Legal Document

Arcnode Network

Privacy Policy

This policy explains exactly what data we collect when you visit arcnode.dev or use our applications, why we collect it, how long we keep it, and what rights you have. We have written this to be specific rather than vague.

Effective: 17 February 2026Last updated: 17 February 2026Arcnode Network — Stinoo Network

GDPR Compliance Statement

Arcnode Network is operated from the Netherlands and is subject to the General Data Protection Regulation (GDPR) (EU) 2016/679. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the rights described in Section 7. We process personal data only where a lawful basis under Article 6 GDPR exists, as set out explicitly in Section 4.

01 Who We Are

Arcnode Network is a software studio operating under the Stinoo Network, created and maintained by Stijn, based in the Netherlands. We develop and publish software including ArcJournal, ArcTasks, and the arcnode.dev website.

For all privacy matters, Arcnode Network acts as the data controller within the meaning of Article 4(7) GDPR. Contact us at info@stinoo.dev.

02 Scope of This Policy

This policy covers:

The arcnode.dev website and all associated subdomains — including automated visit tracking, the contact form, and the waitlist sign-up.
ArcJournal — our cross-platform desktop journaling application, distributed via GitHub and the Microsoft Store.
ArcTasks and any future products published by Arcnode Network.

This policy does not cover third-party websites or services linked from our products. Please review their privacy policies independently.

03 What Data We Collect and Why

3.1 Website visit analytics (automatic, on every page load)

Every time any page on arcnode.dev is loaded, our server automatically records the following data. This applies to all visitors including first-time visitors — there is no opt-in mechanism currently in place for this collection:

Data Point	Value / Format	Purpose
IP address	Full IPv4 or IPv6	Personal data under GDPR. Used to identify unique visitors and derive location.
Country	e.g. "BE", "NL"	Derived from IP via Vercel infrastructure.
City	e.g. "Brussels"	Derived from IP via Vercel infrastructure.
Page path	e.g. "/projects"	Which page was visited.
Referrer URL	Full referring URL, if present	The page you navigated from, if any.
User agent	Full browser user agent string	Used to parse browser, OS, and device type.
Browser	e.g. "Chrome", "Firefox"	Parsed from user agent.
OS	e.g. "Windows", "macOS"	Parsed from user agent.
Device type	"desktop", "mobile", "tablet"	Parsed from user agent.
Screen width	Pixels, e.g. 1920	From your browser environment at time of visit.
Screen height	Pixels, e.g. 1080	From your browser environment at time of visit.
Timestamp	Date and time of visit	When the visit occurred.

IP address is personal data

Under GDPR Article 4(1), an IP address constitutes personal data because it can be used, in combination with other information, to identify a natural person. We store full IP addresses in our database. We do this under the Legitimate Interests basis (Article 6(1)(f) GDPR), as described in Section 4. This data is held in our own database and is not shared with third-party analytics platforms such as Google Analytics.

3.2 Waitlist sign-up (voluntary)

If you submit your email address to receive updates on arcnode.dev, we store the following:

Data Point	Value / Format	Purpose
Email address	The address you provide	Used to send product updates. Processed via Resend.
IP address	Full IP at time of sign-up	Stored alongside the subscriber record.
Country	Country at time of sign-up	Derived from IP.
City	City at time of sign-up	Derived from IP.
Browser	Browser name at time of sign-up	Parsed from user agent.
Device type	Device category at time of sign-up	Parsed from user agent.
Email status	"sent" or "not sent", with timestamp	Tracks delivery of the confirmation email.

Device metadata collected at sign-up is for administrative purposes only. Your email is managed via Resend — see Section 5. You may unsubscribe at any time by contacting info@stinoo.dev.

3.3 Contact form submissions (voluntary)

When you use the contact form on arcnode.dev, your name, email address, and message are transmitted via Resend as an email notification to our team. This data is not stored in our database — it exists only in the received email. We retain correspondence for a reasonable period to manage the communication and then delete it.

3.4 ArcJournal desktop application

ArcJournal stores your data on our servers. The following may be stored as part of normal use of the application:

Journal entries you write
Emotion tags and day grades you assign
Application settings and preferences
Account credentials — passwords are stored as a hashed value using bcrypt and are never stored in plain text

All data is transmitted over HTTPS. We do not use your journal content for any purpose other than providing the application to you. You may request permanent deletion of your account and all associated data at any time by contacting info@stinoo.dev.

