Privacy Policy

For individual subscribers to the NodeShift AI platform

Last updated: 2 June 2026
Applies to: Individual subscribers
Governing law: ADGM, Abu Dhabi

NodeShift gives you one secure subscription to access leading artificial intelligence (AI) models from providers such as OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini), and xAI (Grok), together with built-in security guardrails that anonymise personal information in your prompts. This Privacy Policy explains, in plain language, what personal data we collect when you sign up for and use NodeShift, why we use it, who we share it with, how long we keep it, and the rights and choices available to you.

Please read this policy carefully. By creating a NodeShift account or using our services, you acknowledge that you have read and understood how we handle your personal data as described here.

1. Who We Are

NodeShift is a company incorporated in the Abu Dhabi Global Market (ADGM), a financial free zone with its own legal system, located in Abu Dhabi, United Arab Emirates. Our registered office is at Floor 15, Al Khatem Tower, Abu Dhabi, United Arab Emirates. In this policy, the terms “NodeShift”, “we”, “us”, and “our” refer to this entity.

For the personal data described in this policy, NodeShift acts as the data controller. This means we are the organisation that decides why and how your personal data is processed, and we are responsible for that data under the ADGM Data Protection Regulations 2021 and other data protection laws that may apply to you depending on where you sign up and use our services.

If you have any questions about this policy, you can contact us using the details in Section 16 below.

2. Scope of This Policy

This policy applies to individuals who subscribe to and use NodeShift directly as paying consumers, and to visitors of our public website. NodeShift is provided as a hosted, multi-tenant cloud service, which means our infrastructure is shared securely across many customers while keeping each customer’s data logically separated.

This policy does not apply in the following situations:

Business or organisation accounts: If you access NodeShift through an employer, organisation, or other business account, that organisation controls your use of the platform and is the data controller for your use. The organisation’s own privacy notice will govern that relationship, and you should refer to it.
Third-party services: This policy does not cover any separate websites, applications, or services operated by third parties that we may link to but do not control.
AI providers’ own practices: While we explain how your prompts are shared with AI providers, those providers also process data under their own terms and privacy policies.

3. Personal Data We Collect

We collect personal data that you provide to us directly, data that is generated automatically when you use our services, and, in limited cases, data from third parties such as our payment processor. The categories we collect are set out below.

3.1 Account Data

When you register and manage your account, we collect your name, email address, password (which is stored only in encrypted, hashed form), and any optional profile information you choose to provide, such as your job title, organisation name, or preferred language.

3.2 Billing and Payment Data

To process your subscription, we collect your billing name, billing address, country, the subscription plan you have chosen, your transaction history, and invoices. Card numbers and other sensitive payment details are collected and processed directly by our third-party payment provider. We do not store full payment card numbers on our own systems; we receive only limited information such as a payment confirmation and the last four digits of your card.

3.3 Usage and Technical Data

When you use the platform, we automatically collect information about how you interact with it, including:

Login and session times, and the dates and frequency of your use.
Features and tools you use, and the AI models you select.
Volume of usage, including the number of prompts and the input, output, and image tokens you consume.
Device and connection details, such as device type, operating system, browser type, language settings, and IP address.
Approximate location derived from your IP address (for example, your city or country).
Log data, diagnostics, and error reports that help us keep the service working and secure.

3.4 Prompt and Content Data

This is the content you submit to AI models through NodeShift, including your prompts, questions, instructions, uploaded files or images, and the outputs (responses) returned to you. Section 4 explains in detail how we handle this content.

3.5 Communications and Support Data

When you contact us for support, send us feedback, or otherwise communicate with us, we collect the content of those messages along with any contact details and information you provide so that we can respond and keep a record.

3.6 Cookies and Similar Data

We collect information through cookies and similar technologies on our website and platform. Section 9 describes the cookies we use and how you can manage them.

4. Your Prompts and AI Use

Understanding how we handle your prompts is central to understanding our service, so we explain it separately here.

4.1 How prompts are processed

When you submit a prompt, NodeShift routes that prompt to the AI model you have selected so that a response can be generated and returned to you. This routing is the core function of the platform and is necessary to deliver the service you have subscribed to.

