noodlbox

Privacy Policy

Last updated: January 8, 2026

Introduction

Noodlbox is committed to protecting your privacy. This privacy policy outlines how we collect, use, share, and protect your information.

Definitions

Personal Data: Any information that relates to an identified or identifiable individual.

Usage Data: Data collected automatically, either generated by the use of the service or from the service infrastructure itself.

Account Data: Information provided to create and maintain your account.

Data Collection

We collect the following types of data:

  • Account data (email, name)
  • Device identifiers for licensing
  • Usage analytics (feature usage, error logs)
  • Payment data processed via Stripe (no card storage)

Data Usage

Your data is used for the following purposes:

  • Account management and authentication
  • License validation
  • Service improvement and bug fixes
  • Feature prioritization via usage analytics
  • Transactional emails (receipts, updates)
  • Support communications

Data Sharing

We share your data with trusted third parties as follows:

  • Stripe for payment processing
  • Cloudflare for edge security and CDN
  • AWS for infrastructure hosting
  • PostHog for anonymized product analytics

We do not sell personal data and may disclose data if required by law.

Cookies and Tracking

We use cookies and tracking technologies in the following ways:

  • Authentication cookies to keep you logged in
  • PostHog analytics (anonymized, no PII)
  • No advertising cookies
  • No cross-site tracking
  • Local CLI/MCP server uses no cookies

Data Retention

We retain your data as follows:

  • Account data is kept while the account is active and deleted within 30 days after deletion
  • Usage analytics aggregated data kept for 2 years; raw logs deleted after 90 days
  • Payment records kept for around 7 years as required by tax law
  • Support tickets kept for 2 years after resolution
  • Local .nbx files are stored only on your device

User Rights

You have the following rights regarding your personal data:

  • Right to access
  • Right to correct
  • Right to delete
  • Right to export
  • Right to restrict processing
  • Right to object to analytics and marketing

Data Security

We take data security seriously and employ the following measures:

  • TLS encryption in transit
  • AES-256 encryption at rest
  • Secrets managed via AWS Secrets Manager
  • No plaintext credentials in code or logs
  • Regular security audits
  • SOC 2 compliance planned for enterprise tier
  • Local processing ensures code never leaves your machine

International Data Transfers

Data may be transferred internationally as follows:

  • Infrastructure located in the US (AWS us-east-1)
  • Cloudflare edge nodes worldwide
  • EU transfers comply with Standard Contractual Clauses
  • Code content never leaves your device

Third Party Links

Our service may contain links to third-party sites (e.g., GitHub, npm). We are not responsible for their privacy practices. Please review the policies of any third-party sites before sharing any personal information.

Changes to Policy

Material changes to this policy will be emailed to registered users. Non-material changes will be posted on our website. Continued use of the service after changes constitutes acceptance of the updated policy. Previous versions are available upon request.

Contact Information

If you have any questions about this privacy policy, please contact us at: