This Privacy Policy describes how CTRL NODE ("we", "us") collects, uses and protects personal information when you use our website, hosted control plane and open-source Bridge (the "Service"). We take privacy seriously: the product is explicitly designed so that your operational data stays on your own infrastructure whenever possible.
1. Data we collect
Account data
When you create an account we collect your email address, a hashed password (or your OAuth provider's identifier), your display name and basic organisation information. This is the minimum required to authenticate you and provision your workspace.
Usage and diagnostic data
We collect non-identifying diagnostic data (such as HTTP status codes, response times, feature usage counters and anonymised error traces) to keep the Service reliable and secure.
Agent payloads
CTRL NODE follows a zero-storage principle for agent payloads: the Bridge runs inside your own infrastructure and sensitive prompts, source code and memory are not persisted on our servers beyond what is strictly required to coordinate execution (for example, to route a task between nodes). Completed task outputs that you choose to store are kept inside your workspace, under your control.
2. How we use data
- To operate, secure and improve the Service.
- To authenticate you and protect your account.
- To send essential service messages (security, billing, legal).
- To comply with applicable laws and respond to lawful requests.
We do not sell your personal data and we do not use your prompts, pipelines or task payloads to train machine-learning models.
3. Cookies
The public website and control plane use only the strictly necessary cookies required for authentication and session management. We do not deploy advertising or cross-site tracking cookies.
4. Sharing
We share data only with:
- Infrastructure providers hosting the control plane, under strict data-processing agreements.
- Authorities, when we are legally required to do so.
We never share personal data with third parties for their own marketing purposes.
5. Security
Traffic between the Bridge and the control plane is encrypted in transit (TLS). Secrets are stored using industry-standard encryption at rest. Access to production systems is limited to authorised personnel and logged.
6. Your rights
Depending on your jurisdiction, you may have the right to access, rectify, delete, export or object to the processing of your personal data. You can exercise these rights at any time by writing to info@ctrlnode.ai.
7. Data retention
Account data is retained while your account is active and for a limited period afterwards to satisfy legal obligations. You can delete your account at any time; agent payloads that were only handled transiently are not retained.
8. International transfers
If your data is transferred outside your country of residence, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses) to ensure an equivalent level of protection.
9. Changes
We may update this Privacy Policy to reflect changes in the Service or in applicable law. The revised version is effective when posted at this URL.
10. Contact
For any question related to privacy or data protection, contact us at info@ctrlnode.ai.