Privacy Policy
Version 2 - June 16, 2026
Nodevzone Privacy Policy
Version: 1.0
Effective date: June 16, 2026
1. Data controller
The controller of personal data processed in connection with the website https://www.nodevzone.com and the Nodevzone service is:
SAMUM
Zimowa 5/1
05-500 Nowa Iwiczna
Poland
VAT/NIP: PL7321925395
E-mail: hello@nodevzone.com
In this Privacy Policy, SAMUM is referred to as the "Controller", "we", "us", or "Nodevzone".
2. Scope of this Privacy Policy
This Privacy Policy explains how we process personal data in connection with:
- visiting https://www.nodevzone.com;
- using the landing page wizard before logging in;
- creating an account and using the Nodevzone dashboard;
- generating and editing landing pages, linked pages, and e-mail templates;
- uploading photos, graphics, logos, and other materials;
- payments, subscriptions, and billing;
- contact forms, support, and e-mail communication;
- marketing of Nodevzone's own services;
- handling leads collected through pages created by users.
3. Data protection roles
- SAMUM is the controller of data relating to Nodevzone Users, account data, payments, support communication, Nodevzone marketing activities, security logs, and data concerning use of the Service.
- For personal data collected through landing pages owned by a Customer, especially lead data submitted through Customer page forms, the Customer is generally the data controller and SAMUM acts as a processor on behalf of the Customer.
- The Customer is responsible for giving persons submitting forms on the Customer's landing page appropriate information about data processing, obtaining required consents, and ensuring legal bases for processing.
4. Data we process
We may process the following categories of data:
- Account data: first name, last name, e-mail address, secured password, account identifier, account status, account settings.
- Company and billing data: company name, address, VAT/NIP ID, country, invoice data, payment history, plan, subscription status.
- Technical data: IP address, cookie identifiers, session identifiers, device type, browser, operating system, server logs, event dates and times, error information.
- Service usage data: projects, landing page settings, subdomains, domains, page versions, generation history, limits, publication status, click and view information.
- User Content: prompts, business descriptions, offer content, text, photos, graphics, logos, files, marketing materials, form configurations, e-mail templates, generated content and layouts.
- Lead data: data entered by visitors to a Customer landing page, such as name, e-mail address, phone number, message content, form answers, consents, submission date, IP address or IP hash, double opt-in status, and e-mail logs.
- Communication data: support messages, replies, attachments, complaint information, contact history, and communication preferences.
- Marketing data: e-mail address, first name, marketing consents, consent date and source, unsubscribe status, message open and click information, communication preferences.
- Security data: login logs, tokens, password reset data, detected abuse, incidents, blocks, and data needed to protect the Service.
5. Purposes and legal bases
We process personal data for the following purposes:
- Entering into and performing the agreement for use of the Service, including account creation, login, project saving, page publication, dashboard features, and technical support.
Legal basis: Article 6(1)(b) GDPR.
- Handling the wizard before login, reserving a subdomain, saving a draft, and recovering a project.
Legal basis: Article 6(1)(b) GDPR or Article 6(1)(f) GDPR.
- Handling payments, invoices, taxes, accounting, and legal obligations.
Legal basis: Article 6(1)(c) GDPR.
- Generating content, layouts, pages, e-mails, and other elements using AI.
Legal basis: Article 6(1)(b) GDPR and, for Service improvement and security, Article 6(1)(f) GDPR.
- Hosting, displaying, and maintaining landing pages and linked pages.
Legal basis: Article 6(1)(b) GDPR.
- Handling lead forms on Customer pages.
Legal basis for SAMUM as processor: data processing agreement with the Customer; the legal basis for the person submitting a form is determined by the Customer as controller.
- Sending system, technical, transactional, and security messages.
Legal basis: Article 6(1)(b), Article 6(1)(c), or Article 6(1)(f) GDPR.
- Marketing of Nodevzone's own services, newsletter, feature information, promotions, and offers.
Legal basis: consent under Article 6(1)(a) GDPR or legitimate interest under Article 6(1)(f) GDPR where permitted by law.
- Analytics, statistics, Service improvement, feature testing, and troubleshooting.
Legal basis: Article 6(1)(f) GDPR.
- Protection against abuse, spam, phishing, attacks, unauthorized access, and breaches of the Terms.
Legal basis: Article 6(1)(f) GDPR.
- Establishing, pursuing, or defending claims.
Legal basis: Article 6(1)(f) GDPR.
6. Data entered into AI systems
- Content, prompts, business descriptions, photos, graphics, logos, page structures, and other materials submitted to the generator may be processed by AI systems or AI model providers to generate a response, layout, content, code, e-mail, or other output.
- Users should not enter special category data, children's data, medical data, financial data, passwords, secrets, API keys, payment card details, or data they are not entitled to process.
