Privacy Policy
Last Updated: January 25, 2026
Private Node ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our website and managed infrastructure services.
Private Node is a trading name of Twakla Ltd, a company registered in England and Wales (Company No. 15594343). Registered Office: 167-169 Great Portland Street, London, W1W 5PF.
Contents
1. Data We Collect
We collect minimal data necessary to provision and secure your intelligence node:
Identity Data
Names, usernames, job titles, or professional identifiers for admin-level users.
Contact Data
Business email addresses, billing addresses, and telephone numbers.
Financial Data
Payment card details and billing information, processed via PCI-DSS compliant third-party providers (Stripe).
Technical Data
IP addresses, access timestamps, browser type, and device information used strictly for security logging and service delivery.
Usage Data
Information about how you use our website and services, collected via privacy-focused analytics.
2. How We Use Your Data
- To provision and maintain your Private Node infrastructure
- To process payments and manage your subscription
- To provide technical support and respond to enquiries
- To send service-related communications (maintenance notices, security alerts)
- To detect and prevent fraud, abuse, or security threats
- To comply with legal obligations
3. Lawful Basis for Processing
We process your personal data under the following lawful bases:
| Purpose | Lawful Basis |
|---|---|
| Service provision | Performance of contract |
| Payment processing | Performance of contract |
| Security logging | Legitimate interests |
| Marketing communications | Consent (opt-in only) |
| Legal compliance | Legal obligation |
4. Data Storage & Sovereignty
Client Data (Your "Firm Memory")
The documents, datasets, and vectors uploaded to your Private Node are stored on dedicated, single-tenant servers hosted by Hetzner Online GmbH in Germany and Finland (EU). This data remains under your absolute control as the Data Controller. We act strictly as the Data Processor.
Operational Data
Internal records required for service provision (billing, support history) are stored securely within the UK and EEA. We do not transmit client data outside of these jurisdictions.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Client Node data | Deleted within 14 days of contract termination |
| Billing records | 7 years (UK legal requirement) |
| Support correspondence | 3 years from last contact |
| Security logs | 12 months |
| Website analytics | 24 months (anonymised) |
6. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of your personal data.
Right to Rectification
Request correction of inaccurate data.
Right to Erasure
Request deletion of your data ("right to be forgotten").
Right to Restrict Processing
Request limitation of how we use your data.
Right to Data Portability
Receive your data in a machine-readable format.
Right to Object
Object to processing based on legitimate interests.
To exercise any of these rights, please contact us at legal@privatenode.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
7. Cookies & Analytics
We use minimal, privacy-focused tracking:
Umami Analytics
We use Umami, a privacy-focused analytics platform that does not use cookies and does not collect personally identifiable information. All data is anonymised and aggregated.
Essential Cookies
We may use strictly necessary cookies for security purposes (e.g., CSRF protection, session management). These cannot be disabled as they are essential for service operation.
8. Third-Party Processors
We work with the following carefully selected sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Server infrastructure | Germany / Finland (EU) |
| Cloudflare Inc. | CDN, DDoS protection, DNS | Global (EU data centres) |
| Nebius / OpenRouter | AI inference (Zero Data Retention) | EU |
| Stripe | Payment processing | UK / EU |
| Umami | Privacy-focused analytics | EU |
9. International Transfers
We do not transfer your personal data or client data outside of the UK and European Economic Area (EEA). All infrastructure and AI processing occurs within GDPR-adequate jurisdictions. Where any sub-processor operates globally (e.g., Cloudflare), we ensure that data is processed only in EU data centres and that appropriate safeguards are in place.
10. Changes to This Policy
We may update this privacy policy from time to time. Any material changes will be communicated to you via email or through a prominent notice on our website. The "Last Updated" date at the top of this policy indicates when it was last revised.
11. Contact Us
For all privacy-related enquiries or to exercise your rights under UK GDPR, please contact our Data Protection team:
Email: legal@privatenode.uk
Address: Private Node, 167-169 Great Portland Street, London, W1W 5PF
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
