Privacy Policy

1. Who We Are

Typenode, Inc. (“Typenode,” “we,” “us,” or “our”) is a Delaware C Corporation that provides an AI workflow automation platform. We operate two web properties:

• typenode.ai — our marketing website (“Website”)
• app.typenode.ai — our application platform (“Platform”)

This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights and choices available to you. It applies to both the Website and the Platform (collectively, the “Services”).

Typenode acts as the data controller for the personal information described in this policy. When our Platform customers use Typenode to process their own end users’ data through workflows, Typenode acts as a data processor on their behalf, governed by our Data Processing Agreement.

Registered address:
Typenode, Inc.
1111B S Governors Ave, # 82884
Dover, DE 19904, United States

Privacy contact: privacy@typenode.ai

Data Protection Officer: We have not appointed a Data Protection Officer as we do not currently meet the mandatory appointment thresholds under GDPR Article 37 or UK GDPR Article 37. For all data protection inquiries, please contact us at privacy@typenode.ai.

European Union presence: Typenode has operational presence in the European Economic Area through members of our founding team based in the EEA. For the purposes of GDPR Article 3(1), this constitutes establishment in the Union, and no separate EU representative under Article 27 is required.

United Kingdom representative: Typenode is not established in the United Kingdom. We have not yet appointed a UK representative under Article 27 of the UK GDPR. If you are located in the UK and wish to exercise your data protection rights, please contact us directly at privacy@typenode.ai. We will appoint a UK representative if and when the scale and nature of our processing of UK personal data requires it.

2. Information We Collect

2.1 Account Information (Platform Only)

When you create an account on app.typenode.ai, we collect your email address and password (stored as a cryptographic hash). We also record the date and time your account was created. We do not collect your name, phone number, physical address, or payment information during account registration.

2.2 Payment and Billing Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We do not receive or store your full credit card number. Stripe may share with us a truncated card number (last four digits), card brand, expiration date, billing address, and transaction history for the purpose of managing your subscription. Stripe’s handling of your payment data is governed by Stripe’s Privacy Policy.

2.3 Booking and Contact Information

When you use the booking form on typenode.ai to schedule a call, we collect your email address. Your email is shared with our scheduling provider (Cal.com) to pre-fill the booking form and streamline the scheduling process.

The booking form also includes a marketing consent checkbox. When you give consent to receive product updates, we record your consent together with proof metadata as required by GDPR Article 7(1). This metadata is collected server-side and includes: the timestamp of consent, the version and exact text of the consent statement, the method of collection, your anonymized IP address (last octet zeroed for IPv4, truncated for IPv6), your browser user agent string, the page URL, and which form on the page was used. Consent proof is stored in our customer relationship management system (Attio).

2.4 Usage and Analytics Data

We use analytics tools to understand how visitors interact with our Services. For visitors in the European Economic Area, United Kingdom, and Switzerland, full analytics data is collected only after you grant Statistics consent through our consent banner. For visitors in the United States, we provide notice before collection. The specific data collected depends on which analytics services are active:

• Google Analytics 4 (via Google Tag Manager) — When you grant Statistics consent, GA4 collects: page views, session duration, approximate geographic location (country/region level, derived from a truncated IP address), device type, browser type, operating system, screen resolution, language preference, and referral source. Google Analytics 4 anonymizes IP addresses before processing and does not store full IP addresses. Consent Mode v2: When you have not granted Statistics consent, our implementation of Google Consent Mode v2 sends limited cookieless signals to Google (timestamp, user agent, consent state, and a random identifier). These signals contain no personally identifiable information, set no cookies, and are used by Google solely for aggregate statistical modeling. No user-level analytics data is collected without your consent.
• PostHog (Platform only) — session recordings (visual replay of user interactions with the Platform interface, with password fields masked), user identification (account ID and email address for authenticated users). We do not use PostHog autocapture, automatic pageview tracking, or page-leave tracking. PostHog is configured to create person profiles for identified (authenticated) users only. PostHog is not initialized and collects no data whatsoever until you grant Statistics consent.
• Intercom (Platform only) — in-app messaging for authenticated users. When you grant Preferences consent, Intercom collects your account ID, email address, and account creation date to provide contextual support. Intercom also collects standard browser metadata (IP address, user agent, page URL) to operate the messenger. Intercom is not initialized and sets no cookies until you grant Preferences consent. When consent is revoked, the Intercom messenger is shut down and all Intercom cookies are immediately cleared.

