Privacy Policy
Last updated: April 4, 2026
NodeGarden ("we", "us", or "our") operates the NodeGarden platform, accessible at nodegarden.xyz. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.
We have written this policy to be readable by a human being, not just a lawyer. If something is unclear, please reach out at support@nodegarden.xyz.
1. Who We Are
NodeGarden is an open-source educational platform built to provide free, university-level learning content structured as a knowledge graph. The platform is operated by A. Caramori.
Data controller: A. Caramori Contact: support@nodegarden.xyz
2. What Data We Collect
2.1 Account data
When you create an account, we collect:
- Your name
- Your email address
- Your password (stored as a one-way bcrypt hash — we never store or see your plaintext password)
2.2 Learning activity data
As you use the platform, we record:
- Which tracks you are enrolled in
- Which lessons, modules, and concepts you have marked as complete
- Which exercises you have completed and the answers you submitted
- Which subjects you have marked as interesting
- Your comments on nodes and replies to other users' comments
- Feedback you submit on lessons (e.g. reporting an error or suggesting an improvement)
2.3 Technical data
We automatically collect basic technical information when you use the platform:
- IP address and approximate location (country/region level)
- Browser type and version
- Operating system
- Session identifiers stored in cookies for authentication
- Page views and navigation events (used for debugging and performance monitoring)
2.4 Data we do NOT collect
- We do not collect payment information (NodeGarden is free)
- We do not track you across third-party websites
- We do not sell advertising or build advertising profiles
3. How We Use Your Data
| Purpose | Legal basis | |---------|-------------| | Providing your account and keeping you logged in | Contract (you signed up for the service) | | Saving and displaying your learning progress | Contract | | Showing personalised recommendations (suggested tracks, next lessons) | Contract | | Displaying your comments and contributions to other users | Contract | | Routing your feedback to our content team | Contract | | Monitoring for errors and maintaining platform stability | Legitimate interest | | Complying with legal obligations | Legal obligation |
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
4. Who We Share Your Data With
We do not sell your data. We share it only with the following categories of service providers, under data processing agreements where applicable:
- Hosting provider — the server infrastructure that runs NodeGarden (e.g. Hetzner, DigitalOcean, or similar). Your data is stored in their data centres.
- File storage provider — an S3-compatible provider stores any file attachments (images, PDFs) uploaded as part of course content.
- Email provider — a transactional email provider (e.g. Postmark or Resend) sends account verification and password reset emails.
- Error monitoring — a service such as Sentry may receive anonymised error reports to help us fix bugs.
We will disclose your data to law enforcement or regulatory authorities only when required to do so by applicable law.
5. Cookies
We use a minimal set of cookies:
| Cookie | Purpose | Duration |
|--------|---------|----------|
| _session | Keeps you logged in between visits | Session / 2 weeks |
| CSRF token | Prevents cross-site request forgery attacks | Session |
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. You can disable cookies in your browser, but doing so will prevent you from logging in.
6. Data Retention
We retain your account and activity data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. for tax or fraud prevention purposes).
Content you have contributed (comments, feedback) may be retained in anonymised or pseudonymised form for platform integrity purposes.
7. Your Rights
Depending on your location, you may have the following rights under applicable data protection law (including the GDPR if you are in the EEA or UK):
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure ("right to be forgotten") — ask us to delete your account and associated data
- Restriction — ask us to stop processing your data in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — where we rely on consent, you may withdraw it at any time
To exercise any of these rights, email us at support@nodegarden.xyz. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8. Data Security
We take reasonable technical and organisational measures to protect your data, including:
- Passwords hashed with bcrypt
- HTTPS enforced on all connections
- Database access restricted to application processes only
- Secrets and credentials managed via environment variables, not stored in code
No system is perfectly secure. In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authority as required by law.
9. Children
NodeGarden is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with their data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify registered users by email. Continued use of the platform after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or requests:
Email: support@nodegarden.xyz GitHub: github.com/nodegarden-ai/node_garden