Privacy Policy

Last updated: March 1, 2026

1. Introduction

AssetNode ("we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our IT asset management platform.

This policy applies to all users of AssetNode, including administrators, managers, and employees whose organizations use our platform.

2. Data Controller

The data controller responsible for processing your personal data is:

AssetNode
Bonn, Germany
Email: [email protected]

3. Data We Collect

3.1 Account Data

When you create an account, we collect your name, email address, organization name, and role within your organization.

3.2 Asset Data

Our platform processes information about hardware assets, including serial numbers, device models, manufacturers, purchase dates, warranty information, and assignment history.

3.3 Employee Data

Organizations may store employee information including names, email addresses, departments, job titles, and device assignments.

3.4 Usage Data

We automatically collect information about how you interact with our platform, including IP addresses, browser type, pages visited, and features used.

3.5 Integration Data

When you connect third-party services (e.g., Kandji, Intune, Jamf), we process data received from these integrations as configured by your organization.

4. Legal Basis for Processing (GDPR Art. 6)

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our services as agreed in our Terms of Service.
  • Legitimate Interest (Art. 6(1)(f)): Analytics, security monitoring, and service improvement.
  • Legal Obligation (Art. 6(1)(c)): Compliance with tax, accounting, and other legal requirements.
  • Consent (Art. 6(1)(a)): Marketing communications and optional cookies, where applicable.

5. Cookies & Tracking Technologies (§ 25 TDDDG)

The storage of information on your device and access to stored information is governed by § 25 of the Telekommunikation-Digitale-Dienste-Datenschutzgesetz (TDDDG).

5.1 Technically Necessary Cookies

AssetNode uses only cookies that are strictly necessary for the operation of the platform, such as session and authentication cookies. These are exempt from consent requirements under § 25 Abs. 2 Nr. 2 TDDDG, as they are required to provide the service you explicitly requested.

5.2 No Tracking or Analytics Cookies

We do not currently use any tracking, analytics, or marketing cookies. Should this change in the future, we will update this policy and obtain your consent in accordance with § 25 Abs. 1 TDDDG and Art. 6(1)(a) GDPR before placing any non-essential cookies.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of your subscription. Audit logs are retained as needed for compliance purposes. You may request deletion of your data at any time — see section 7 for details.

7. Your Rights (GDPR Art. 15–22)

As a data subject in the EU/EEA, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability — receive your data in a machine-readable format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)

To exercise your rights, see our Impressum for contact details. We will respond within 30 days.

8. Data Security

We implement security measures including TLS encryption in transit, role-based access controls, and regular security reviews.

9. Sub-processors

We use the following sub-processors:

  • Hetzner Cloud (Germany) — application infrastructure and database hosting
  • Cloudflare (US-headquartered, EU data processing) — CDN, DNS, and DDoS protection
  • Brevo (EU) — transactional email

10. International Transfers

All primary data processing occurs within the European Union. Where data transfers outside the EEA are necessary, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.

12. Supervisory Authority

You have the right to lodge a complaint with the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen) or your local supervisory authority.