Privacy Policy

Brightnode Cloud Privacy Policy

Last Updated: February 13, 2026 | Effective Date: February 13, 2026

Brightnode Cloud ("Brightnode", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you access or use our website at https://brightnode.cloud, the console at https://console.brightnode.cloud, and our GPU cloud computing services (collectively, the "Services").

This policy applies to personal data we process as a controller (e.g., account and billing information). For customer-uploaded data processed in our cloud services, we generally act as a processor under your instructions.

By using the Services, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following types of information:

Account and Registration Information

Name, email address, username, password, company name (if applicable), phone number, and other details provided during account creation or profile updates.

Payment Information

Billing details, such as credit card information or other payment method data. We do not store full payment card details; these are processed securely by third-party payment providers (e.g., Stripe).

Usage and Technical Data

IP address, browser type and version, device information, operating system, access times, pages viewed, referring/exit pages, usage patterns, resource consumption (e.g., GPU/CPU hours, storage used), instance metadata (e.g., start/stop times, instance types), and logs generated by your use of the Services.

Customer Data in the Services

Any data, models, code, datasets, files, or content you upload, store, process, or generate while using our GPU instances/pods ("Customer Data"). We do not access, inspect, view, or use Customer Data except as necessary to provide the Services, maintain security, detect/prevent abuse or violations of our Terms of Service, or comply with legal obligations.

Communications and Support Data

Information in support tickets, emails, chats, or other communications with us.

Automatically Collected Data

Cookies, web beacons, and similar technologies for functionality, analytics, and preferences (see Cookies section below).

2. How We Use Your Information

We use the collected information to:

  • Provide, operate, maintain, and improve the Services (including provisioning GPU resources, managing instances, and optimizing performance).
  • Process payments, generate invoices, and manage billing.
  • Communicate with you about your account, usage, updates, support requests, or promotional offers (where permitted).
  • Detect, prevent, and address fraud, abuse, security incidents, or violations of our Terms of Service.
  • Analyze usage trends and improve our platform.
  • Comply with legal obligations, respond to lawful requests, and protect our rights.
  • For legitimate business interests, such as service enhancement and security.

3. Customer Data in the Services

You retain ownership and control of your Customer Data. We act solely as a processor of Customer Data and process it only to deliver the Services as instructed by you (e.g., running your workloads on GPU instances). We do not sell, share for marketing, or otherwise use Customer Data for our own purposes beyond service provision, security/abuse prevention, or legal compliance. All access by Brightnode personnel (if any) is strictly limited, logged, and governed by need-to-know principles.

4. Sharing and Disclosure of Information

We do not sell personal information or Customer Data. We may share information with:

  • Service providers and subprocessors (e.g., payment processors, cloud infrastructure providers, analytics tools) who are bound by confidentiality and data protection obligations.
  • Affiliates or in connection with business transfers (e.g., merger, acquisition).
  • Legal authorities, regulators, or third parties when required by law, subpoena, court order, or to protect rights/safety.
  • With your consent or at your direction.

5. Security

We implement industry-standard technical, administrative, and organizational measures to protect your information, including:

  • Encryption of data at rest (using AES-256 or equivalent) and in transit (using TLS).
  • Access controls, multi-factor authentication, and need-to-know restrictions.
  • Regular security assessments, monitoring, and logging.
  • Sandboxed/isolation measures for instances to prevent unauthorized cross-access.

No method of transmission or storage is 100% secure. You are responsible for securing your account credentials and implementing appropriate security for your Customer Data (e.g., your own encryption where needed).

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, provide the Services, resolve disputes, enforce agreements, or meet legal/compliance requirements. Usage logs and metadata may be retained longer for security, analytics, and abuse prevention. Upon account closure or deletion request, we delete personal data within a reasonable period (typically 30-90 days), subject to backups, legal holds, or anonymized aggregates.

Customer Data is retained only while your instances/volumes are active or as per your instructions; it is deleted upon instance termination or account closure (subject to any backups you manage).

7. International Data Transfers

Your information may be transferred to, stored, and processed in countries outside your jurisdiction, including APAC regions (e.g., Thailand, Singapore) and potentially others where our providers operate. We use appropriate safeguards (e.g., standard contractual clauses, adequacy decisions) to ensure protection in line with applicable laws.

8. Legal Bases for Processing

We process personal data based on:

  • Necessity for performance of our contract with you (e.g., providing Services, billing).
  • Legitimate interests (e.g., security, service improvement, fraud prevention).
  • Legal obligations.
  • Consent (where required, e.g., certain marketing).

9. Your Rights

Depending on your location and applicable laws (e.g., Thailand PDPA, GDPR, CCPA):

  • Access, correct, update, or delete your personal data.
  • Object to or restrict processing.
  • Request data portability.
  • Withdraw consent (where processing is consent-based).

To exercise these rights, contact privacy@brightnode.cloud. We may verify your identity and respond within legally required timeframes. Some data may be retained for legal reasons.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for essential functions, analytics, and preferences. You can manage or disable them via browser settings. For details, see our cookie notice (if separate) or console settings.

11. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If we learn we have, we will delete it.

12. Changes to This Privacy Policy

We may update this policy from time to time. Changes will be posted here with an updated "Last Updated" date. Material changes may be notified via email or console notice. Continued use after changes constitutes acceptance.

13. Contact Us

For questions, requests, or concerns:

Email: privacy@brightnode.cloud

This Privacy Policy is governed by the laws of Thailand. For compliance questions (e.g., PDPA), contact us directly.