4.2 We do not train models on your content

4.3 PII anonymisation guardrails

NodeShift includes built-in security guardrails that automatically detect and anonymise personally identifiable information (PII) within your prompts before they are processed. This is designed to reduce the amount of personal data that leaves the platform and is sent to AI providers.

These guardrails are an important safeguard, but no automated system can detect every possible piece of personal information in all circumstances. We therefore cannot guarantee that all personal data will always be identified and anonymised, and you remain responsible for the content you choose to submit.

We ask that you do not submit more personal, confidential, or sensitive information than is necessary for your task, and that you avoid including other people’s personal data unless you have a proper basis to do so.

5. How We Use Your Data

We use your personal data for the following purposes:

To provide the service: creating and maintaining your account, delivering the platform and its features, and routing your prompts to your chosen AI models.
To process payments: managing your subscription, processing transactions, issuing invoices, and sending billing-related communications.
To apply security controls: operating our PII anonymisation guardrails and other protections that keep the platform and your data secure.
To manage usage: monitoring usage, measuring token consumption, enforcing plan limits and fair-use rules, and managing any overage.
To support you: responding to your questions, troubleshooting issues, and providing customer service.
To maintain and secure our service: ensuring reliability and integrity, and detecting, preventing, and investigating fraud, abuse, and security incidents.
To improve our services: understanding how the platform is used and developing new and better features, using aggregated or de-identified data wherever possible.
To communicate with you: sending service, security, and administrative messages, and, where permitted, relevant updates about our products.
To comply with the law: meeting our legal, regulatory, tax, and accounting obligations, and responding to lawful requests from authorities.

6. Legal Bases for Processing

Where the ADGM Data Protection Regulations 2021 or similar laws apply, we rely on one or more of the following legal bases to process your personal data:

Performance of a contract: to provide the platform you have subscribed to, manage your account, and handle billing. Without this data, we cannot provide the service.
Legitimate interests: to secure, maintain, and improve our services, prevent fraud and abuse, and operate our business, provided these interests are not overridden by your rights and interests.
Legal obligation: to comply with applicable laws, regulations, and lawful requests, and to keep records we are required to maintain.
Consent: for optional activities such as certain cookies or marketing communications, where consent is required. Where we rely on consent, you may withdraw it at any time without affecting processing that has already taken place.

7. How We Share Your Data

We do not sell your personal data. We share it only in the limited circumstances described below, and always with appropriate protections in place.

7.1 Third-Party AI Providers

To generate responses to your prompts, the content you submit (after our guardrails have been applied) is sent to the AI provider whose model you select, such as OpenAI, Anthropic, Google, or xAI. These providers process the content in order to return a response. Their handling of that content is governed by their own terms of service and privacy policies, and we encourage you to review them. NodeShift selects providers that we consider to maintain appropriate security and data-handling standards.

7.2 Service Providers

We rely on carefully chosen third-party vendors to operate our business, including providers of cloud hosting and infrastructure, payment processing, analytics, communication and email delivery, and customer support tooling. These providers may process your personal data only on our instructions, only to the extent necessary to perform their services, and under contractual obligations of confidentiality and data protection.

7.3 Legal, Safety, and Corporate Reasons

We may disclose your personal data where we believe in good faith that doing so is necessary to: comply with applicable law, regulation, legal process, or an enforceable governmental request; enforce our terms and policies; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of NodeShift, our users, or the public. If NodeShift is involved in a merger, acquisition, financing, or sale or transfer of assets, your data may be transferred as part of that transaction, subject to this policy.

8. International Data Transfers

NodeShift operates across multiple regions. Depending on where you sign up, your personal data may be stored and processed in one or more of the following locations:

Region	Jurisdictions
Middle East	United Arab Emirates, Qatar, Kingdom of Saudi Arabia, Bahrain, Oman
Europe	European Union
Americas	United States

In addition, because the AI providers and certain service providers we work with operate internationally, your personal data, including your prompts, may be transferred to and processed in countries other than the one in which you are located. Some of these countries may have data protection laws that differ from, and may offer less protection than, those in your home jurisdiction.

Wherever we transfer personal data across borders, we take steps to ensure it remains protected and that the transfer complies with the ADGM Data Protection Regulations 2021 and other applicable laws. These steps may include putting in place appropriate contractual safeguards with the parties receiving the data and assessing the protections available in the destination country.

