Privacy
This Privacy Policy explains the categories of information Nostate may process when you use the website, authentication flows, dashboard, sandboxes, domains, and related infrastructure.
Nostate is infrastructure software. Operational logs, authentication records, domain events, and sandbox metadata may be processed as part of providing, securing, debugging, or changing the service. This page also serves as the current GDPR and EU data-rights notice for Nostate.
We may process account identifiers, email addresses, authentication events, provider identifiers, sandbox metadata, domain configuration data, billing-related identifiers, operational logs, and infrastructure diagnostics.
We may also process content or technical artifacts that pass through the service when necessary for storage, routing, queue execution, debugging, abuse prevention, or incident investigation.
For the current Nostate service, the Nostate operator is the controller for account, authentication, support, billing, infrastructure, and service-operation data processed through the control plane.
If you use Nostate to run your own sandbox workloads, you remain responsible for determining your own legal role, notices, and obligations toward the end users or data subjects connected to your sandbox.
We process data to operate the platform, authenticate users, provision sandboxes, route traffic, issue sessions, debug failures, prevent abuse, enforce limits, and improve the service.
We may also use operational information to investigate misuse, reliability incidents, failed builds, delivery problems, and security events.
Where GDPR applies, Nostate generally processes data because it is necessary to provide the service requested by the user, to maintain account security, to meet legal obligations, or to pursue legitimate interests such as abuse prevention, service integrity, incident response, and infrastructure administration.
Nostate does not rely on a consent banner for core account creation, login, session handling, sandbox provisioning, domain operations, billing administration, or other processing that is strictly necessary to operate the service.
We may retain operational records, account metadata, and related infrastructure logs for as long as needed for service operation, abuse prevention, legal compliance, debugging, or platform administration.
Deletion requests may not result in immediate or complete erasure from all logs, backups, caches, replicas, or incident records.
Nostate may rely on hosting providers, SMTP services, DNS and certificate services, payment providers, analytics or error tracking tools, and OAuth identity providers.
Using Nostate means relevant operational data may pass through those third-party systems as required to make the platform function.
Some providers or infrastructure components may process data outside the country where the user is located, including outside the European Union. Where that happens, Nostate expects the relevant provider relationship or transfer mechanism to be used as required for the service setup in place at the time.
If GDPR or similar EU data-protection rules apply, you may have rights to request access, rectification, erasure, restriction, objection, portability, or information about how your personal data is processed.
You may also have the right to complain to your competent supervisory authority. Because Nostate is still an early, free, best-effort cloud service, operational limitations may affect how quickly some requests can be completed, especially where data exists in logs, backups, replicas, or abuse-prevention records.
Privacy or GDPR requests should be sent through the current Nostate support or contact channel made available on the service or website.
When handling such requests, Nostate may require reasonable proof of identity before disclosing, changing, or deleting account-related information.
You are responsible for determining whether Nostate is appropriate for the data, users, and legal obligations tied to your own use case.
Do not use the service for regulated, safety-critical, or high-risk workloads unless you have independently verified that the platform meets your own requirements.