Privacy

Privacy Policy

Customer data, workspace content, and contact requests deserve a policy that is specific to the product instead of a generic legal page.

Last updated: May 28, 2026
Privacy notice

Privacy Policy

This policy summarizes how Nodetra handles personal data under KVKK Article 10 notice principles and GDPR transparency expectations.

01

Who controls the data?

Nodetra operates a B2B SaaS work management platform. For employee, task, project, document, request, and communication data processed inside a customer workspace, the customer is usually the controller and Nodetra acts as service provider/data processor.

For website forms, sales conversations, support requests, and security inquiries, Nodetra may act as the controller for the limited contact data it receives.

02

What data do we collect?

Account and identity data: name, work email, role, department, and authorization details.

Usage and security data: session records, device/browser details, IP address, audit logs, and security events.

Customer content: tasks, projects, sprints, wiki/document content, files, meetings, messages, and request records.

Contact data: messages and company details shared through demo, sales, support, or security requests.

03

Why do we process data?

To provide the service, manage sessions, enforce workspace permissions, and connect customer content to work records.

To protect the platform, prevent abuse, maintain audit trails, and comply with legal obligations.

To provide support, onboarding, product updates, and contractual communications.

04

How do we protect data?

Data in transit is protected with HTTPS/TLS. Sensitive technical secrets and integration tokens are stored encrypted. Passwords are hashed with bcrypt.

Access controls are enforced by role, tenant, department, and feature permissions. Private docs, search results, and mention surfaces are designed to stay inaccessible unless explicitly authorized.

05

Who do we share data with?

Nodetra may use limited sub-processors to operate the service. This list may vary by enabled integrations.

  • Google LLC - for Google Calendar API integration, with user consent.
  • FormSubmit - for contact form email delivery; form data is sent to formsubmit.co and may involve cross-border transfer.
  • MobilDev Mobile Services - for SMS/OTP and verification messages, if enabled.
  • VPS Hosting Provider - for infrastructure hosting.
  • Domain Registrar - for domain name management.
06

Data subject rights

Under KVKK Article 11 and GDPR Articles 15-22, individuals may have rights to information, access, rectification, deletion, restriction, portability, objection, and rights related to automated decision-making.

Requests related to data inside a customer workspace are usually routed to the relevant customer. Nodetra provides reasonable technical assistance when requested by the customer.

07

Contact

For privacy, data security, or data subject rights questions, contact us at [email protected].