Skip to main content
emnode

Privacy Notice

Last updated: 8 May 2026

1. Background

This Privacy Notice tells you how we look after your personal data when you visit our website at emnode.com or when you use the Emnode cloud cost management platform. It explains your rights under data protection law and how to contact us if you have concerns.

We may update this Privacy Notice from time to time. Please check it regularly to see whether any changes have been made.

2. Who we are

We are Emnode Limited, registered in England and Wales with company number 16998774. Our registered address is Unit 19-20 Bourne Court, Southend Road, Woodford Green, IG8 8HD.

For all visitors to our website and users of our platform, we are the controller of your personal data (which means we decide what information we collect and how it is used).

We are registered with the Information Commissioner's Office (ICO), the UK regulator for data protection matters. Our registration reference is ZC129144.

3. Contact details

If you have any questions about this Privacy Notice or how we use your information, please contact us:

  • Email: [email protected]
  • Post: Emnode Limited, Unit 19-20 Bourne Court, Southend Road, Woodford Green, IG8 8HD

4. The information we collect about you

Personal data means any information which does (or could be used to) identify a living person. We collect the following types:

Category What this includes When we collect it
Identity Data First name, last name, job role, department When you create an account or are invited to one
Contact Data Email address, telephone number (if provided) When you create an account or contact us
Account Data Username When you create an account
Account Security Data Information used to secure your account — for example the hashed password, any multi-factor authentication credentials you set up, and records of security-relevant actions (such as logins or configuration changes), including the IP address used When you create an account, sign in, or take security-relevant actions
Content Data Any content you enter or upload while using the platform — for example text you type, files you attach, or settings you configure. This may contain personal data you choose to include. When you use the platform
Invitation Data Names and email addresses of colleagues you invite, plus any temporary credentials sent to them When you invite someone to your account
Payment Data Credit/debit card details When you subscribe. Processed by our payment provider — we do not store full card numbers.
Technical Data IP address, browser type and version, time zone, operating system, approximate location (city level, derived from IP) Automatically when you visit our website or use the platform
Usage Data Information about how you use the platform (pages viewed, features used) Automatically when you use the platform
Marketing Data Your preferences for receiving marketing from us When you subscribe to updates or opt in/out of communications

We do not collect any special category data (such as health information, religious beliefs, or biometric data).

The cloud billing data we access from your AWS or Azure accounts relates to your business entity and resources — it is not personal data.

5. How we use your information

We are required to have a lawful basis for collecting and using your personal data. The most relevant are:

  • Contract: to fulfil our contract with you;
  • Legal obligation: to comply with a legal requirement;
  • Legitimate interests: to pursue our business aims, provided your rights are not overridden; and
  • Consent: where you have given us permission.

Contract

  • To create and manage your account.
  • To provide the Emnode platform and services to you.
  • To process your subscription payments.
  • To send you service-related communications (e.g. confirmations, changes to the service, security alerts).

Legal obligation

  • To record your marketing preferences.
  • To retain information needed for tax and accounting purposes.
  • To respond to lawful requests from regulators or law enforcement.

Legitimate interests

  • To improve our platform and develop new features, by analysing how the platform is used.
  • To ensure the security of our systems and to detect and prevent fraud.
  • To send you information about our products and services that may be relevant to you (B2B marketing — see section 10).

Consent

  • Where you have opted in to receive marketing emails from us.
  • Where you consent to analytics cookies on our website (see our Cookie Policy).

Where we need your personal data to perform our contract with you (for example, to provide the platform), failure to provide it may mean we cannot provide the service.

6. Who we share your information with

We share (or may share) your personal data with:

  • Our personnel: employees and contractors who need access to provide the service, all bound by confidentiality obligations.
  • Our service providers: organisations that help us run the business (e.g. hosting providers, payment processors). They only access the information necessary to provide their service and are bound by data protection obligations.
  • Our professional advisers: accountants or legal advisors where necessary.
  • Law enforcement or regulators: if required by law or court order.
  • A buyer of our business: in the event of a sale, merger, or acquisition of Emnode.

We do not sell your personal data to anyone.

We publish the current list of third parties (sub-processors) we rely on to run the service at emnode.com/sub-processors.

7. Where your information is stored

We store your personal data on servers in the United Kingdom.

If we need to transfer your data outside the UK, we will ensure it is protected in accordance with the Data (Use and Access) Act 2024. We will only transfer data where the destination country meets the UK's data protection standard, or where appropriate safeguards are in place (such as the International Data Transfer Agreement or UK Addendum to Standard Contractual Clauses).

8. How we keep your information safe

We have implemented security measures to prevent your personal data from being accidentally lost, accessed, or disclosed without authorisation. These include:

  • access controls and user authentication;
  • encryption of data in transit and at rest;
  • internal IT and network security measures;
  • incident and breach reporting processes; and
  • business continuity and disaster recovery procedures.

If there is a data breach that affects your personal data, we will notify the ICO and you (where required by law) without undue delay.

If you notice any unusual activity on your account, please contact us at [email protected].

9. How long we keep your information

We keep your personal data only as long as necessary for the purposes we collected it. Specifically:

  • Account data (identity, contact, account): for the duration of your subscription, plus 2 years after termination in case you return or we need to resolve any disputes.
  • Payment data: transaction records are retained for 7 years to comply with HMRC requirements. We do not retain full card numbers.
  • Technical and usage data: for as long as necessary to fulfil the purpose it was collected for (typically no more than 2 years).
  • Marketing preferences: until you ask us to stop contacting you.

10. Marketing

We market our services to prospective and existing business customers (B2B marketing). We may send marketing communications to business contacts via their work email addresses.

You can opt out of marketing at any time by clicking the unsubscribe link in any email, or by contacting us at [email protected].

Opting out of marketing does not affect communications necessary to provide the service (e.g. billing notifications, security alerts, service updates).

11. Your legal rights

Under UK data protection law, you have the following rights:

  • Access: you can ask for a copy of the personal data we hold about you.
  • Correction: you can ask us to correct inaccurate or incomplete data.
  • Deletion: you can ask us to delete your personal data where there is no good reason for us to continue holding it.
  • Restriction: you can ask us to restrict how we use your data.
  • Objection: you can object to us using your data, including for marketing purposes.
  • Portability: you can ask us to provide your data in a machine-readable format.
  • Complaints: you can complain to the ICO if you are unhappy with how we handle your data. We would appreciate the chance to address your concerns first — please contact us at [email protected].

We will respond to your request within one month. We may extend this by two months if the request is complex, but we will let you know.

There is no fee for making a request, unless it is clearly unfounded or excessive.

12. Cookies

Our website uses cookies and similar technologies (such as browser localStorage). For full details on what cookies we use and how to manage them, see our Cookie Policy.

13. Contact us

If you have any questions about this Privacy Notice, or wish to exercise your data protection rights, please contact us:

  • Email: [email protected]
  • Post: Emnode Limited, Unit 19-20 Bourne Court, Southend Road, Woodford Green, IG8 8HD