Noding (the "Service" or "we") respects your privacy and complies with the Republic of Korea's Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR) and UK GDPR, and the California Consumer Privacy Act as amended by the CPRA.
| Category | Data items | Collected |
|---|---|---|
| Device identifier | Device-local ID (UUID v4, "localId") | Generated on device at first launch |
| Authentication | Server-issued auth token | At first launch and re-auth |
| Profile | Auto-generated nickname, user-edited nickname | At first launch and on change |
| Activity | Visited nodes, dwell time, exploration path, recommendation history | During use |
| Content | Posts, comments, chat messages, reports, block list | When submitted |
| Push token | Expo Push notification token | When you grant notification permission |
| Technical | IP address, device type, OS version, app version, access timestamp | During use (logs) |
| Traffic source | UTM parameters (utm_source, etc.) | When arriving through a tagged link |
We do not collect real names, email addresses, phone numbers, postal addresses, or any government-issued identifier. If you email us for support, your email address is processed temporarily only for that purpose.
Noding is an anonymous service built around the interest map — discovering topics and connecting with others who share your interests. As such, generating and maintaining the interest map, using it to drive recommendations and matching, and training our own systems are essential components of the service and cannot be separated from using it.
The processing activities listed below are essential to the service. By using the service, you are deemed to have legally consented to these activities. You cannot selectively opt out of individual activities. If you do not wish these processing activities to occur, you may stop using the service and request deletion of your data.
| Purpose | Legal basis (GDPR) |
|---|---|
| Operating the service (node creation, feed, chat) | Art. 6(1)(b) performance of a contract |
| Building and maintaining your personal interest map | Art. 6(1)(b) performance of a contract |
| Interest-map-based node and content recommendations | Art. 6(1)(b) performance of a contract |
| Matching and connecting users with similar interests | Art. 6(1)(b) performance of a contract |
| Training our own recommendation, moderation, matching, and generation systems, and conducting AI research and development (using content, interest map, and connected metadata in the broad sense; processed in pseudonymized form) | Art. 6(1)(f) legitimate interest |
| Aggregated and anonymized statistics and trend analysis | Art. 6(1)(f) legitimate interest |
| Content moderation and platform safety | Art. 6(1)(c)(f) legal obligation / legitimate interest |
| Handling reports, blocks, and account actions | Art. 6(1)(b)(f) |
| Sending service push notifications (comment replies, likes, activity and other non-commercial alerts) | Art. 6(1)(b) performance of a contract |
| Legal compliance and dispute response | Art. 6(1)(c) |
The following are based on your explicit consent. You may withdraw consent at any time under GDPR Art. 7(3), CCPA/CPRA, and Korea's PIPA §37. Withdrawal affects only the specific activity and does not impact your basic use of the service.
| Purpose | Legal basis |
|---|---|
| Targeted advertising and sharing of pseudonymized data with advertising partners | Consent · Art. 6(1)(a) |
| Sharing pseudonymized data (content, interest map, and metadata) with AI research and development partners and academic institutions | Consent · Art. 6(1)(a) |
| Marketing and promotional push or email messages (if and when introduced) | Consent · Art. 6(1)(a) |
The following features are not currently offered, or are offered only in limited form. They will be activated only after separate notice and your explicit consent at the time of launch. Declining these does not affect your basic use of the service.
We do not sell your personal information or share it with third parties for their own marketing. We do use the following processors ("sub-processors") to operate the service. Because these providers are located in the United States, your information is transferred internationally.
| Processor | Scope of processing | Country · Safeguards · Retention |
|---|---|---|
| MongoDB Atlas (MongoDB, Inc.) | Database hosting | United States · TLS 1.2+ · For the term of the processing contract |
| Pinecone Systems, Inc. | Vector embedding storage (no personal identifiers) | United States · TLS · For the term of the processing contract |
| Render Services, Inc. | Server infrastructure and traffic handling | United States · TLS · For the term of the processing contract |
| Expo (650 Industries, Inc.) | Push notification token management and delivery | United States · TLS · For the term of the processing contract |
| Anthropic, PBC | Content moderation and topic classification (text only, deleted within 30 days) | United States · TLS · 30 days |
| Google LLC (Gemini API) | Content moderation and trend clustering (text only) | United States · TLS · Per Google API terms |
For EEA and UK users, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum. You may request a copy of the transfer mechanism by emailing the address below. For Korean users, international transfer is covered by your consent to this Policy at first launch.
To exercise any right, email privacy@noding.app. We respond within 10 business days. For requests made by an authorized agent, we require a written authorization and proof of identity.
We run automated content filters at the node (topic) creation step. This includes pattern-based rules, similarity filters, and moderation APIs provided by Anthropic Claude and Google Gemini, applied to node titles. Filters may classify nodes as NSFW or otherwise sensitive, in which case they are excluded from recommendations and search.
For individual posts, comments, and chat messages we do not pre-block content automatically. Instead, inappropriate content is handled after the fact via user reports and operator review (typically within 24 hours). If any of your content is restricted — automatically or manually — you may appeal and request human review via the email address below.
You have the right to request human review of decisions made by our automated systems (recommendation, matching, moderation) under GDPR Art. 22. You may also object to interest-map-based personalized recommendations and matching; exercising this right will stop the corresponding processing but may limit your ability to use the service.
The Interest Map is treated as pseudonymous data about your interests and experiences and is covered by all protective measures in this Privacy Policy.
We treat the Interest Map as follows:
By using the service, you consent broadly to the internal scope (§2.A, including our own AI research and development). Sharing of pseudonymized data with external partners (§2.B), third-party integrations, and targeted advertising will not be activated without your explicit consent.
When we provide interest-map-derived data externally or publish aggregate statistics, we apply the following technical safeguards:
Data that has passed these safeguards is not considered "personal information" under Korea's PIPA or GDPR, and we may use it for statistics, research, and APIs without individual consent. However, data that is only pseudonymized (not fully anonymized) remains personal data, and we share it only where we have explicit consent or another legal basis listed in §2.B.
The web version stores the auth token in browser localStorage. The mobile app encrypts tokens using expo-secure-store, which uses the OS-level secure store (iOS Keychain or Android Keystore/EncryptedSharedPreferences). We use only the storage strictly necessary to operate the service and do not use third-party advertising trackers.
Noding is intended for users aged 14 or older. We display an age-confirmation screen at first launch and do not permit users under 14 to create content. If we learn that a user is under 14, we delete their account and data promptly. We also comply with the US Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13.
If you are a California resident, you have the following rights.
To exercise any CCPA right, email privacy@noding.app with the subject line "CCPA Request".
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under GDPR / UK GDPR:
We have not designated an EU Representative under Article 27 GDPR at this time. Please contact the privacy address below for any request.
Korean users may also contact the Personal Information Dispute Mediation Committee (1833-6972, kopico.go.kr) or the KISA Privacy Infringement Report Center (118, privacy.kisa.or.kr).
We may update this Policy to reflect changes in law or in our service. Material changes will be announced at least 7 days before they take effect (30 days in advance if the change is adverse to you) via in-app notice and on this page.