Privacy Policy

Feednode ("Feednode", "we") is operated by Reikalai ir dalykai, MB — a small partnership (mažoji bendrija) registered in the Republic of Lithuania, company code 306672029, VAT code LT100019039315, registered address Bažnyčios g. 3-3, Jokūbavo k., LT-97210 Kretingos r., Lithuania. We are the data controller for personal data processed in connection with your use of the Service. For any privacy-related question, email [email protected].

Account data. When you sign in with Google we receive your email address, your name as returned by Google Identity Platform, and a persistent user identifier (UID). We do not receive or store your Google password.

Workspace data. The product catalog data you connect or upload ("Customer Content"). This is stored in Google Cloud Storage (GCS) in EU region europe-west1 and processed solely to operate the Service. We do not mine, profile, or resell Customer Content.

Operational data. Job status, error logs, and anonymised performance telemetry used to keep the Service running. Log entries are retained for up to 30 days.

Communications. Emails you send us or we send you (e.g. job-failure alerts) are retained for the lifetime of your account and up to 12 months after deletion for audit purposes.

We process personal data on the following legal bases: (a) performance of a contract with you (to operate the Service); (b) legitimate interests (to secure and improve the Service, prevent abuse); (c) legal obligation (to retain invoicing records where applicable); (d) consent, where required (e.g. non-essential cookies, if any are added in the future).

All primary data is stored in Google Cloud Platform region europe-west1 (St. Ghislain, Belgium). Transactional emails are sent via Resend in region eu-west-1 (Ireland). Content delivery uses Cloudflare's global edge network; feed content is cached on EU edge nodes with a 1-hour TTL. We do not transfer personal data outside the European Economic Area except to the extent Cloudflare's network routing incidentally terminates TLS at an edge node near the request origin.

We rely on the following sub-processors, all of whom are bound by data processing agreements:

• Google LLC / Google Cloud EMEA Ltd. — hosting (Cloud Run, Firestore, Cloud Storage, Firebase Auth), region europe-west1
• Cloudflare, Inc. — DNS, CDN edge, TLS termination
• Resend, Inc. — transactional email delivery, region eu-west-1

We will notify customers of material changes to this list at least 30 days in advance by email.

If you are in the EEA, UK, or Switzerland you have the right to: access your personal data, correct inaccuracies, request deletion ("right to be forgotten"), restrict or object to processing, and data portability (receive your data in a structured machine-readable format). To exercise these rights, email [email protected]. We respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

We retain Customer Content for as long as your workspace is active. On workspace deletion, Customer Content is removed from Firestore and GCS within 30 days. Operational logs are purged after 30 days. Backup retention may extend these windows by up to 35 days in total.

Transport is TLS 1.2+. Data at rest in GCS and Firestore is encrypted with Google-managed keys. Access to production systems is limited to authorised personnel and is logged. Service accounts use Workload Identity Federation; no long-lived JSON service-account keys exist. Authentication uses Firebase Auth; we never see user passwords.

feednode.io does not currently use analytics cookies, advertising cookies, or third-party tracking scripts. The application uses strictly necessary cookies and browser storage to maintain your session (Firebase Auth tokens). If this changes, we will update this Policy and seek consent where required.

Feednode is a B2B product not intended for children under 16. We do not knowingly collect data from children.

We may update this Policy. Material changes will be announced at least 30 days before taking effect, via email to the workspace admin email on file. The "last updated" date at the top of this page always reflects the current version.

Controller contact: [email protected]. A formal Data Protection Officer is not currently required by the criteria in GDPR Art. 37, but we act as a point of contact for all privacy-related correspondence.