2.5 Cookies and Similar Technologies

We use cookies and similar browser storage technologies. A detailed description of each cookie, its purpose, provider, and expiration is available in the Cookie Declaration at the bottom of this page, which is automatically maintained by our consent management platform (Cookiebot by Usercentrics). When the consent banner loads, Cookiebot briefly processes your IP address for geolocation purposes to determine which consent experience to display (EU opt-in or US notice), then discards the full IP address. Our cookies fall into four categories:

• Strictly Necessary — required for the Services to function. Includes authentication tokens (Supabase), sidebar layout preference, consent state, and security tokens. These cookies cannot be disabled.
• Preferences — remember your settings and enable optional features. Includes Intercom messenger cookies (intercom-*) for in-app messaging on the Platform. Only set after you grant Preferences consent.
• Statistics — help us understand how visitors use the Services. Includes Google Analytics cookies (_ga, _ga_*), PostHog cookies (ph_*), and localStorage items used for conversion attribution (such as CTA source tracking). Only set after you grant Statistics consent.
• Marketing — used to deliver relevant advertisements. We do not currently use marketing cookies or run advertising campaigns.

2.6 Server and Infrastructure Data

When you access the Services, our infrastructure providers (Cloudflare, Vercel) automatically collect standard server log data, including your IP address, browser user agent string, the page or endpoint requested, timestamp, and HTTP status code. This data is used for security monitoring, abuse prevention, and performance optimization. It is processed by our infrastructure providers under their respective data processing agreements and is not combined with your account information.

2.7 Information We Do Not Collect

We do not collect: social security numbers, government-issued identification, biometric data, precise geolocation (GPS), health or medical information, financial account credentials, racial or ethnic origin, religious beliefs, sexual orientation, trade union membership, genetic data, or information from children under 16.

2.8 Whether You Are Required to Provide Data

Account data (email and password) is a contractual requirement: you must provide it to create an account and use the Platform. If you do not provide this information, you will be unable to register or access the Platform.

Payment data is a contractual requirement for paid subscriptions. If you do not provide payment information to Stripe, you will be unable to subscribe to a paid plan.

Analytics and cookie data is voluntary and consent-based. Declining Statistics consent does not affect your ability to use the Services in any way. All features remain fully functional without non-essential cookies.

Server log data (IP address, user agent, request metadata) is automatically collected as a technical necessity of delivering the Services over the internet. You cannot use the Services without this data being processed.

Booking form data (email address and marketing consent) is voluntary. You may schedule a call directly through our scheduling provider without using the booking form on our Website. Marketing consent is not required to access or use our Website or Platform.

2.9 Data Obtained from Third-Party Sources

We obtain some personal information from sources other than you directly:

• Stripe, Inc. — provides us with truncated payment card details (last four digits, brand, expiration), billing address, and transaction history for subscribers. This data originates from information you provide to Stripe during checkout and is not obtained from publicly accessible sources.
• Infrastructure providers (Cloudflare, Vercel) — generate server log data (IP address, request metadata) as a byproduct of delivering our Services. This data originates from your requests to our servers and is not obtained from publicly accessible sources.

3. How We Use Your Information

We use your information for the following purposes:

We do not use your personal information for automated decision-making or profiling that produces legal effects or similarly significant effects on you. We do not engage in profiling for the purpose of making decisions about individual consumers. Analytics data is used in aggregate for product improvement only.

