nodexo logo nodexo

Transparency, not obscurity.

In a world of legalese and click-through agreements, we believe privacy should be read and understood. This document outlines our commitment to your data with the same clarity we bring to our design work.

nodexo operates from Medellín, Colombia, and our digital footprint extends wherever our work does. This policy applies to all visitors of nodexo.world and any client portals we build. We do not trade in data; we use it solely to collaborate, communicate, and create.

What We Collect & Why

Our data collection is strictly project-oriented. We differentiate between two streams of information, each with a distinct purpose tied to our service delivery.

1. Client & Project Data

When you engage our services, we collect contact details (name, email, company) and project-specific information (briefs, brand assets, user research). This data is processed exclusively within our project management tools (e.g., Notion, Figma) to facilitate collaboration. Retention is tied to the project lifecycle, with archived data stored securely for a period defined in our Terms of Service.

2. Website Analytics

We use privacy-focused analytics (like Plausible or a self-hosted solution) that anonymize data at the source. We track page views, source, and session duration to understand content resonance and improve our portfolio presentation. No IP addresses are stored, and cookies are minimal (see our Cookie Policy).

Legal Basis

Our processing is grounded in two legal principles under GDPR and Colombian data protection law (Habeas Data):

  • A. Contractual necessity: For project execution.
  • B. Legitimate interest: For website analytics and security.

Contact our Data Protection Lead: [email protected]

Technical Safeguards

We treat your data with the same respect for integrity as we do our creative files. Our stack is chosen for reliability and security, not just features.

Encryption

All data in transit (HTTPS/TLS 1.2+) and at rest (AES-256) is encrypted. Our client portal uses secure, session-based authentication.

Access Control

Data access is role-based. Only project-lead designers and relevant client contacts can view full project assets. Internal teams see anonymized data.

Right to Deletion

You may request full deletion of your personal data post-project. We conduct quarterly audits to purge inactive data, following a documented retention schedule.

Third-Party Processors

We only use essential service providers who meet our security standards. All processors are bound by data protection agreements.

  • Stripe (Payment Processing) US-EU
  • Google Workspace (Email/Docs) US
  • SendGrid (Transactional Email) US-EU
  • Netlify (Website Hosting) Global CDN

Data Protection Officer

For any concerns, requests, or questions regarding this policy or your data:

nodexo Privacy Team

Calle 10D #30A-115, Int 201

Medellín, Colombia

[email protected]

+57 604 444 3543

Response time: 30 days or less. No fees for standard requests.

This policy is a living document, reviewed annually or when our tools change. The last update was made on May 15, 2026. By using nodexo.world, you acknowledge these terms.

Home Contact Us Cookie Policy