NODEX is a zero-knowledge, end-to-end encrypted mesh communication platform. We are designed from the ground up to collect and retain as little data as possible. Messages are never stored on our servers unencrypted.
1. Who We Are
NODEX is operated by Multiplex LLC, a limited liability company. We provide a peer-to-peer encrypted mesh communication platform accessible at usenodex.com. If you have any questions about this policy, contact us at privacy@usenodex.com.
2. Information We Collect
2a. Information You Provide
- Email address (required for account creation)
- Display name (optional, set by you)
- Password (stored as a salted hash — never in plaintext)
- Billing information (processed by Stripe — we never store card numbers)
2b. Information Collected Automatically
- IP address (used for geo-presence features and security logging)
- Country and region (derived from IP via Netlify edge headers)
- Node activity timestamps (last seen, heartbeat events)
- Usage events (feature usage for plan enforcement and analytics)
- Audit log entries (your own account actions — accessible to you)
2c. Information We Do NOT Collect
- Message content — all messages are end-to-end encrypted and never stored in readable form on our servers
- WebRTC connection data — peer-to-peer connections are direct between devices
- Device fingerprints or tracking cookies
- Third-party advertising data
3. How We Use Your Information
- To provide, maintain, and improve the NODEX platform
- To authenticate your identity and secure your account
- To process subscription payments via Stripe
- To enforce plan limits and feature gates
- To send transactional emails (account verification, billing notifications)
- To comply with legal obligations
- To investigate abuse, fraud, or security incidents
4. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area, we process your personal data under the following legal bases:
- Contract performance — processing necessary to provide the NODEX service you signed up for
- Legitimate interests — security monitoring, fraud prevention, platform improvement
- Legal obligation — compliance with applicable laws and regulations
- Consent — marketing communications, where applicable
5. Data Retention
- Account data is retained while your account is active
- Audit log entries are retained for 90 days (Pro) or indefinitely (Enterprise)
- Free plan message history is retained for 7 days
- On account deletion, all personal data is permanently deleted within 30 days
- Billing records are retained as required by law (typically 7 years)
6. Data Sharing
We do not sell your personal data. We share data only with:
- Stripe — payment processing. Stripe's privacy policy applies to payment data.
- Supabase — database and authentication infrastructure, hosted in the US.
- Netlify — hosting and edge network infrastructure.
- Resend — transactional email delivery.
- Law enforcement — when required by valid legal process.
7. HIPAA
Enterprise plan subscribers may use NODEX for communications that include Protected Health Information (PHI). A Business Associate Agreement (BAA) is available to Enterprise subscribers. NODEX implements the following HIPAA safeguards:
- End-to-end encryption of all communications
- Automatic session timeout (configurable, default 15 minutes)
- Comprehensive audit logging of all access events
- Auto-wipe functionality for inactive data
- Access controls enforced via role-based permissions
8. Your Rights (GDPR and CCPA)
Depending on your location, you may have the following rights:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data (right to be forgotten)
- Portability — receive your data in a machine-readable format
- Objection — object to certain processing activities
- Restriction — restrict processing in certain circumstances
To exercise these rights, use the GDPR Data Controls in your NODEX account settings, or contact privacy@usenodex.com.
9. Cookies
NODEX uses only functional cookies necessary for authentication and session management. We do not use advertising, tracking, or analytics cookies. No third-party cookies are set.
10. Data Transfers
NODEX infrastructure is operated primarily in the United States. If you are located outside the US, your data is transferred to and processed in the US. By using NODEX, you consent to this transfer. We rely on Standard Contractual Clauses where required by GDPR.
11. Children
NODEX is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact privacy@usenodex.com immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the NODEX platform. Continued use of NODEX after changes become effective constitutes acceptance of the updated policy.
13. Contact
For privacy inquiries, data subject requests, or questions about this policy:
- Email: privacy@usenodex.com
- Company: Multiplex LLC
- Platform: usenodex.com