Privacy Policy — Noda Website and Demo Flows

Last updated: April 22, 2026

1. Data Controller

TIMPIA S.R.L., operating as Noda Energy ("Noda", "we", "us"), is the controller for the public website, demo-booking flow, ROI calculator, AI assistant, and other inbound marketing interactions described on this page.

If you use a contracted Noda customer workspace, controller and processor roles for product data are governed by the signed order form, master services agreement, and data processing addendum for that customer relationship.

  • Company: TIMPIA S.R.L.
  • Address: Coesi Business Campus, Str. Zaharia Stancu Nr. 6, Brașov, Romania
  • Email: hello@noda.energy
  • Phone: +40 787 578 482
  • Trade Register: J08/2046/2023
  • EU VAT: RO53544402

2. Data We Collect

Depending on how you use the site, we may collect the following categories of data:

  • Contact and booking data: name, work email, company, meeting details, and any message you submit when booking a demo
  • ROI request data: name, work email, company, ROI inputs, and an optional company website URL that may be analyzed to personalize the report you requested
  • Chat data: messages you enter in the website AI assistant
  • Usage and preference data: language preference, consent choices stored in your browser, and analytics data if you opt in
  • Technical and request metadata: IP address, user-agent, timestamps, approximate request logs, and other information needed for security, delivery, and troubleshooting

3. How We Use Your Data

We use personal data to operate the site and respond to requests you initiate, including to:

  • Run and localize the website: remember language and consent preferences and deliver core site functions
  • Schedule demos: create calendar invitations, send confirmations, and maintain booking records
  • Generate ROI materials: calculate, personalize, email, and internally review the ROI report you asked for
  • Respond to messages: answer questions sent through the chatbot or other inbound forms
  • Operate the service safely: detect abuse, investigate issues, maintain limited operational records, and defend legal claims
  • Measure website use: run browser analytics when you consent to analytics tracking
  • Handle inbound commercial interest: follow up on demo or report requests relevant to Noda's business offering

4. Legal Basis for Processing

We rely on the legal bases in Article 6(1) GDPR, depending on the activity:

  • Consent (Art. 6(1)(a)): browser analytics, cookie-like technologies beyond what is strictly necessary, and activation of the public-site AI chat flow
  • Steps at your request prior to entering a contract (Art. 6(1)(b)): demo booking, answering inbound business questions, generating the ROI report you requested, and related communications
  • Legitimate interests (Art. 6(1)(f)): B2B lead handling, security monitoring, spam and fraud prevention, limited operational event logging, and improving site content and delivery
  • Legal obligations (Art. 6(1)(c)): where we must retain or disclose data to comply with applicable law, accounting, tax, or law-enforcement duties

5. Cookies and Similar Technologies

We use both cookies and browser-side storage mechanisms such as localStorage on the public website.

IdentifierStored inPurposeDurationCategory
NEXT_LOCALECookieStores your language preferenceUp to 1 yearNecessary
noda_cookie_consent / noda_consent_timestamplocalStorageStores your consent preferences and the last consent timestampUp to 6 monthsNecessary
noda_chat_consentlocalStorageStores whether you accepted or declined the public-site AI chat gateUntil cleared or changedNecessary
PostHog cookies / local storageCookie and localStorageConsent-based website analytics and session insightsConfigured by the analytics toolAnalytics

Non-essential browser analytics only activate after your consent. When you submit a form, we may also create server-side operational records that do not depend on cookies or localStorage.

6. Third-Party Services

We use selected service providers to run the website and respond to your requests:

  • Vercel — website hosting and delivery
  • Neon — storage of booking records and related metadata
  • Google Calendar — scheduling demo meetings and invitations
  • Resend — transactional email delivery for confirmations and reports
  • PostHog — consent-based web analytics and limited operational metrics for submitted forms
  • Mistral AI — chatbot responses and optional ROI-report personalization based on the website you submit

We review vendor terms, DPAs, and transfer safeguards where applicable. Some vendors act strictly as processors for us; others may have their own controller responsibilities for platform security, fraud prevention, or billing operations.

