Last update: 03/12/2025
This policy describes how we process the personal data of Users who use our Site, explaining which data we collect, why we do it, with whom we share it, how long we keep it, and which rights Users can exercise under Regulation (EU) 2016/679 ("GDPR") and applicable law. By "we" or the "Controller" we mean Parcel Node, based at Via Monte Velino 18, 20137 Milano (MI), VAT number 03551481207, contact email parcelnode@gmail.com
The Site allows you to book shipments, interfacing with a Logistics Provider that aggregates multiple Couriers. To access the Service, authentication via Google or Auth0 is required, providers that process Users' data as independent Controllers for the authentication part (Privacy Policy of Google, Privacy Policy of Auth0), and which transmit to us only the data necessary according to the permissions granted by the User during the login phase. In fact, Parcel Node does not collect additional data beyond what the User chooses to share through the provider at the time of access: when the User logs in, Parcel Node receives the basic identification data (for example name, surname, verified email address, profile image if available, identifier), and consequently creates the technical profile necessary for using the Service, without asking for further information. If the User enters shipment data (sender, recipient, addresses, contacts, parcel details), this information is processed to provide the shipment, generate labels and fulfill legal obligations related to transport. Payments take place in non-custodial mode via on-chain transfer from the User's address to the address indicated for the order: Parcel Node, in fact, does not accept and does not process data relating to payment cards, IBAN or other financial identifiers attributable to traditional payment instruments, as the Service provides exclusively for transactions in Cryptocurrencies. If the User chooses to pay with Cryptocurrencies other than Bitcoin, any conversion is carried out through third-party services that operate as independent Controllers (Privacy Policy of the current third-party service). By using the Service, the User accepts that payment processing takes place via blockchain on public ledgers - which, by their nature, are transparent and immutable -, that addresses and transaction hashes can be consulted and analyzed by third parties, and that this information, in some circumstances, may be linked to the User's identity when associated with their account or shipment details. We therefore invite Users to consider that the public nature of the blockchain does not allow, once the transaction is confirmed, deletion of on-chain data. In any case, we do not manage nor store the User's private keys, but process exclusively the technical references necessary to reconcile the payment with the order, without which we could not confirm the shipment. During use of the Site we process exclusively what is necessary: in addition to login data from Google or Auth0 and data that the User enters for the shipment, our systems record essential technical logs for security and diagnostics (for example IP address at the time of access, timestamp, user agent, outcome of calls to our endpoints). We do not use tracking tools for advertising purposes; if in the future we decide to introduce essential performance metrics, we will do so in aggregated form, or anonymized when possible.
We process Users' data only to allow them to use the Site, book shipments and receive assistance, on the following legal bases: (i) contract performance: account creation and order management (Art. 6.1.b GDPR); (ii) legal obligations: retention of billing data, transport data, tax compliance (Art. 6.1.c GDPR); (iii) legitimate interest of the Controller: Site security, abuse prevention and operational continuity (Art. 6.1.f GDPR), in any case respecting the principle of minimization and after balancing with the rights and freedoms of the Data Subjects. We do not carry out commercial profiling nor send promotional communications without the User's prior consent (Art. 6.1.a). The provision of data necessary for account creation and shipment booking is mandatory to be able to use the Service: failure to provide it results in the impossibility of creating the account or completing the shipment order. The provision of additional data is optional, but may be necessary for specific functionalities or User requests.
