Ever wondered what happens to your data when you use a tool like n8n? It’s not just about automating workflows; it’s about trust. And trust starts with privacy. Today, I’m diving into n8n’s privacy policy to give you the lowdown on how they handle your data, especially under GDPR. You’re about to discover how n8n ensures your information stays secure, whether you’re using their cloud or self-hosting. Let’s get into it!
n8n’s GDPR Compliance: A Deep Dive
n8n’s commitment to privacy is clear from the get-go. They’ve got a detailed privacy policy that’s all about GDPR compliance. For those of you using the cloud version, n8n steps up as both a Controller and a Processor. What does that mean for you? It means they’re taking responsibility for securing your personal data sent to their platform. And they’re not just talking the talk; they’re walking the walk with policies and practices designed to keep your data safe.
But what about the nitty-gritty? The n8n Data Processing Agreement is where it’s at. It includes standard contractual clauses that lay out exactly how they handle your data. Plus, n8n keeps their GDPR policies up to date with the latest from the European Commission. So, you can rest easy knowing they’re on top of things.
Cloud vs. Self-Hosted: Understanding the Difference
Now, let’s talk about the difference between using n8n’s cloud and going the self-hosted route. If you’re self-hosting, n8n isn’t considered a Controller or Processor under GDPR because they’re not managing your data. That’s on you. But don’t worry, n8n still helps you out by keeping your data anonymous and steering clear of collecting sensitive info.
On the other hand, if you’re on the cloud, n8n collects a bit more data. They’re using it to diagnose issues and improve the platform, but they’re super clear about what they’re collecting. We’re talking error codes, workflow graphs, and usage details. But here’s the kicker: they don’t touch your private or sensitive information. And if you’re not feeling the telemetry, you can turn it off with a few environment variables.
GDPR Data Deletion and Sub-Processors
Got a GDPR data deletion request? It’s as simple as sending an email to [email protected]. n8n’s got your back with clear instructions on how to get that done.
And speaking of backing you up, n8n uses sub-processors like Microsoft Azure and Hetzner Online GmbH. But they’re not just picking anyone off the street. n8n audits each sub-processor’s security controls and makes sure they’re up to snuff with data protection regulations. You can even find a list of these sub-processors on their website and subscribe to updates if you want to stay in the loop.
AI Integration and Data Sharing Policies
n8n’s not just about workflows; they’re also integrating AI-powered features using Large Language Models (LLMs). But don’t worry, they’ve got strict data sharing policies in place. They’re only sending specific context data to these AI services, and it’s limited to what’s happening in your current workflow. No credential values or output data are being shared, and any data sent is deleted after 30 days. Plus, it’s not used to train those AI models.
But here’s the thing: this AI stuff is opt-in. Your workspace has to choose to use the assistant, and it’s enabled by default for n8n Cloud users. So, if you’re not into it, you can opt out. And even if you’re in, n8n’s only sharing general workflow info, node configurations, and the like. No sensitive stuff here.
Data Retention and Deletion: What You Need to Know
When it comes to data retention, n8n’s got different rules for cloud and self-hosted users. For those on the cloud, they’re keeping what they need for the core service, like your workflow code and credentials. But most internal application logs? Those are gone within 90 days, with some exceptions for security investigations.
And if you decide to delete your account, n8n’s deleting all your customer and event data. Anything in backups? That’s gone within 90 days too. Self-hosted users, you’re on your own for data deletion, but n8n’s got tips on setting up your own PID policy.
Third-Party Services and Cookies
n8n’s also using third-party services for payment processing and to improve their documentation. They’re using Paddle.com for payments, and Paddle’s got their own security policy to keep your payment details safe. And for documentation, n8n’s using cookies to enhance your experience and measure how effective their docs are. But don’t worry, they’re asking for your consent first.
So, what’s the takeaway here? n8n’s privacy policy is all about giving you control and keeping your data safe. Whether you’re on the cloud or self-hosting, they’ve got policies in place to make sure your information stays secure. And with their commitment to GDPR compliance, you can trust that n8n’s got your back.
Ready to dive deeper into n8n’s world? Check out their other resources and see how you can take your workflows to the next level while keeping your data private. Let’s keep building, but let’s do it with trust at the forefront.
