znode
Sign inGet started
Legal

Privacy policy.

Effective date: 2026-05-05 · Last updated: 2026-05-05

1. Who we are

znode ("znode", "we", "us", or "our") provides a multi-chain blockchain RPC platform (the "Service"), operated by znode labs.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at znode.dev or use the Service. By using the Service you agree to the collection and use of information in accordance with this policy.

2. Information we collect

We collect information in the following categories:

2.1 Account information

  • Name and email address
  • Password (stored as a salted hash; we never see plaintext passwords)
  • OAuth identifiers if you sign in with a third-party provider (e.g. Google)
  • Workspace name and team membership

2.2 Service usage data

  • API key identifiers (we do not log full API keys after creation)
  • RPC request metadata: timestamp, method, response time, status code
  • IP address and approximate geolocation (for security and rate limiting)
  • User-Agent and device information for security purposes

We do not log RPC request bodies, transaction payloads, wallet addresses, or any blockchain-specific data you transmit through the Service. Your blockchain traffic is proxied without inspection beyond what is required to route and rate-limit it.

2.3 Payment information

Payments are processed by Stripe, Inc. We do not receive or store your full payment card details. We retain billing records (amount, currency, date, last four digits, country) as required by tax law.

2.4 Cookies and similar technologies

We use a minimal set of cookies necessary for the Service to function:

  • Session cookies — to keep you logged in (essential)
  • Theme preference — to remember your light/dark mode choice
  • Workspace context — to remember the active workspace

We do not use advertising cookies. Analytics, if enabled, use privacy-respecting alternatives (e.g. Plausible, self-hosted Umami) without cross-site tracking.

3. How we use your information

  • To provide, operate, and maintain the Service
  • To authenticate you and enforce per-account quotas and rate limits
  • To process payments and prevent fraud
  • To send transactional emails (account verification, billing receipts, security alerts)
  • To respond to your support requests
  • To detect, prevent, and respond to security incidents and abuse
  • To comply with legal obligations

We do not sell your personal data, and we do not use your data to train machine learning models.

4. Legal bases for processing (GDPR)

  • Performance of a contract — to deliver the Service you signed up for
  • Legitimate interests — security, fraud prevention, service improvement
  • Legal obligation — tax records, compliance with court orders
  • Consent — for any optional marketing communications, which you can withdraw at any time

5. Sharing your information

We share data only with the following categories of recipients:

  • Sub-processors required to operate the Service: Stripe (payments), our cloud infrastructure provider, our email delivery provider, our error tracking provider.
  • Authorities when required by valid legal process. We will challenge overbroad or improper requests where lawful.
  • Successors in the event of a merger, acquisition, or asset sale, subject to the same protections described here.

A current list of sub-processors is available on request from [email protected].

6. International transfers

Your data may be processed in jurisdictions outside your country of residence. Where required, we rely on Standard Contractual Clauses or equivalent safeguards approved by competent authorities to protect cross-border transfers.

7. Data retention

  • Account data — while your account is active, plus 30 days after deletion
  • RPC usage logs — up to 90 days
  • Billing records — up to 10 years, as required by tax law
  • Security logs — up to 12 months

8. Your rights

Depending on your jurisdiction (in particular, the EU/EEA, UK, and California), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion ("right to be forgotten")
  • Request restriction of processing
  • Receive your data in a portable format
  • Object to processing based on legitimate interests
  • Withdraw consent for processing based on consent
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Security

We protect your data with industry-standard safeguards: TLS 1.3 in transit, encryption at rest, principle of least privilege for internal access, audit logging, and regular dependency review. No system is perfectly secure; if we become aware of a breach affecting your data we will notify you and the relevant authorities as required by law.

10. Children

The Service is not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or an in-Service notice at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent version.

12. Contact

Questions or requests regarding this Privacy Policy: [email protected].