Nodivex from TraitSpan
Privacy

Privacy Policy

This policy explains how TraitSpan (operator of NODIVEX) handles personal data and how you can exercise your rights, including deletion requests and analytics consent choices.

What this policy covers

This Privacy Policy explains how TraitSpan (“TraitSpan”, “we”, “us”, “our”) collects, uses, and safeguards personal data when you use NODIVEX (the “Service”). TraitSpan is the data controller for the processing described in this policy. NODIVEX is a product operated by TraitSpan. Certain functionality in the Service is powered by vianodi, a simulation engine and platform also operated by TraitSpan.

Data we collect

  • Account details such as your email address and authentication information, and (if you provide it) your name or profile details.
  • Workspace and kata activity you create or submit, such as attempts, diagrams, notes, comments, and feedback.
  • Usage and technical data such as device/browser type, approximate location derived from IP (where applicable), timestamps, pages/features used, performance metrics, and error logs to keep the Service reliable and secure.
  • A pseudonymous device identifier (ts_base_device_id) to support guest usage, fairness limits, abuse prevention, reliability monitoring, and continuity across sessions and subdomains.
  • Short-lived authentication tokens used to authorise engine simulations and protect the Service from abuse.
  • Support interactions such as emails or messages you send to us when requesting help.
  • Optional product improvement analytics (PostHog) routed through our first-party ingest proxy. Analytics and session recording remain disabled until you opt in.

How we use your data

  • To provide the Service, including creating and managing accounts, saving and restoring attempts, and running simulations.
  • To operate, secure, and protect the Service (for example, preventing abuse, troubleshooting issues, monitoring reliability, and enforcing fair-use limits).
  • To communicate essential operational messages such as service updates, security notices, and changes to the Service or these policies.
  • To generate aggregated, de-identified insights that do not identify individual users.
  • If you opt in, to understand how people use the Service (product improvement analytics) and to improve flows, features, and performance.

Legal bases for processing

  • Contract: where processing is necessary to provide the Service you request (for example, account access, saving attempts, and running simulations).
  • Legitimate interests: where processing is necessary to secure, protect, and operate the Service (for example, abuse prevention, reliability monitoring, debugging, and fair-use enforcement), balanced against your rights.
  • Consent: where required by law for non-essential analytics and similar technologies. If you do not opt in, analytics remains disabled and session recording stays off.

Cookies and similar technologies

We use cookies and similar technologies for two separate categories of purpose: 1) Essential purposes (always-on) We use strictly necessary cookies/storage to make the Service work, protect it from abuse, and preserve basic continuity. This includes: - ts_base_device_id: a pseudonymous device identifier used for guest continuity across subdomains, fairness limits, abuse prevention, and reliability monitoring. - ts_analytics_consent: stores your analytics preference so we can respect your choice. 2) Optional product improvement analytics (opt-in) If you opt in, we enable product improvement analytics (PostHog) via our first-party ingest proxy. Until you opt in, analytics is disabled and session recording remains off. You can change your analytics preference at any time via the Service settings (where available) or by clearing your cookies and re-setting your preference on next visit.

Your choices and rights

  • Access: request a copy of the personal data we hold about you.
  • Portability: request your data in a structured, commonly used, machine-readable format (where applicable).
  • Correction: ask us to correct inaccurate or incomplete data.
  • Objection and restriction: object to certain processing or request limits while we review your request (subject to legal conditions).
  • Withdraw consent: if processing is based on consent (such as optional analytics), you can withdraw it at any time without affecting earlier processing.

Deletion and the right to be forgotten

You can request deletion of your account and personal data. We will delete or irreversibly anonymise personal data where we can, except where we need to retain it to comply with law or to establish, exercise, or defend legal claims. Operational logs and security records may be retained for a limited period where necessary for safety, abuse prevention, and incident investigation. If you have opted in to product improvement analytics, we will take reasonable steps to sever the link between your account identifier and analytics data (for example, by triggering relevant deletion mechanisms provided by our analytics processor), while preserving aggregate metrics that do not identify you.

Data retention

We keep personal data only for as long as necessary to provide the Service, meet legal obligations, and operate safely. Typical retention patterns include: - Account data: retained while your account is active, and deleted or anonymised following deletion (subject to limited exceptions above). - Workspace content: retained as part of your account until you delete it or delete your account (unless you are a guest user, in which case storage may be device-local only). - Security and operational logs: retained for a proportionate period to investigate incidents, prevent abuse, and improve reliability. - Aggregated, de-identified insights: may be retained long-term because they do not identify individuals.

Sharing and processors

We use trusted service providers (processors) to help operate the Service (for example, hosting, monitoring, and optional analytics). We share personal data with processors only as needed for the purposes described in this policy, and we require appropriate contractual safeguards. We do not sell personal data.

Security

We use industry-standard security controls to protect personal data, such as encryption in transit, access controls, and audit logging. No system is perfectly secure, but we work to prevent unauthorised access, disclosure, alteration, or loss.

International data transfers

Where personal data is transferred internationally, we use appropriate safeguards such as standard contractual clauses and (where available) regional hosting options.

Updates to this policy

We may update this policy to reflect product changes or legal requirements. We will post the effective date of the update and, where appropriate, take reasonable steps to notify you of material changes.

Contact

For privacy questions or to exercise your rights, contact us at privacy@nodivex.com. Please include the email linked to your account and the nature of your request. If you are in the UK or EEA, you also have the right to lodge a complaint with your local supervisory authority (for example, the UK ICO).