Scope and Applicability
WitherNode operates in the United States of America and provides real-time insights, tools, alerts, and research related to cryptocurrencies, blockchain, DeFi, and the stock market. This GDPR Notice explains how we process personal data of individuals located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland in accordance with the EU GDPR, UK GDPR, and applicable U.S. laws. Where U.S. privacy requirements apply simultaneously, we implement protections consistent with both regimes to the extent feasible. This Notice forms part of our overall privacy governance and applies to the website withernode.com, related web features, user accounts, alerts, newsletters, and any other online services we provide.
Data Controller and Contact Information
The data controller for personal data described in this Notice is WitherNode, owned by Selene Marwood.
Postal address: 2855 Stevens Creek Blvd, Santa Clara, CA 95050, United States of America
Email: [email protected]
If you are an EEA/UK/Swiss resident, you may use these contact details to exercise your rights or to raise questions about this Notice.
Categories of Personal Data We Process
Data You Provide
- Identifiers and contact details (e.g., name, username, email address).
- Account credentials (hashed passwords or authentication tokens).
- Preferences, watchlists, portfolio tracking inputs, alert settings, and research interests.
- Content you submit (feedback, inquiries, survey responses, support requests).
- Billing/payment-related information if you purchase paid features (processed by payment partners; we store only necessary transaction records and non-sensitive tokens).
Data Collected Automatically
- Device and technical data (IP address, device type, operating system, browser type and settings, language, time zone).
- Usage data (pages viewed, features used, clicks, session timestamps, referring/exit pages).
- Approximate location derived from IP address.
- Cookies and similar technologies (including analytics and, where applicable, advertising identifiers) as described below.
Data from Third Parties
- Market data and news feeds from data providers.
- Anti-fraud, security, and abuse-prevention signals.
- Marketing and communications preferences from email delivery partners.
We do not intentionally collect special categories of data under GDPR (e.g., health, biometric, or precise geolocation) and request that you do not submit such information.
Purposes of Processing and Legal Bases
- Account creation and administration: to register users, authenticate access, maintain profiles, and deliver core services. Legal basis: performance of a contract and our legitimate interests in operating the service.
- Service delivery and personalization: to provide tools, alerts, watchlists, and content tailored to your settings and interests. Legal basis: performance of a contract and legitimate interests; where local law requires, certain personalization relies on consent.
- Communications: to send administrative messages, service notifications, security alerts, research updates, and, where permitted, marketing communications. Legal basis: performance of a contract (service messages), legitimate interests (service improvements and important notices), and consent (marketing where required).
- Analytics and service improvement: to understand usage patterns, diagnose issues, and improve features and user experience. Legal basis: legitimate interests; where ePrivacy or local law requires, we obtain consent for non-essential cookies/analytics.
- Security and fraud prevention: to protect accounts, investigate suspicious activity, and maintain platform integrity. Legal basis: legitimate interests and legal obligations.
- Payments and billing: to process transactions, detect misuse, and meet accounting/tax obligations. Legal basis: performance of a contract and legal obligations.
- Compliance and legal requests: to comply with applicable laws, regulatory requirements, and lawful requests. Legal basis: legal obligations and establishment, exercise, or defense of legal claims.
- Research and aggregated reporting: to generate de-identified or aggregated statistics and insights. Legal basis: legitimate interests.
Cookies and Similar Technologies
We use cookies, pixels, and similar technologies to operate our website, enable features, remember preferences, perform analytics, and, where applicable, support marketing. Categories include:
- Strictly necessary cookies (essential for login, security, and core functionality).
- Functional cookies (remembering preferences and settings).
- Analytics cookies (measuring usage and performance).
- Advertising/targeting cookies (only where used and permitted by law).
Where required, we collect your consent before setting non-essential cookies and provide a mechanism to withdraw or modify consent. You may also manage cookies through your browser settings; disabling certain cookies may impact functionality.
Sources of Personal Data
We collect personal data directly from you, automatically from your devices during your interactions with our services, and from third-party service providers (e.g., market data, analytics, payments, email delivery). We may combine information from these sources to maintain accurate records and improve our services, consistent with applicable law.