Artificial intelligence and model training: We do not use your personal data to train artificial intelligence models, large language models, or machine learning systems. While our Platform enables AI-powered workflows for our customers, the personal information we collect about you (as described in this policy) is not used as training data for any AI or machine learning purpose.

Commercial communications: We may send you occasional commercial emails about product updates, new features, or relevant offers. Every such email will include our physical mailing address and a clear, functioning unsubscribe mechanism. If you opt out, we will stop sending commercial emails within 10 business days. Transactional emails (account confirmations, password resets, billing receipts, security alerts) are not commercial and will continue regardless of your marketing preferences.

4. Legal Bases for Processing

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data under the following legal bases as defined in Article 6 of the GDPR:

Where we rely on consent, you may withdraw it at any time by adjusting your cookie preferences (via the Cookie Settings link in the footer or the floating privacy button), or by contacting us at privacy@typenode.ai. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5. How We Obtain and Manage Consent

We use Cookiebot by Usercentrics, a Google-certified Consent Management Platform, to manage cookie consent across our Services.

• EEA, UK, and Swiss visitors: A consent banner is displayed on your first visit. No statistics, preference, or marketing cookies are set until you make an affirmative choice. All consent signals default to “denied” via Google Consent Mode v2 until you grant consent.
• United States visitors: A notice banner informs you about our use of cookies. You may opt out of non-essential cookies through the banner or at any time via Cookie Settings.

Cookiebot shares your consent state across typenode.ai and app.typenode.ai so that you do not need to respond to the banner on each subdomain. Your consent preferences are stored in a cookie on your device and are respected on subsequent visits.

You can change or withdraw your consent at any time by clicking “Cookie Settings” in the footer of any page, or by using the floating privacy button. Revoking Statistics consent immediately stops analytics data collection and deletes all analytics cookies and local storage entries from your browser.

Declining non-essential cookies does not affect your ability to use the Services. All features of the Website and Platform remain fully functional without Statistics, Preferences, or Marketing cookies.

Marketing communications consent: Separately from cookie consent, we collect your consent to receive product updates and launch news via the booking form on typenode.ai. This marketing consent is independent of your cookie preferences — granting or denying cookie consent does not affect your marketing communication preferences, and vice versa. You may withdraw your marketing consent at any time by emailing privacy@typenode.ai. Withdrawal does not affect the lawfulness of communications sent before the withdrawal.

6. Information Sharing and Service Providers

We do not sell, rent, or trade your personal information. We do not share your personal information for cross-context behavioral advertising. We share data only with the following categories of service providers, each of whom processes data on our behalf under a data processing agreement:

All recipients listed above are service providers (processors) who process data solely on our behalf and under our instructions, bound by written contracts restricting their use of your data. We do not disclose personal information to third parties for their own independent purposes.

We may also disclose personal information if required by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our Services before your personal information becomes subject to a different privacy policy.

7. International Data Transfers

Typenode is a United States company. If you are located outside the United States, your personal information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to the United States or other countries without an adequacy decision, we rely on the following safeguards:

• EU-U.S. Data Privacy Framework (DPF): Several of our service providers (including Cloudflare, Google, Stripe, and Intercom) are certified under the EU-U.S. Data Privacy Framework, which the European Commission has recognized as providing adequate protection. You can verify certifications at dataprivacyframework.gov.
• Standard Contractual Clauses (SCCs): Where the DPF does not apply, we ensure that our service providers have entered into Standard Contractual Clauses approved by the European Commission (Implementing Decision (EU) 2021/914), supplemented with additional technical and organizational measures where necessary.
• UK International Data Transfer Addendum: For transfers of personal data from the United Kingdom, we rely on the UK Addendum to the EU Standard Contractual Clauses (as approved by the UK Information Commissioner’s Office under s.119A of the Data Protection Act 2018) or the EU-U.S. Data Privacy Framework UK Extension, where our service providers have opted in to the UK Extension.