7. International Transfers

Some service providers or their support teams may access or process data outside the EEA, the UK, or Switzerland. Where this happens, we rely on the safeguard appropriate to the vendor and transfer path, such as an adequacy decision, participation in the EU-US Data Privacy Framework where applicable, the European Commission's Standard Contractual Clauses, and supplementary contractual or technical measures.

The exact transfer posture depends on the active vendor configuration, feature path, and contract terms in force at the time of processing.

8. Data Retention

We retain data for periods that fit the relevant business and legal purpose. Typical periods for the public website are:

  • Demo booking records and confirmation emails: normally up to 24 months after the booking unless a longer period is required for legal, tax, or dispute reasons
  • ROI/contact submissions and generated report records: normally up to 24 months after the latest relevant interaction
  • Public-site chat interactions: we do not intentionally keep a separate chat transcript in our own application database for the public website, but vendor-side retention may apply under the AI provider's terms
  • Browser analytics: according to the retention rules configured in the analytics tool, typically up to 12 months
  • Consent records stored in your browser: up to 6 months before re-prompting
  • Security and application logs: shorter operational periods unless a longer retention window is needed to investigate abuse, incidents, or legal claims

9. Your Rights

Under GDPR, you may have the right to access, rectify, erase, restrict, object to, or port personal data, and to withdraw consent where processing is based on consent.

  • Access — obtain confirmation and a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — ask us to delete data where the legal conditions are met
  • Restriction — request that we temporarily limit certain processing
  • Portability — receive data you provided to us in a structured format where the GDPR conditions apply
  • Objection — object to processing based on our legitimate interests
  • Withdraw consent — change your analytics or chat consent choices at any time without affecting prior lawful processing

To exercise these rights, contact hello@noda.energy. We will usually respond within one month, subject to lawful extensions where applicable.

10. Children's Data

The Noda website and demo flows are intended for professional and business users and are not directed to children. We do not knowingly target or collect personal data from children under 16 through the public site. If you believe a child has provided data to us, contact hello@noda.energy so we can review and delete it where appropriate.

11. AI Features on the Website

The public website includes AI-assisted features, including the chatbot and optional ROI-report personalization. When you use those features:

  • your message and, if you choose to provide it, website-derived company context may be sent to our AI provider to generate a response or analysis
  • the output is informational and should not be treated as engineering, legal, or regulatory advice
  • you should avoid sharing confidential project files, operator data, personal special-category data, or other sensitive information in the public-site chat
  • human follow-up may still occur where you request a demo, report, or commercial response

The website AI assistant is labeled as AI-generated interaction support.

12. Changes to This Policy

We may update this Privacy Policy when our website flows, providers, or legal obligations change. The newest version will be published on this page with the updated date above. Material changes may also be highlighted on the site or in direct communications where appropriate.

13. Contact Us

For privacy questions, data-rights requests, or vendor-transfer questions, contact us at:

  • Email: hello@noda.energy
  • Address: TIMPIA S.R.L., Coesi Business Campus, Str. Zaharia Stancu Nr. 6, Brașov, Romania
  • Phone: +40 787 578 482

14. Supervisory Authority

You have the right to lodge a complaint with the supervisory authority competent for your habitual residence, place of work, or place of the alleged infringement.

As our main establishment is in Romania, our lead supervisory authority is the Romanian data protection authority:

  • ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
  • Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
  • Email: anspdcp@dataprotection.ro
Noda

Hey! I'm Noda — I'm here to answer your questions and guide you through everything you need to know.

Nodanoda assistant1.5
Noda

Before you chat, review how we handle chat data.

Your messages are sent to our AI provider to generate a reply. Avoid confidential project or operator data. Read our Privacy Policy

This assistant uses a third-party AI model. Messages are processed to generate replies. Do not share sensitive personal, project, or operator data. Privacy Policy

Noda

We value your privacy

We use necessary storage for site functions and, with your permission, analytics tools. You can accept, reject non-essential tracking, or customize your choices. Read our Privacy Policy.