9. Cookies and Similar Technologies

Our website and platform use cookies and similar technologies (such as local storage and pixels) to function correctly, keep you signed in, remember your preferences, and help us understand how our services are used. The main categories are:

Category	Purpose	Can you disable?
Essential	Required for the website and platform to work, including sign-in, session management, and security.	No (always on)
Preference	Remember your settings and choices, such as language and display options.	Yes
Analytics	Help us understand usage patterns so we can measure and improve our services.	Yes

You can manage or disable non-essential cookies through your browser settings and, where we provide one, through our cookie banner or preferences tool. Please note that blocking some cookies may affect how parts of the service work for you.

10. How Long We Keep Your Data

We retain your personal data only for as long as we need it for the purposes set out in this policy, after which we securely delete it or anonymise it so it can no longer be linked to you. In general:

Account data is retained while your account is active and for a reasonable period afterwards to handle closure, disputes, and legitimate business needs.
Billing and transaction records are retained for as long as required to meet our financial, tax, accounting, and legal obligations.
Prompt and content data is retained only as long as needed to provide the service and is then deleted or de-identified in line with our internal retention settings.
Usage and log data is retained for a limited period for security, troubleshooting, and analytics, and may be kept longer in aggregated or de-identified form.
Support communications are retained for as long as necessary to resolve your matter and keep appropriate records.

11. How We Protect Your Data

We use a combination of technical and organisational measures designed to protect your personal data against unauthorised access, loss, misuse, or alteration. These include:

Encryption of data in transit and at rest.
Role-based access controls that limit who can access personal data.
Our PII anonymisation guardrails for prompt content.
Network security, monitoring, and logging.
Audit trails that record key activity on the platform.
Internal policies, staff training, and confidentiality obligations.

Despite these measures, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You also play an important part in keeping your data safe: please choose a strong, unique password, keep your login credentials confidential, and do not share your account with others.

12. Your Rights

Subject to applicable data protection law, you have the following rights in relation to your personal data:

Right	What it means
Access	Request confirmation of whether we process your data and a copy of the personal data we hold about you.
Correction	Ask us to correct personal data that is inaccurate or incomplete.
Deletion	Ask us to delete your personal data in certain circumstances, for example where it is no longer needed.
Restriction	Ask us to limit how we process your data in certain situations.
Objection	Object to processing that is based on our legitimate interests.
Portability	Receive certain data you provided to us in a structured, commonly used, machine-readable format.
Withdraw consent	Withdraw your consent at any time where we rely on it as our legal basis.
Complain	Lodge a complaint with the ADGM Office of Data Protection or the data protection regulator in your jurisdiction.

To exercise any of these rights, please contact us using the details in Section 16. We may need to verify your identity before acting on your request, and we will respond within the timeframes required by applicable law. There is normally no charge, although we may charge a reasonable fee or decline a request that is manifestly unfounded or excessive, as permitted by law.

13. Age Requirement

NodeShift is intended only for individuals aged 18 years or older. We do not knowingly offer our services to, or collect personal data from, anyone under the age of 18. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data promptly. If you believe that a minor has provided us with personal data, please contact us so that we can take appropriate action.

14. Third-Party Links and Services

Our website and platform may contain links to third-party websites, products, or services that we do not own or control, including the AI providers whose models you access. This policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third party before providing them with your personal data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, or business practices. When we make changes, we will revise the “Last updated” date at the top of this policy. If the changes are material, we will provide a more prominent notice, such as a notification within the platform or a message to your registered email address. We encourage you to review this policy periodically so that you stay informed about how we protect your data.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, or if you wish to exercise any of your rights, please contact us:

Entity: NodeShift, a company incorporated in the Abu Dhabi Global Market (ADGM)
Email: privacy@nodeshift.com
Address: Floor 15, Al Khatem Tower, Abu Dhabi, United Arab Emirates
Phone: +971 555 905 293

If you are not satisfied with our response, you have the right to contact the ADGM Office of Data Protection, or the data protection authority in your country, to lodge a complaint.

NodeShift - your private AI and governance platform.

English (EN)
Arabic (AR)

JavaScript is disabled in your browser. For a better experience, please enable JavaScript.Learn how to enable JavaScript.