Where possible, we prioritize EU-based hosting. Our primary database (Supabase) and product analytics (PostHog) are hosted in the EU (AWS Frankfurt). Google Analytics 4 routes EU data through EU servers before processing and does not store full IP addresses for EU visitors.

Attio Limited is based in the United Kingdom. The European Commission’s adequacy decision for the UK (renewed December 2025, valid until December 2031) permits transfers of personal data from the EEA to the UK without additional safeguards. Cal.com, Inc. is based in the United States; transfers are governed by the Standard Contractual Clauses referenced above.

You may request a copy of the specific safeguards applied to any transfer by contacting us at privacy@typenode.ai.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

When personal information is no longer needed, we delete or anonymize it. If deletion is not immediately possible (for example, because the information is stored in backup archives), we securely isolate it from further processing until deletion is feasible.

9. Your Privacy Rights

9.1 Rights Under the GDPR (EEA, UK, and Switzerland Residents)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Right of access (Art. 15) — obtain confirmation of whether we process your data and request a copy.
• Right to rectification (Art. 16) — correct inaccurate or incomplete data.
• Right to erasure (Art. 17) — request deletion of your data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing and there are no overriding legitimate grounds.
• Right to restriction (Art. 18) — request that we limit the processing of your data in certain circumstances.
• Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format (such as JSON or CSV) and transmit it to another controller.
• Right to withdraw consent (Art. 7(3)) — withdraw consent at any time for processing activities based on consent, without affecting the lawfulness of prior processing.
• Right to lodge a complaint — file a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

We will respond to your request within 30 days. If the request is complex, we may extend this period by an additional 60 days and will inform you of the extension and the reasons for it.

9.2 Rights Under US State Privacy Laws

If you are a resident of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, or another US state with a comprehensive privacy law, you may have some or all of the following rights:

• Right to know / access — request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we shared it.
• Right to delete — request that we delete personal information we collected from you, subject to certain exceptions.
• Right to correct — request correction of inaccurate personal information.
• Right to data portability — where applicable, receive your data in a readily usable format that allows transmission to another entity.
• Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising or targeted advertising. There is nothing to opt out of.
• Right to opt out of profiling — we do not engage in profiling for decisions that produce legal or similarly significant effects on consumers.
• Right to non-discrimination — we will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

Right to appeal: If we deny your privacy request in whole or in part, you have the right to appeal our decision. To appeal, email privacy@typenode.ai with “Privacy Appeal” in the subject line within 30 days of receiving our response. We will review and respond to your appeal within 60 days. If your appeal is denied, we will provide an explanation and inform you of your right to contact your state attorney general or relevant supervisory authority.

For requests under US state privacy laws, we will acknowledge receipt and respond within 45 days. If we need additional time, we will notify you of an extension of up to 45 additional days and explain the reason.

9.3 California-Specific Disclosures (CCPA/CPRA)

The following disclosures are provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code § 1798.100 et seq.).

Categories of personal information collected in the preceding 12 months:

We do not collect Categories C (protected classifications), E (biometric), G (geolocation), H (sensory), I (professional), or J (education).

Categories of personal information disclosed for a business purpose in the preceding 12 months:

Sale and sharing: We have not sold or shared (as defined by the CCPA) any personal information in the preceding 12 months. We do not sell or share personal information.

Sensitive personal information: We collect account login credentials (email address in combination with a password) as defined in Cal. Civ. Code § 1798.140(ae)(1)(A)(ii). This sensitive personal information is used solely for the purpose of authenticating your access to the Platform, which is necessary to perform the services you have requested. We do not use or disclose this sensitive personal information for purposes beyond those permitted under § 1798.121(a). Accordingly, no “Limit the Use of My Sensitive Personal Information” link is required, as we do not use sensitive personal information beyond what is necessary to provide the Services.

Retention: See Section 8 above for retention periods by data category.

