Privacy Policy
Printara s.r.o., a company incorporated in the Czech Republic ("we", "us"), is the data controller and operates BlackNode App at app.blacknode.tech ("Service"). This page explains what data we collect, why, where it lives, and how you can delete it. Plain language, no dark patterns. Full operator and registration details are in the Terms of Service.
1. What we collect
- Account — your email (for magic-link sign-in) and a server-side user ID issued by Supabase Auth.
- Workspace metadata — slug, plan, container name, host port, IPRoyal proxy ID, status, timestamps. Stored in
user_workspacesin our Supabase database. - Workspace files — anything you save inside your Docker container's
/workspacevolume. Stored on our Hetzner server (Germany / EU) on disk you own exclusively. - Workspace password — bcrypt hash only. The plain-text password is shown to you once at provision time and never stored server-side.
- Subscription — Stripe customer ID and subscription status. We do not collect, store, process or transmit card data; all payments are handled by Stripe, a PCI DSS Level 1 certified processor, and your card details stay solely with Stripe.
- Operational logs — workspace provision / destroy / restart events (with timestamp, IP for rate limiting, user-agent) stored in
workspace_events. Used for abuse prevention and debugging. - Anonymous analytics — page views and error rates. No third-party trackers, no advertising IDs, no cross-site cookies.
2. What we do NOT collect
- We do not read the contents of your
/workspacevolume. Files live on disk under your container, not in our database. - We do not log your Claude prompts or Claude responses. The
claude loginsession sits inside your container and OAuths directly to Anthropic. - We do not sell your data to anyone, ever.
- We do not train any AI models on your data.
3. Where your data lives
- Supabase (PostgreSQL + Auth + Storage) — EU region. Holds account + workspace metadata + subscription state.
- Cloudflare Pages + R2 — global CDN for the static site. Cookies / sessions are first-party only.
- Hetzner (Germany / EU) — runs your dedicated Docker container and stores its files on local disk.
- Stripe (US, EU subprocessor) — handles billing. We receive only the customer ID, subscription status and invoice metadata.
- IPRoyal — supplies residential proxy IPs. Your traffic through the proxy is not logged by us; IPRoyal's own log policy applies.
- Anthropic — when you run
claude logininside your workspace, your prompts go from your container directly to Anthropic. We are not an intermediary.
4. Retention
Account row and workspace metadata are kept while your subscription is active and for 30 days after cancellation. Workspace files in /workspace are exported to R2 on cancellation and emailed to you for 7 days, then permanently deleted. Operational logs (events) are kept 90 days for security forensics, then deleted.
5. Cookies
Only first-party cookies:
sb-bn-auth— Supabase session (HTTP-only is not possible because we use the JS SDK; we uselocalStorageinstead).bn-theme— your selected theme (cream / dark / system).
Both are strictly necessary (essential) cookies required for the Service to function (keeping you signed in and remembering your theme). Under the ePrivacy Directive (in the Czech Republic implemented by Act No. 127/2005 Coll. on Electronic Communications), essential cookies do not require prior consent, so we do not show a consent banner. We use no analytics, advertising, profiling or cross-site tracking cookies and no third-party trackers.
6. Your rights (GDPR)
If you are in the EU/EEA you have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; and data portability. Send your request from the email you signed up with to privacy@blacknode.tech and we will reply within 30 days, free of charge.
If you believe we have processed your data unlawfully, you have the right to lodge a complaint with your local supervisory authority. In the Czech Republic this is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, uoou.cz).
7. Data deletion
Delete everything: email privacy@blacknode.tech from your sign-up address. Within 30 days we delete your Supabase Auth row, all rows in user_workspaces and workspace_events, all volume data on Hetzner, and your Stripe customer (subscription stays cancelled).
Delete just the workspace: app.blacknode.tech → cog icon → Danger zone → Destroy workspace. The container plus all files are wiped immediately; your account stays.
8. Sub-processors
By signing up you consent to data transfer to our sub-processors: Supabase (Frankfurt, EU), Cloudflare (global CDN), Hetzner (Falkenstein, DE), Stripe (payments; Ireland/EU with onward US transfer under Standard Contractual Clauses), IPRoyal (Lithuania, EU), Anthropic (US, only data you explicitly send via claude login; transfers under Standard Contractual Clauses). Transfers outside the EU/EEA are protected by SCCs as required under GDPR Chapter V. EU/EEA customers can request a copy of our Data Processing Agreement (DPA) by emailing privacy@blacknode.tech.
Note on Anthropic / Claude: when you run claude login, data flows directly from your container to Anthropic under your own Claude subscription and Anthropic's terms; we are not an intermediary and never see those prompts. Anthropic is therefore listed for transparency but is governed by your separate agreement with Anthropic, not by our DPA.
9. Children
Service not intended for users under 16. Do not sign up if you are younger.
10. Changes
We update this page when our practices change. If the change is material we email registered users.
11. Contact (data controller)
Printara s.r.o. (data controller)
Registered seat: Krakovská 583/9, Nové Město, 110 00 Praha 1, Czech Republic
IČO: 24856649 · DIČ: not a VAT payer (neplátce DPH)
Privacy: privacy@blacknode.tech · General: info@blacknode.tech