Node-Bench
Start learning

Privacy Policy

Last updated: March 31, 2026

1. Data Controller

Lukas Kunhardt
Oranienstr. 203
10999 Berlin, Germany
Email: contact@node-bench.com
Phone: +49 174 3472150

We have not appointed a Data Protection Officer as we do not meet the threshold under Section 38 BDSG.

2. Overview

This policy covers the node-bench.com website and the NodeBench Chrome extension. We collect only what is necessary to provide interactive n8n lessons, manage your account, and process payments.

3. What We Process and Why

Account and Authentication

We collect your name and email address via Google OAuth to create and identify your account. Legal basis: performance of our contract with you (Art. 6(1)(b) GDPR).

Lesson Progress

We store which steps you completed and which checks passed. This data is saved locally in Chrome storage and synced to our server so you can resume across devices. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

Payment Processing

Payment is handled entirely by Stripe. We receive your payment status and Stripe customer ID but never see or store your card details. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

Workflow Validation (Chrome Extension)

When you work on a lesson, the extension reads your n8n editor canvas to validate your workflow steps. This data is processed locally in your browser and is not sent to our servers. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

Website Hosting and Delivery

When you visit our website, your IP address and browser metadata are processed by our hosting provider (Vercel) to deliver the page. Server logs are retained for up to 30 days. Legal basis: legitimate interest in reliable website operation (Art. 6(1)(f) GDPR).

Product Analytics (Website Only)

On the website, we use PostHog (EU instance, hosted in Frankfurt) to understand how lessons are used and where users get stuck. PostHog collects anonymized usage data. The Chrome extension does not include any analytics trackers. Legal basis: consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time through the cookie settings on our website.

4. Chrome Extension Permissions

The extension requests the following browser permissions:

  • Side Panel - displays lessons alongside the n8n editor.
  • Storage - saves your lesson progress locally on your device.
  • Identity - signs you in with Google to link your account.
  • Host access (node-bench.com) - communicates with our server to sync progress and verify payment status.
  • Optional host access - requested only when you start a lesson. Allows the extension to read your n8n editor canvas (localhost or self-hosted instances) to validate your workflow steps. This data stays in your browser.

5. What We Do Not Do

  • We do not sell or share your personal data with third parties for advertising or marketing.
  • We do not collect browsing history or activity outside the extension.
  • We do not read your n8n workflows beyond what is needed to validate lesson steps.
  • We do not inject content into websites other than displaying the side panel.
  • We do not engage in automated decision-making or profiling as defined in Art. 22 GDPR.

6. Third-Party Services and International Data Transfers

We use the following processors. Where data is transferred to the United States, transfers are covered by the EU-U.S. Data Privacy Framework adequacy decision (Art. 45 GDPR) and, as a supplementary safeguard, Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Service Purpose Location
Google (OAuth) Authentication USA (DPF certified)
Supabase Database, user accounts EU (Frankfurt)
Stripe Payment processing EU (Stripe Payments Europe, Ltd)
Vercel Website hosting, CDN USA (DPF certified, SCCs)
PostHog Website analytics EU (Frankfurt)

7. Cookies

Our website uses only technically necessary cookies for authentication and session management. These do not require consent under Section 25(2) TDDDG.

PostHog analytics is loaded only with your consent. You can change your preference at any time through our cookie settings.

8. Data Retention

  • Account and progress data: retained for as long as your account exists. Deleted within 30 days of account deletion.
  • Payment records: retained for 10 years as required by German tax law (Section 147 AO).
  • Server logs: deleted after 30 days.
  • Local extension data: stored on your device only. Removed when you uninstall the extension.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access (Art. 15) - request a copy of your data.
  • Rectification (Art. 16) - correct inaccurate data.
  • Erasure (Art. 17) - request deletion of your data.
  • Restriction (Art. 18) - restrict processing of your data.
  • Data portability (Art. 20) - receive your data in a portable format.
  • Objection (Art. 21) - object to processing based on legitimate interests. Where we process data based on Art. 6(1)(f), you have the right to object at any time for reasons relating to your particular situation.

Where processing is based on your consent (e.g. analytics), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, email us at contact@node-bench.com.

10. Provision of Data

Providing your email address and name (via Google sign-in) is required to use our service. Without this data, we cannot create an account or track your lesson progress. Payment data is required only if you purchase paid content.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for us is:

Berliner Beauftragte fur Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
www.datenschutz-berlin.de

You may also contact the supervisory authority in your country of residence.

12. Contact

Lukas Kunhardt
Oranienstr. 203, 10999 Berlin
contact@node-bench.com