- If a User uploads photos of persons, the User should have an appropriate legal basis, including consent to use the image where required.
- AI outputs may be stored in a project, technical logs, or generation history to enable use of the Service, debugging, and Service improvement.
7. Recipients of data
Data may be disclosed to the following categories of recipients:
- hosting, cloud infrastructure, database, and file storage providers;
- e-mail, transactional, and marketing message providers;
- payment operators, banks, and settlement providers;
- AI tool and automated content generation providers;
- analytics, error monitoring, logging, and security providers;
- customer support, CRM, and communication tool providers;
- accountants, tax advisers, legal advisers, and auditors;
- public authorities where required by law;
- the Customer, where data concerns leads collected through the Customer's landing page;
- other entities where necessary to perform an agreement, protect rights, or meet legal obligations.
8. Transfers outside the EEA
- Some technology providers may process data outside the European Economic Area.
- In such cases, we use mechanisms required by the GDPR, in particular adequacy decisions, standard contractual clauses, supplementary safeguards, or other permitted transfer mechanisms.
- A User may contact us to obtain information about transfer safeguards, to the extent allowed by law and agreements with providers.
9. Retention periods
- Account data is retained for the duration of use of the Service and then for the period required for billing, claims, security, and legal compliance.
- Billing and invoice data is retained for the period required by tax and accounting laws.
- Project, landing page, version, content, and file data is retained for the active account or project period and, after deletion, for the time necessary for backups, security, billing, and claims.
- Lead data is retained according to Customer settings and the duration of use of the Service, unless law, security, or claims require longer retention.
- Marketing data is retained until consent is withdrawn, an objection is raised, the person unsubscribes, or the marketing purpose ends.
- Technical and security logs are retained for a period justified by security, diagnostics, abuse prevention, and claims.
- Backups may be retained for an additional technical period and then overwritten or deleted according to backup procedures.
10. Rights of data subjects
Data subjects have rights under the GDPR, including:
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restriction of processing;
- the right to data portability;
- the right to object to processing based on legitimate interest;
- the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal;
- the right to lodge a complaint with a supervisory authority.
In Poland, the supervisory authority is the President of the Personal Data Protection Office.
To exercise rights, contact SAMUM at hello@nodevzone.com.
11. Lead data from Customer landing pages
- If you submit a form on a landing page created by one of our Customers, that Customer is usually the controller of your data and SAMUM processes the data as a technology provider.
- In that case, questions about processing purposes, marketing, offers, consent, deletion, or exercising rights should first be directed to the owner of the landing page.
- We may assist with such requests where we can identify the Customer and data and where permitted by law and the processing agreement.
12. Cookies and similar technologies
- The Service may use cookies, local storage, session storage, pixels, device identifiers, and similar technologies.
- These technologies may be used to:
a. make the website and login work;
b. maintain sessions;
c. remember settings;
d. secure the Service;
e. perform analytics and usage measurement;
f. handle payments;
g. perform marketing where the User has given required consent.
- Essential cookies may be used without consent where necessary to provide a service requested by the User.
- Analytics or marketing cookies that are not essential are used in accordance with applicable law and consent settings.
- Users can manage cookies in browser settings. Restricting cookies may affect the operation of the Service.
13. E-mail communication
- We may send technical, system, transactional, and security messages without separate marketing consent where necessary to perform an agreement or protect an account.
- Marketing messages are sent in accordance with applicable laws, in particular after obtaining required consent or on another permitted legal basis.
- A User may withdraw marketing consent or unsubscribe from marketing communication through a link in a message or by contacting hello@nodevzone.com.
14. Security
- We use technical and organizational measures intended to protect data against unauthorized access, loss, destruction, alteration, or disclosure.
- These measures include access control, transmission encryption, authentication mechanisms, event logging, backups, monitoring, and permission restrictions.
- No system is completely risk-free. Users should protect login credentials, use strong passwords, and not share access data with third parties.
15. Children
The Service is not directed to children. Persons who, under the law of their country, cannot independently enter into an agreement or consent to data processing should use the Service only with consent and supervision of a legal guardian, where permitted by law.
16. Automated decisions
We may use automated mechanisms supporting security, abuse detection, limits, content generation, and Service personalization. We do not make decisions producing legal effects or similarly significant effects concerning a User solely by automated means unless clearly indicated and permitted by law.
17. Changes to this Privacy Policy
- We may update this Privacy Policy if the Service, laws, technologies, providers, processing purposes, or processing organization change.
- We will inform Users about material changes through the Service, by e-mail, or in another appropriate way.
- The current version of the Privacy Policy is available on the Nodevzone website or in the Service dashboard.
18. Contact
For privacy and personal data matters, contact us:
SAMUM
Zimowa 5/1
05-500 Nowa Iwiczna
Poland
E-mail: hello@nodevzone.com
Website: https://www.nodevzone.com