Exercising your rights: To submit a request to know, delete, or correct your personal information, email us at privacy@typenode.ai. We will verify your identity by asking you to confirm the email address associated with your account. For requests to access specific pieces of personal information, we may require additional verification, such as responding to a verification email sent to your registered address or providing a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

Authorized agents: You may designate an authorized agent to submit a request on your behalf. To do so, provide us with a signed written authorization (or a valid power of attorney under California Probate Code §§ 4000–4465) identifying the agent and the specific rights to be exercised. We may also require the consumer to directly verify their identity with us and confirm that they authorized the agent to act on their behalf.

9.4 How to Exercise Your Rights

For all privacy rights requests, you may:

• Email us at privacy@typenode.ai
• Write to us at: Typenode, Inc., Attn: Privacy, 1111B S Governors Ave, # 82884, Dover, DE 19904, United States
• Manage cookie consent at any time via the “Cookie Settings” link in the footer or the floating privacy button

We do not charge a fee for processing your request. We process requests free of charge up to twice per 12-month period per consumer. We may request additional information to verify your identity before fulfilling your request.

9.5 Residents of Other Jurisdictions

If you are located in Canada, Brazil, or another jurisdiction with applicable data protection legislation, you may have similar rights to access, correct, delete, or port your personal data under your local laws. We will honor rights requests from any jurisdiction in accordance with applicable law. To exercise your rights, contact us at privacy@typenode.ai. We will respond within the timeframe required by your applicable law or, where no specific timeframe is mandated, within 30 days.

10. Do Not Track and Global Privacy Control

Do Not Track (DNT): Our consent management platform (Cookiebot) automatically detects the Do Not Track signal sent by your browser. When DNT is enabled, Cookiebot treats you as having declined all non-essential cookies, and no analytics or tracking cookies are set.

Global Privacy Control (GPC): We honor the Global Privacy Control opt-out preference signal as a valid request to opt out of the sale or sharing of personal information, as required by the CCPA and other applicable US state privacy laws (including Colorado, Connecticut, Delaware, Maryland, Montana, Nebraska, New Hampshire, New Jersey, Oregon, and Texas). When our consent management platform detects a GPC signal from your browser, it automatically processes the signal as an opt-out request. Because we do not sell or share personal information, the GPC signal serves as a confirmation that no sale or sharing occurs during your session.

Third-party tracking: When you grant Statistics consent, Google Analytics may collect information about your online activities across different websites using cookies (such as the _ga cookie). PostHog does not track users across websites. When you have not granted Statistics consent (or when DNT or GPC is active), no third-party tracking cookies are set, and no cross-site tracking occurs.

11. Children’s Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@typenode.ai.

12. Security

We implement technical and organizational measures designed to protect your personal information, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted between your browser and our Services
• Encryption at rest for data stored in our databases
• Cryptographic hashing of passwords (passwords are never stored in plain text)
• Masking of password fields in session recordings
• Access controls limiting employee access to personal data on a need-to-know basis
• DDoS protection and Web Application Firewall via Cloudflare

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

13. Third-Party Links

Our Services may contain links to third-party websites or services, such as our scheduling page on Cal.com. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party service you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Post a notice on our Website or Platform, or send an email to registered users if the change materially affects how we process your data

Where a material change affects processing activities that rely on your consent (such as analytics), we will seek fresh consent before applying the change to those activities. For processing based on other legal bases (contract performance, legitimate interest, legal obligation), your continued use of the Services after we have notified you of the change constitutes acceptance. If you do not agree with a revised policy, you should discontinue use of the Services and may request deletion of your account.

We encourage you to review this policy periodically. Previous versions of this policy are available upon request by contacting us at privacy@typenode.ai.

15. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how we handle your data, please contact us:

Typenode, Inc.
Attn: Privacy
1111B S Governors Ave, # 82884
Dover, DE 19904, United States

Email: privacy@typenode.ai

We aim to respond to all inquiries within 30 days.

16. Cookie Declaration

The following declaration is automatically maintained by our consent management platform and lists all cookies used on our Services, their category, provider, purpose, and expiration.

17. Changelog