Sharing and Disclosure of Personal Data
We share personal data only as necessary for the purposes outlined above and implement contractual and organizational safeguards with recipients.
- Service providers/processors: hosting, infrastructure, security, analytics, customer support, email delivery, and payment processing.
- Professional advisors: legal, tax, and accounting advisors under confidentiality.
- Compliance and safety: to law enforcement, regulators, or courts where required by law or to protect rights, safety, and property.
- Business transactions: in connection with mergers, acquisitions, financing, or asset transfers, subject to appropriate safeguards and notices as required.
- Aggregated or de-identified data: shared for research or reporting that does not identify individuals.
International Data Transfers
We are located in the United States. If you are in the EEA/UK/Switzerland, your personal data may be transferred to countries (including the U.S.) that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum/IDTA, as applicable), supplemented by technical and organizational measures. You may request more information about these safeguards by contacting us at [email protected].
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Typical retention periods include:
- Account and profile data: for the life of the account and up to 3 years after closure.
- Watchlists, alerts, and preferences: until you delete them or your account is closed.
- Analytics and logs: 12–18 months, unless needed longer for security or legal reasons.
- Marketing records and consent logs: until consent is withdrawn and for up to 3 years thereafter to demonstrate compliance.
- Transaction and billing records: at least 7 years or as required by law.
Security
We maintain appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege practices, monitoring, and vendor due diligence. No method of transmission or storage is completely secure; if we become aware of a data incident affecting your personal data, we will notify you and regulators as required by law.
Your Rights under GDPR/UK GDPR
Subject to conditions and exceptions under applicable law, you have the following rights:
- Access: obtain confirmation and a copy of your personal data.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your personal data.
- Restriction: request restriction of processing in certain circumstances.
- Portability: receive certain data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Objection: object to processing based on legitimate interests and to direct marketing, including profiling related to such marketing.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
- Complaint: lodge a complaint with your local supervisory authority if you believe we have violated applicable data protection law.
How to Exercise Your Rights
You may submit a request by emailing [email protected] or by writing to: WitherNode, Attn: Privacy, 2855 Stevens Creek Blvd, Santa Clara, CA 95050, USA.
To protect your data, we may need to verify your identity before acting on a request. We will respond without undue delay and within one month of receipt; we may extend this period by up to two additional months if the request is complex, in which case we will inform you of the extension and reasons. We do not charge a fee unless a request is manifestly unfounded or excessive.
Automated Decision-Making and Profiling
We do not engage in decisions based solely on automated processing that produce legal or similarly significant effects about you. We may use limited profiling to tailor content, alerts, and recommendations to your preferences and usage; you may object to such processing at any time, and you may adjust your settings or withdraw consent where required.
Children’s Data
Our services are not directed to children, and we do not knowingly collect personal data from individuals under the age of 16 in the EEA/UK (or under 13 in the U.S.). If you believe a child has provided us with personal data, please contact us at [email protected] so we can take appropriate action.
U.S. State Privacy Disclosures
To align with U.S. federal and state privacy requirements (including, where applicable, the California Consumer Privacy Act as amended by the CPRA and similar laws in other states), we provide the following additional disclosures:
- We collect the categories of information described above for the business purposes set out in this Notice.
- We do not use or disclose sensitive personal information for purposes other than those permitted by law.
- If we engage in cross-context behavioral advertising in the future, we will provide a mechanism to opt out and will honor applicable opt-out preference signals (e.g., Global Privacy Control) as required by law.
- We do not discriminate against individuals for exercising their privacy rights.
Changes to This Notice
We may update this GDPR Notice from time to time to reflect changes in our practices, technologies, or legal requirements. The updated version will be posted on this page with a revised effective date. Your continued use of the services after an update signifies your acknowledgment of the changes.
Contact
For questions, requests, or concerns regarding this Notice or our data practices, please contact Selene Marwood at [email protected] or write to: 2855 Stevens Creek Blvd, Santa Clara, CA 95050, USA.
Effective date: This Notice is effective as of the date it is posted or last updated on our website.