Privacy Policy
Last updated: May 19, 2025
The short version: We collect the bare minimum needed to run the service. No cookies, no emails, no personal data, no tracking. Your wallet pubkey is your identity.
1. What We Collect
To operate Nodius, we process the following data:
| Data | Why | Retention |
|---|---|---|
| Wallet public keys | Authentication & credit balances | While account has credits, then 30 days |
| IP addresses | Rate limiting & abuse prevention | 7 days in logs |
| Request metadata | Billing (credit deductions) & diagnostics | 30 days |
Request metadata means: which RPC method was called, timestamp, response size, and credit cost. We don't log request bodies or full responses.
2. What We Don't Collect
- No names, emails, or phone numbers
- No KYC or identity documents
- No cookies — zero, none
- No browser fingerprinting
- No third-party tracking scripts (no Google Analytics, no Meta pixel, nothing)
- No advertising identifiers
We never have your private keys. Authentication is done via cryptographic signatures — we only see your public key.
3. Analytics
We use Plausible Analytics on our website. Plausible is privacy-focused and EU-based:
- No cookies
- No personal data collection
- No cross-site tracking
- Fully GDPR compliant
- Data stays in the EU
Plausible provides aggregate page view counts and referrer data. It cannot identify individual visitors.
4. How We Use Your Data
Strictly for operating the service:
- Public keys → authenticate requests, track credit balances
- IP addresses → enforce rate limits, block abuse
- Request metadata → deduct credits, debug issues, capacity planning
We don't sell data. We don't share data with third parties for marketing. We don't profile you.
5. Data Storage & Security
Data is stored on infrastructure located in Frankfurt, Germany (EU). We use encryption in transit (TLS) and apply standard security practices to protect stored data.
6. Data Retention
- IP addresses: purged from logs after 7 days
- Request metadata: retained for 30 days, then deleted
- Credit/deposit records: retained while you have an active balance, plus 30 days after expiry for dispute resolution
After retention periods, data is permanently deleted.
7. GDPR — Your Rights
If you're in the EU (or the GDPR applies to you), you have the right to:
- Access — request a copy of data we hold about your public key
- Deletion — request we delete your data (subject to our retention needs for billing disputes)
- Rectification — request correction of inaccurate data
- Portability — receive your data in a structured format
- Object — object to processing (though this may mean you can't use the service)
To exercise any of these rights, email us with the public key associated with your usage.
8. Legal Basis for Processing
Under GDPR, our legal basis for processing is:
- Legitimate interest — rate limiting and abuse prevention (IP addresses)
- Contract performance — billing and credit tracking (public keys, request metadata)
9. Third-Party Services
The only third-party service with any access to visitor data is:
- Plausible Analytics (EU-based, GDPR compliant, no personal data)
We don't use CDNs that log visitor data. We don't embed third-party resources that track users.
10. Changes to This Policy
If we change this policy, we'll update the date at the top. Material changes affecting your data rights will be communicated via on-site notice.
Data requests & questions
Email info@nodius.xyz with your wallet public key. We'll respond within 30 days as required by GDPR.