| Account Data | Name, email address, password (hashed) | Provided by you |
| Transaction Data | Order ID, product purchased, amount paid, date | Generated on purchase |
| Billing Data | Billing name, country, VAT number (if applicable) | Provided by you |
| Technical Data | IP address, browser type, device type, OS | Collected automatically |
| Usage Data | Pages visited, download activity, session duration | Collected automatically |
| Communications | Support emails, messages you send us | Provided by you |
We do not collect full payment card details. Payments are processed by third-party payment processors who handle card data under their own privacy policies.
How We Use Your Data
- To process and fulfill your orders and deliver purchased software;
- To create and manage your account;
- To send transactional emails (order confirmation, download links, license keys);
- To provide customer and technical support;
- To comply with legal and tax obligations;
- To detect fraud and ensure website security;
- To send marketing communications, only with your explicit consent;
- To analyze and improve our website and products.
Legal Basis for Processing (GDPR Art. 6)
- Contract performance — processing necessary to fulfill your purchase and deliver the Software;
- Legal obligation — processing required to comply with tax, accounting, and legal requirements;
- Legitimate interests — fraud prevention, security, and service improvement;
- Consent — marketing emails and non-essential cookies, where you have opted in.
Data Retention
- Account data — retained for as long as your account is active, plus 1 year after account deletion;
- Transaction and billing records — retained for 5 years to comply with Polish tax law (Ustawa o rachunkowości);
- Support communications — retained for 2 years after the last communication;
- Marketing consent records — retained until you withdraw consent.
After retention periods expire, your data is securely deleted or anonymized.
Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access — request a copy of your personal data we hold;
- Right to rectification — request correction of inaccurate or incomplete data;
- Right to erasure (“right to be forgotten”) — request deletion of your data, subject to legal retention requirements;
- Right to restriction — request limitation of processing in certain circumstances;
- Right to data portability — receive your data in a structured, machine-readable format;
- Right to object — object to processing based on legitimate interests or for direct marketing;
- Right to withdraw consent — withdraw consent for marketing at any time.
To exercise any of these rights, contact us at support@nodestories.com. We will respond within 30 days as required by GDPR. Identity verification may be required.
You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. These include:
- HTTPS encryption for all data in transit;
- Hashed storage of passwords;
- Restricted access to personal data on a need-to-know basis;
- Regular security reviews of our systems.
In the event of a personal data breach that is likely to result in risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.
Children’s Privacy
Our website and products are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it promptly.
California Residents (CCPA/CPRA)
If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to opt out of the sale of personal information (we do not sell personal data), and the right to non-discrimination for exercising your privacy rights.
To exercise these rights, contact us at support@nodestories.com. We will respond within 45 days as required by California law.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or a prominent notice on our website. The “Last updated” date at the top of this page always indicates the most recent revision.
Contact & Data Protection
For any privacy-related questions, requests, or concerns, please contact:
NodeStories sp. z o.o.
Żelazna 51/53, 00-841 Warsaw, Poland
Email: support@nodestories.com
