nodn.art

Privacy Policy

Last updated: March 2, 2026

1. Introduction

nodn.art ("the Service") is operated by Risora Naturals, a sole proprietorship registered in Canada. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

2. Data We Collect

Account Data

When you create an account (via Clerk), we receive your name, email address, and profile picture. This data is used to identify your account and personalize your experience.

Usage Data

We record node execution history, credit transactions, and project metadata (titles, timestamps) to operate the Service and maintain your credit balance.

Payment Data

Payments are processed by Creem. We receive order confirmations and transaction references but never store your credit card number or full payment details on our servers.

Automatically Collected Data

We may automatically collect your IP address, browser type, device information, and pages visited for security monitoring and service improvement.

3. Data We Do NOT Collect

  • BYOK API keys — In Bring Your Own Key mode, your API keys are stored exclusively in your browser's localStorage and are never transmitted to or stored on our servers.
  • Generated media — Images, videos, and audio you generate are processed by third-party APIs (Fal.ai, Kie.ai, OpenAI, ElevenLabs). We do not store generated media on our servers.

4. How We Use Data

  • Operating and maintaining the Service
  • Managing your credit balance and processing transactions
  • Communicating with you about your account or the Service
  • Fraud prevention and security monitoring
  • Improving the Service and developing new features

5. Third-Party Services

We use the following third-party services, each governed by their own privacy policies:

  • Clerk — Authentication and account management
  • Supabase — Database and backend infrastructure
  • Creem — Payment processing
  • Fal.ai, Kie.ai, OpenAI, ElevenLabs — AI generation APIs
  • Vercel — Hosting and deployment

6. Data Storage & Security

Account data, credit balances, and cloud project data are stored in Supabase with Row Level Security (RLS) enabled on all tables. Server-side access uses a service-role key that is never exposed to the client. Data is encrypted at rest and in transit. We follow industry-standard security practices to protect your information.

Project Storage

  • Guest users — Projects (up to 3) are stored entirely in your browser's localStorage. We have no access to this data.
  • Signed-in users — Projects (up to 20) are stored in our cloud database. Project data includes workflow graphs (nodes, edges, viewport), configuration settings, and references to generated media URLs.

Generated Media

Images, videos, and audio are generated and temporarily hosted by third-party AI providers (Fal.ai, Kie.ai, OpenAI, ElevenLabs) on their CDN infrastructure. We store only the URL references within your project data — we do not store the media files themselves. Media URLs from Fal.ai are temporary and typically expire within approximately 24 hours.

Export Bundles

When you export a project, the resulting ZIP file is generated in your browser and downloaded directly to your device. Export bundles are not uploaded to or stored on our servers. The bundle contains your workflow data and copies of any media assets that were still accessible at the time of export.

7. Data Retention

We retain your personal data and cloud-stored projects for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Upon deletion, your data will be removed from our active systems within a reasonable timeframe.

Generated media hosted by third-party providers is subject to their own retention policies. Fal.ai media URLs typically expire within approximately 24 hours regardless of your account status. We recommend exporting important projects as ZIP bundles to preserve your work.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Withdraw consent for data processing where applicable

To exercise any of these rights, contact us at support@nodn.art.

9. Cookies & Browser Storage

We use essential cookies provided by Clerk for session management and authentication. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

We also use your browser's localStorage to store user preferences (such as operating mode selection), guest project data, and — in BYOK mode — your third-party API keys. localStorage data remains on your device and is not transmitted to our servers.

10. Children

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will take steps to delete that information.

11. Changes & Contact

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top. Your continued use of the Service after changes constitutes acceptance of the updated policy.

For questions or concerns about this Privacy Policy, contact us at support@nodn.art.