Last updated: February 5, 2026
Nodevate ("we", "us", or "our"), based in the Netherlands, is committed to protecting your personal data. This privacy policy explains what data we collect, why we collect it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable data protection laws.
The data controller responsible for your personal data is:
We only collect data that is necessary for providing our services and communicating with you. We collect the following categories of personal data:
Under the GDPR, we process your personal data based on the following legal grounds:
We retain your personal data only for as long as necessary for the purpose it was collected:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 12 months, or until inquiry is resolved |
| Newsletter subscriptions | Until you unsubscribe |
| Client project data | Duration of engagement + 24 months |
| Analytics data | 26 months (anonymized) |
| Cookie consent records | 12 months |
As a data subject, you have the following rights under the GDPR. You can exercise any of these rights by contacting us at oscar@nodevate.com. We will respond within 30 days.
You can request a copy of all personal data we hold about you.
You can ask us to correct inaccurate or incomplete data.
You can ask us to delete your personal data ("right to be forgotten"). We will comply unless we have a legal obligation to retain it.
You can request your data in a structured, machine-readable format (e.g., CSV or JSON) so you can transfer it to another service.
You can ask us to limit how we use your data while a dispute or request is being resolved.
You can object to processing based on legitimate interest. We will stop processing unless we have compelling grounds.
Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
Our website uses cookies to provide functionality and understand how visitors use our site. Here is what we use:
Required for the website to function. These include session cookies, theme preference (dark/light mode), and cookie consent status. Cannot be disabled.
Help us understand how visitors interact with our website by collecting anonymized usage data. These are only set if you consent.
You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Note that blocking essential cookies may affect site functionality.
We may use the following third-party services that process data on our behalf:
We do not sell your personal data to any third party. All third-party processors are bound by data processing agreements that ensure GDPR compliance.
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls, and regular security reviews. No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.
Your data is primarily processed within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision.
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this privacy policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
If you have questions about this privacy policy, want to exercise your data rights, or have concerns about how we handle your data, contact us: