Privacy Policy

1. Introduction

This Privacy Policy describes how VitalityNode ("we," "our," or "us"), operated by Alexander Sokol doing business as "VitalityNode", collects, uses, and shares information when you use our website at vitalitynode.com and related services (the "Service"). We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data Controller: Alexander Sokol, doing business as "VitalityNode", 25/9, MOO.6, Bo Phut, Ko Samui, Surat Thani, 84320, Thailand.
Contact email: [email protected]

2. Information We Collect

We collect the following categories of information:

• Account Data: Email address, username, and password hash when you register an account.
• Upload Data: CSV files (Google Merchant Center product feeds) that you upload for analysis. These files may contain product URLs, titles, prices, and other product information.
• Report Data: Scan results, health scores, issue lists, and generated reports (PDF, CSV) associated with your account.
• Technical Data: IP address, browser type and version, operating system, device type, referring URL, and pages visited.
• Analytics Data: Usage patterns collected through Google Analytics (see Section 6 — Cookies & Analytics).

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing your account data and uploaded files is necessary to provide the scanning service you requested.
• Legitimate Interest (Art. 6(1)(f)): We collect technical and analytics data to maintain security, prevent abuse, and improve the Service. Our legitimate interests do not override your fundamental rights.
• Consent (Art. 6(1)(a)): Where required by law, we obtain your consent before placing non-essential cookies or sending marketing communications. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c)): We may process data to comply with applicable tax, accounting, or legal requirements.

4. How We Use Your Information

We use the information to:

• Provide, maintain, and improve the Scanner service.
• Process your uploaded feed files and generate audit reports.
• Process transactions via our payment processor, Paddle (when applicable).
• Send you transactional emails: scan completion notifications, PDF reports, and account-related notices.
• Monitor service performance, detect abuse, and ensure security.
• Comply with legal obligations.

5. Data Retention

We retain your data for the following periods:

• Uploaded CSV files: Processed temporarily during the scan. Original files are deleted within 24 hours after report generation.
• Scan reports and metadata: Retained for the lifetime of your account so you can access your scan history.
• Account data: Retained until you delete your account or request deletion.
• Analytics data: Google Analytics data is retained according to Google's data retention settings (currently 14 months).
• Transaction records: Payment and order records are retained for 7 years to comply with tax and accounting obligations.

You may request deletion of your data at any time (see Section 8).

6. Cookies & Analytics

We use the following cookies and tracking technologies:

Essential Cookies

• Session cookie (csrftoken, sessionid): Required for website functionality, form submissions, and authentication. These cannot be disabled.

Analytics Cookies

• Google Analytics 4 (GA4): We use GA4 (Measurement ID: G-G75RD340GL) to understand how visitors use our website. GA4 collects anonymized usage data including pages visited, session duration, and general geographic region. Google Analytics sets cookies (_ga, _ga_*) with a retention period of up to 14 months.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by configuring your browser to block third-party cookies.

7. Sharing of Information

We do not sell your personal data. We share data only with the following categories of recipients:

• Paddle.com: Our Merchant of Record for payment processing, tax compliance, and customer billing. Paddle processes your payment data under their own privacy policy. We do not store credit card numbers.
• Cloud Infrastructure Providers: Our Service is hosted on cloud infrastructure (DigitalOcean). Your data is stored on servers located in the European Union and/or the United States.
• Google LLC: Google Analytics receives anonymized usage data as described in Section 6.

We do not share your uploaded product feed data or scan results with any third party.

8. Your Rights under GDPR (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

• Right of Access (Art. 15): You have the right to request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data.
• Right to Erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"). We will delete your account, scan history, and all associated data upon request.
• Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to Restrict Processing (Art. 18): You have the right to request restriction of processing of your personal data under certain circumstances.
• Right to Object (Art. 21): You have the right to object to processing of your personal data based on legitimate interests, including profiling.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. If we need more time, we will inform you of the reason and the extended period (up to 60 additional days).

You also have the right to lodge a complaint with a supervisory authority in your country of residence.

9. Your Rights under CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of the personal information we have collected from you.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Opt-Out of Sale: We do not sell personal information. Therefore, we do not offer an opt-out of sale mechanism.

To exercise your CCPA rights, contact us at [email protected]. We will verify your identity before fulfilling your request.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States and countries in the European Union, where our cloud infrastructure providers operate data centers.

For transfers of personal data from the EEA/UK to countries that have not been deemed to provide an adequate level of data protection, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs): We enter into EU-approved Standard Contractual Clauses with our service providers to ensure your data receives an adequate level of protection.
• Paddle: Paddle.com maintains its own GDPR compliance framework and processes data in accordance with EU requirements.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit (TLS/HTTPS), secure password hashing, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such data promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:

• Email: [email protected]
• General inquiries: [email protected]
• Address: Alexander Sokol, 25/9, MOO.6, Bo Phut, Ko Samui, Surat Thani, 84320, Thailand