Legal · Document 01 of 04

Privacy Policy

Last update May 25, 2026 Jurisdiction Italy · EU Version 1.0

01Introduction

This Privacy Policy explains how Node Composer (“Node Composer”, “we”, “our”, or “us”) collects, processes, and protects personal data when users access the website, purchase subscriptions, download, or use the Node Composer desktop software.

By using the website or software, users agree to the practices described in this Privacy Policy.

02Data Controller

EntityStefano Rinaldo, Supertools VATIT01133160257 CountryItaly Emailinfo@node-composer.studio

03What Node Composer Is

Node Composer is a desktop application designed to create AI-assisted creative workflows. The software allows users to connect third-party AI providers through their own API keys.

Node Composer:

  • does not provide proprietary AI models;
  • does not resell AI credits;
  • does not host inference services;
  • does not process payments for AI generation providers.

Users are solely responsible for managing and paying for their own third-party AI provider accounts.

04Data We Collect

We may collect and process the following information:

Account & Subscription Information

  • email address;
  • Polar customer ID;
  • subscription status;
  • license key information;
  • subscription dates and renewal status.

Device & Licensing Information

  • machine/device identifier;
  • activation status;
  • validation timestamps.

Website Information

  • technical website access data necessary for security and website functionality.

Local Application Data

Node Composer locally stores certain operational information directly inside the user’s local SQLite database, including:

  • workflow logs;
  • generation history;
  • websocket synchronization logs.

These local logs remain on the user’s device and are not transmitted to our servers.

05Information We Do Not Store

Node Composer does not intentionally store on its servers:

  • prompts submitted to third-party AI services;
  • generated images or videos;
  • AI outputs;
  • websocket operational logs;
  • crash reports;
  • IP addresses.

AI generation requests are transmitted directly between the user environment and third-party AI providers.

06Third-Party Services

Node Composer relies on third-party infrastructure providers for subscription management, backend services, and AI integrations.

polar.sh

Polar acts as Merchant of Record and manages:

  • subscription billing;
  • VAT and international sales tax collection;
  • recurring payments;
  • customer billing communication.

Supabase.com

Supabase is used for:

  • licensing validation;
  • realtime synchronization;
  • device activation management;
  • backend infrastructure.

WaveSpeed

WaveSpeed provides access to third-party AI generation models and services. Users connect to WaveSpeed using their own API keys and accounts.

Node Composer is not responsible for:

  • WaveSpeed billing;
  • AI provider pricing;
  • third-party AI provider policies;
  • generated outputs.

07Legal Basis for Processing

Personal data is processed under the following legal bases:

Contractual necessity

To:

  • provide software access;
  • validate subscriptions;
  • manage licensing;
  • provide customer support.

Legitimate interests

To:

  • prevent fraud and abuse;
  • secure licensing systems;
  • protect the software infrastructure.

08Data Retention

We retain:

  • subscription and licensing records for accounting and compliance purposes;
  • inactive licensing records for up to 24 months;
  • technical operational records only as reasonably necessary for service continuity.

Users may request deletion of eligible personal data where legally permitted.

09International Transfers

Some service providers may process data outside the European Union. Where applicable, we rely on appropriate safeguards and contractual protections provided by our infrastructure partners.

10Security Measures

We implement reasonable technical and organizational measures to protect personal data, including:

  • encrypted connections;
  • restricted backend access;
  • protected licensing systems;
  • secure credential management.

However, no online infrastructure can be guaranteed to be completely secure.

11User Rights

Under applicable laws, users may request:

  • access to personal data;
  • correction of inaccurate information;
  • deletion of eligible data;
  • restriction of processing;
  • objection to processing where applicable.

Requests may be submitted to info@node-composer.studio.

12Community Support

Support may also be provided through the official Node Composer Reddit community referenced on the website.

Users should avoid publicly sharing:

  • license keys;
  • API credentials;
  • sensitive personal information.

13Changes to This Policy

We may update this Privacy Policy periodically. Updated versions will be published on this page.

14Contact

For privacy or legal inquiries:

EntityStefano Rinaldo, Supertools Emailinfo@node-composer.studio