- We are a non-custodial validator and infrastructure operator. We do not hold your private keys or your assets.
- We collect only what we need to run the website, the public endpoints and the contact channels — chiefly contact form submissions, server logs, and aggregate analytics.
- We do not sell personal data, we do not buy contact lists, and we do not run third-party advertising trackers.
- You can ask us at any time what we hold, correct it, or delete it by emailing privacy@nodestake.org.
- Some processors (analytics, hosting, email) are based outside the EEA / UK. Where required, transfers are protected by Standard Contractual Clauses or an adequacy decision.
1. Who we are
"NodeStake", "we", "us" or "our" refers to the team that operates the website atnodestake.orgtogether with its public RPC, snapshot, peer, addrbook, relayer and related infrastructure. We are the data controller for personal information processed through the marketing site and its forms. The on-chain validators we operate do not by themselves process personal data.
For any privacy enquiry, contact privacy@nodestake.org.
2. Information we collect
We collect the categories of information described below. We do not knowingly collect "special category" data (health, biometrics, religion, etc.).
2.1 Information you provide directly
- Contact form submissions — name, email address and the free-text message body.
- Email correspondence — anything you send to
hello@,security@,privacy@or any other published address. - Recruitment data — if you apply for a role, the CV, cover letter and equivalent material you choose to share.
- Institutional onboarding — for paid engagements (institutional staking, white-label validator, custom infrastructure) we may collect company name, business contact details and the documents required for KYC / KYB / sanctions screening.
2.2 Information collected automatically
- Server logs — IP address, user-agent, timestamp, request path. Used for abuse mitigation, uptime monitoring and per-IP rate limiting on our public APIs.
- Aggregate analytics — page views, navigation patterns, country-level approximate geography. Collected via Vercel Web Analytics, which is cookie-less and does not build cross-site profiles.
2.3 Public on-chain data
Validator addresses, delegations, votes and signing records on the networks we operate are public on-chain by construction. We do not link wallet addresses to identities you have not given us.
2.4 Information from third parties
For institutional engagements we may receive data from KYC / KYB providers, sanctions screening tools and public business registries to confirm the legitimacy of a counterparty.
3. How we use your information
We process personal data for the purposes below, on the indicated legal basis under the EU GDPR / UK GDPR.
| Purpose | Legal basis |
|---|---|
| Reply to contact form / email enquiries | Pre-contractual measures (Art. 6(1)(b)) / legitimate interest |
| Operate and secure the website and public APIs | Legitimate interest (Art. 6(1)(f)) |
| Negotiate and perform institutional contracts | Performance of a contract (Art. 6(1)(b)) |
| KYC / AML / sanctions screening | Legal obligation (Art. 6(1)(c)) |
| Recruiting and hiring | Pre-contractual measures (Art. 6(1)(b)) |
| Aggregate analytics and product improvement | Legitimate interest (Art. 6(1)(f)) |
| Detect, investigate and prevent abuse or fraud | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal requests, court orders, audits | Legal obligation (Art. 6(1)(c)) |
We do not use personal data for automated decision-making with legal effects.
4. Cookies and similar technologies
Our website uses only the cookies strictly necessary to operate (e.g. session, theme preferences) and the cookie-less analytics described above. We do not run third-party advertising, cross-site tracking or social-media pixels. If we add any non-essential cookies in future, we will request your consent first via a banner.
5. Sharing and sub-processors
We share personal data only with the categories of recipient listed below, and only to the extent strictly necessary.
- Hosting / edge / CDN — Vercel Inc. (US) for site hosting, Vercel Web Analytics for aggregate metrics.
- Form intake — submissions to the contact form are stored in our internal CRM / spreadsheet via a Google Apps Script webhook (Google Workspace, EU / US).
- Email delivery — provider used to send transactional and operational email.
- Recruitment platform — when applicable, the ATS we use to evaluate applications.
- KYC / KYB / sanctions screening — for institutional onboarding only.
- Professional advisers — accountants, lawyers and auditors, under confidentiality.
- Public authorities — only when we are legally compelled by a valid order.
We do not sell, rent or trade your personal data as those terms are defined under the EU GDPR or the California CCPA / CPRA.
6. International data transfers
Some of our processors are located outside the EEA, the UK or Switzerland (notably the United States). Where required, transfers are governed by an adequacy decision (e.g. EU–US Data Privacy Framework where applicable) or by Standard Contractual Clauses adopted by the European Commission, supplemented where necessary by additional technical and contractual measures. You can request a copy of the safeguards we rely on by emailing privacy@nodestake.org.
7. How long we keep your information
- Contact form submissions and correspondence: for the duration of the conversation plus up to 24 months, after which we delete them on request or at next archive cycle.
- Server logs: up to 30 days, then deleted or aggregated.
- Aggregate analytics: up to 12 months, with no individual identifiers.
- Institutional contract records, KYC / AML evidence and accounting books: up to 10 years as required by applicable tax, AML and corporate-records law.
- Recruitment data: deleted within 6 months of the close of a hiring process unless you expressly consent to longer retention for future opportunities.
8. Your rights
Depending on where you are located, you have some or all of the rights below. To exercise any of them, email privacy@nodestake.org from the address you contacted us with. We respond within 30 days, free of charge, unless requests are manifestly unfounded or excessive.
- Access — confirm what we hold and obtain a copy.
- Rectification — correct inaccurate or incomplete data.
- Erasure — ask us to delete data we no longer need.
- Restriction — limit how we process your data while a query is open.
- Portability — receive a structured, commonly-used copy of data you provided.
- Objection — to processing based on legitimate interest, including profiling.
- Withdraw consent — at any time, where processing is based on consent.
- Lodge a complaint with your local supervisory authority (e.g. your national DPA in the EEA, the ICO in the UK, the CPPA in California).
California (CCPA / CPRA): we do not "sell" or "share" personal information for cross-context behavioural advertising. California residents nonetheless have rights of access, deletion, correction and non-discrimination equivalent to those above.
9. Security
We use technical and organisational measures appropriate to the data we process — including TLS in transit, encrypted storage, least-privilege access for staff, hardware-backed authentication on administrative systems, and audit logging. No transmission over the internet is ever 100% secure; if you suspect an issue with our handling of your data, email security@nodestake.org — we respond within 48 hours.
10. Children
The site and our services are intended for users aged 18 and over. We do not knowingly collect personal information from children. If you believe we have done so, please contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. If a change is material, we will announce it on the blog and via the contact channels of any active customers. The current version date is shown at the top of this page.
12. Contact
For any privacy enquiry — including access, correction or deletion requests — write to privacy@nodestake.org. For security-specific disclosures, email security@nodestake.org.
Need our terms of use as well? See /terms.