The Site uses technical cookies necessary for the authentication session to function. In particular, a session cookie is set that keeps the User authenticated between one page and another and, if consent is given, between one visit and another until expiration. This cookie has no profiling purposes, does not track navigation for advertising purposes and contains exclusively information essential to recognize the User's session. The maximum duration is limited (generally up to 30 days or until logout, depending on security configuration) and the cookie is marked with appropriate security attributes (for example HttpOnly and, on HTTPS connections, Secure). We also use third-party tools that may employ cookies or similar technologies for technical and analytical purposes: Datadog (for application performance monitoring, error detection and diagnostics), Vercel Analytics (for aggregated analysis of Site visits) and Google Tag Manager (for managing tracking tags). These tools operate exclusively for technical, security and aggregated performance analysis purposes, not for advertising or behavioral profiling purposes. Data collected by these tools is processed in aggregated or anonymized form when possible, and cookies used have limited duration. For more information on the privacy policies of these services, please refer to their respective privacy notices: Datadog (https://www.datadoghq.com/legal/privacy/), Vercel (https://vercel.com/legal/privacy-policy), Google (https://policies.google.com/privacy).
To provide shipments we communicate to our partners only the strictly necessary information. Our Logistics Provider and Courier aggregator (Privacy Policy) receives from us the technical order data and details necessary to generate the label and book pickup, processing them as an independent Controller; in the same way, the involved Couriers receive the essential data to perform the transport service (for example, sender, recipient, addresses, contacts, delivery notes, parcel characteristics) and process them as independent Controllers. Providers that support us in infrastructure (for example hosting, security, transactional mail) generally act as Processors under Art. 28 GDPR, bound by DPA (Data Processing Agreement). We do not sell personal data, grant unjustified access or authorize uses beyond service provision.
Some technical providers, such as Google or Auth0 for authentication, may process data outside the European Economic Area. In such cases we adopt adequate safeguards under Arts. 44 et seq. GDPR, such as Standard Contractual Clauses approved by the European Commission and supplementary measures when necessary. The User can request more information about transfers concerning them and obtain a copy of the applicable safeguards, by writing to us at the contact address indicated above.
We retain data for the time strictly necessary for the described purposes. Elements related to the shipment contract are kept for the periods required by civil, tax and transport law and, where necessary, for the time required to protect our rights in judicial or extrajudicial proceedings. Technical security logs are retained for short periods, proportionate to diagnostic and abuse prevention needs. Session data expires automatically according to authentication configuration or is deleted at logout. On-chain information remains visible on the blockchain: in our internal system we retain only the minimum references essential for accounting reconciliation and handling disputes or claims, for the time strictly necessary for such purposes.
We have adopted appropriate technical and organizational measures to protect data, including encrypted connections (HTTPS/TLS), infrastructure hardening, role segregation, access control and backup procedures. Cryptocurrency payment management has been designed so as not to store Users' private keys nor expose our private keys on servers. Despite our efforts, no computer system can be said to be completely secure: in any case, we can assure that we will continue to improve security in function of the evolution of threats and industry best practices.
At any time the User can exercise the rights provided by Arts. 15 et seq. of the GDPR, of access, rectification, erasure, restriction, objection, and data portability. When processing is based on consent, it can be withdrawn without affecting the lawfulness of processing already carried out. Users are aware that, due to the decentralized and immutable nature of the blockchain, the Controller cannot modify, obscure or delete data recorded on-chain: any request to exercise rights in this regard will therefore be handled within the technical limits of the technology used, adopting when possible measures aimed at minimizing references present in the Controller's internal systems. Users also have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or the authority of their country of residence or work. For requests relating to their rights, we invite Users to write to us at parcelnode@gmail.com: we will respond as soon as possible, and in any case within the legal timeframes.
The Service is intended for adult Users; therefore, we do not knowingly collect data from minors. If the User believes that a minor has provided us with their personal data, they are invited to contact us: we will adopt appropriate measures to remove the information from our systems, compatibly with legal obligations and with the technical limits already described for blockchain transactions.
We may update this Policy for legal reasons or for the evolution of the Service: the current version is always available on this page and bears the date of last update indicated at the beginning of this Policy.
For any questions about the processing of your data or to exercise the rights provided by law, the User can contact us here: Parcel Node – Via Monte Velino 18, 20137 Milano (MI) – parcelnode@gmail.com.