Last updated:2026-05-24 ·
Data controller:Pol Fernandez (sole proprietor, Spain) ·
Contact:noedeapp@icloud.com
This Privacy Policy explains what personal data Noede collects when you use the Noede desktop application and related services (the "Software"), how we use it, who we share it with, and your rights under the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection law.
1. Data we collect
Account data
Email address
Display name (optional)
Password (stored as a salted hash; we never see your plaintext password)
IP address and approximate location, captured by our hosting provider in standard server logs
Usage data
Credit balance and transaction ledger (purchases, deductions, refunds)
Project and asset metadata (project names, node graphs, generated outputs)
Generated assets (images, videos, 3D meshes, audio) that you create using the Software
Diagnostic data such as error messages and node-execution status
Payment data
We do not store credit card or bank details. Payments are processed by Stripe, Inc., which collects payment data directly under Stripe's Privacy Policy. We receive only a Stripe customer ID, a checkout-session ID, and the amount/currency of each completed purchase.
Third-party API keys (BYOK)
If you enter your own API keys for providers like Google, Freepik, fal.ai, ByteDance, or Kling, those keys are encrypted with AES-256-GCM on our backend using a server-side master key, and stored in the api_keys collection. They are decrypted only at the moment a node execution needs them.
Prompts and content you submit
When you run a node, the prompt and any input assets are transmitted to the relevant third-party AI provider (Google, OpenAI, ByteDance, Kuaishou/Kling, Freepik, fal.ai, etc.) under that provider's own privacy terms. Noede transmits the request and stores the result; we do not mine, train on, or sell your prompts.
2. Legal bases for processing (GDPR Art. 6)
Performance of a contract — operating the Software, managing your account, processing payments, and delivering generated content.
Legitimate interests — preventing fraud, debugging, securing the service, and improving features.
Consent — for any optional analytics or marketing (none currently enabled).
Legal obligation — compliance with tax, accounting, and consumer protection laws.
3. How we use your data
To create and authenticate your account
To execute the AI workflows you build (forwarding prompts to providers on your behalf)
To deduct credits, refund failed runs, and produce purchase records
To send service emails (account confirmation, password reset, purchase receipts, security notices)
We do not sell your personal data, use it for advertising, or share it with third parties except as described in Section 4.
4. Sharing your data
AI providers — when you run a node, we transmit your prompt and any input assets to the chosen provider so it can generate the output.
Stripe — to process payments.
Hosting / infrastructure — our backend runs on a self-hosted PocketBase instance behind Cloudflare.
Apple, Google, and Microsoft — receive the app binary download requests as part of OS-level update / install flows.
Legal authorities — only when compelled by a valid legal request.
5. Data retention
Account data — kept while your account is active; deleted within 30 days of account closure, except where retention is required by law.
Generated assets — kept on the backend until you delete them or close your account.
Transactions — kept for up to 6 years to comply with accounting and tax obligations.
Server logs — rotated after 90 days.
6. Your rights (GDPR)
You have the right to access, rectify, erase, restrict, object, port, and withdraw consent for our processing of your data. To exercise these rights, email noedeapp@icloud.com. We respond within 30 days. You may also lodge a complaint with the Spanish Data Protection Agency (aepd.es) or your local supervisory authority.
7. Security
Passwords are hashed (bcrypt)
API keys you store are encrypted at rest (AES-256-GCM)
All traffic between the app and our backend goes over HTTPS/TLS 1.2+
Generated assets are stored on a private NAS behind Cloudflare; access requires a valid session token
8. Children
The Software is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have, email noedeapp@icloud.com and we will delete the account.
9. Local storage on your device
The Software stores project files, cached API keys and settings, and auto-update temporary files locally on your device, outside our backend. Uninstalling the Software does not automatically delete these files.
10. Changes to this policy
We may update this policy. Material changes will be announced inside the Software and on the website.