04 Legal Basis for Processing (GDPR)

Article 6 GDPR requires a lawful basis for every processing activity involving personal data. The following table sets this out clearly for each activity:

Processing Activity	Lawful Basis
Website visit analytics (including IP address storage)	Legitimate Interests (Art. 6(1)(f)) — to understand how the website is used and to maintain and improve it. We have assessed that this interest is not overridden by visitors' fundamental rights, given the limited and non-commercial purpose of the data.
Waitlist email address collection	Consent (Art. 6(1)(a)) — you actively submit your email address and request updates. You may withdraw consent at any time.
Device metadata collected at waitlist sign-up	Legitimate Interests (Art. 6(1)(f)) — collected automatically alongside the sign-up submission for administrative record-keeping.
Contact form processing	Legitimate Interests (Art. 6(1)(f)) — necessary to respond to your enquiry.
ArcJournal application data (journal entries, settings)	Contract performance (Art. 6(1)(b)) — processing is necessary to provide the service you have signed up for.

Right to object to Legitimate Interests processing

Where we rely on Legitimate Interests, you have the right under Article 21 GDPR to object at any time. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds that override your interests and rights. Contact us at info@stinoo.dev to exercise this right.

05 Third-Party Services & Data Processors

We use the following third-party services, each of which acts as a data processor under GDPR Article 28. We do not sell personal data to any of these parties.

VercelPrivacy Policy →

Website hosting and deployment

Vercel processes all HTTP requests to arcnode.dev, which includes your IP address in request headers. Vercel may log standard web server data as part of its hosting service. Vercel's infrastructure also provides the geolocation data (country and city) derived from IP addresses that our analytics system reads.

Vercel Analytics & Speed InsightsPrivacy Policy →

Performance monitoring

These Vercel-native tools collect aggregate, anonymised performance metrics. They do not use cookies and do not track individual users across sessions. They are distinct from our own analytics system described in Section 3.1.

ResendPrivacy Policy →

Transactional email delivery

When you contact us or sign up to the waitlist, your email address and message content are processed by Resend to deliver emails. Resend may retain email delivery logs as described in their own privacy policy.

06 Data Retention

Under GDPR Article 5(1)(e), personal data must not be kept longer than necessary. The following retention periods apply:

Data Type	Retention Period
Website visit records (including IP addresses)	Up to 12 months from the date of the visit. Individual records can be deleted earlier upon request. We are working to implement automated retention limits.
Waitlist subscriber records	Until you unsubscribe or the relevant product has launched, at which point subscriber records are reviewed and pruned. Deleted upon request.
Contact form correspondence	Retained as email for a reasonable period to manage the communication, then deleted. Not stored in our database.
ArcJournal application data	For the duration of your account. Permanently deleted within a reasonable time upon account deletion request.

07 Your Rights Under GDPR

If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights:

Right of access (Art. 15) — to request confirmation of whether we process personal data about you and to receive a copy of that data.
Right to rectification (Art. 16) — to request correction of inaccurate or incomplete data.
Right to erasure (Art. 17) — to request deletion of your personal data, subject to any legal obligations we have to retain it.
Right to restriction of processing (Art. 18) — to request that we limit how we use your data in certain circumstances.
Right to data portability (Art. 20) — to receive a copy of data you provided in a structured, machine-readable format, where processing is based on consent or contract.
Right to object (Art. 21) — to object to processing based on Legitimate Interests at any time. See Section 4.
Right to withdraw consent (Art. 7(3)) — where processing is based on consent (e.g. the waitlist), you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint (Art. 77) — you have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP). You may also contact the supervisory authority in your country of residence.

To exercise any of these rights, contact info@stinoo.dev. We will respond within 30 days as required by Article 12(3) GDPR. We may verify your identity before acting on a request.

08 Children's Privacy

Our products are not directed at children under the age of 13 (or 16 within the EEA, per Article 8 GDPR). We do not knowingly collect personal data from children below these ages.

If you are a parent or guardian and believe your child has submitted personal data to us, please contact info@stinoo.dev and we will delete it promptly.

09 Security

We implement the following technical and organisational measures:

HTTPS encryption for all data in transit between your device and our servers.
Passwords stored as bcrypt hashes — never in plain text.
Token-based authentication (JWT via the jose library) protecting admin access.
Database access restricted to authorised infrastructure components.

No system is perfectly secure. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by Article 34 GDPR.

10 Changes to This Policy

We may update this policy when our practices change or when required by law. The “Last updated” date at the top will reflect the most recent changes. For material changes, we will provide a notice on the website or within our applications.

Continued use of our website or applications after the effective date of a revised policy constitutes your acknowledgement of the changes.

11 Contact Us

For any privacy-related questions, requests, or complaints:

Arcnode Network — Stinoo Network — Netherlands

info@stinoo.dev

Send Email

Arcnode Network — Stinoo Network. Subject to the General Data Protection Regulation (EU) 2016/679 and governed by Dutch law. Also see our Terms of Use & Community Guidelines.