Nodex
Privacy Policy
Last updated: 3 July 2026 This Privacy Policy explains how MAGRATHEAN UK LTD, trading as Magrathean UK, handles personal data in connection with Nodex, the Nodex website, the Nodex iOS/iPadOS app, App Store subscriptions, support, security reports and related communications. Nodex is designed as a local-first, agentless Linux server-monitoring app. It connects from your Apple device directly to servers that you configure over SSH. It is not a Magrathean-hosted cloud monitoring service and, by default, Magrathean does not receive your server list, SSH credentials, private keys, host metrics, logs, command output, service state, container state, alert history, history exports or support bundles. This Policy is written for UK GDPR, EU GDPR and PECR/ePrivacy transparency. It also explains the operational limits of a local-first infrastructure tool. If you use Nodex for an organisation, employer, customer or managed server estate, you are responsible for ensuring that your use of Nodex is lawful for those systems and for any personal data contained in server logs, usernames, process lists, service names, container data or exports.
Contents
Who we are Scope of this Policy Local-first design Data stored locally by Nodex Data collected by Magrathean Sources of personal data Purposes and lawful bases Your role when monitoring servers Special category, criminal offence and sensitive data Recipients and processors International transfers Cookies, local storage and similar technologies Security Retention Deleting and exporting data Your rights Complaints Automated decision-making and profiling Children and minors No sale, advertising tracking or AI training
Who we are
The controller for personal data that Magrathean controls is:
MAGRATHEAN UK LTD (trading as Magrathean) Company number: 16955343 Registered in England and Wales Registered office: 16 Caledonian Court, West Street, Watford, England, WD17 1RY Website: https://magrathean.uk Nodex website: https://nodexapp.eu Privacy contact: [email protected]
References to “Magrathean”, “we”, “us” or “our” mean MAGRATHEAN UK LTD. References to “Nodex” mean the Nodex app, website, documentation and related services.
We have not appointed a statutory Data Protection Officer unless we publish different details. Privacy enquiries should be sent to [email protected].
EU representative
MAGRATHEAN UK LTD is established in the United Kingdom. If EU GDPR Article 27 requires us to appoint an EU representative for the relevant processing, the representative will be:
Magrathean has not appointed an EU representative at the date of this policy. EEA users and supervisory authorities may contact Magrathean directly at [email protected]. Magrathean keeps Article 27 EU GDPR representative requirements under review and will publish representative details if required.
Until an EU representative is appointed and published, EEA users and supervisory authorities may contact us at [email protected]. Magrathean should confirm its Article 27 position with EU/local counsel before materially targeting EEA users.
Scope of this Policy
This Policy applies to:
- the Nodex app for iOS/iPadOS;
- Nodex widgets, Shortcuts, Siri/App Intents and other Apple system surfaces supported by the app;
- App Store subscription and entitlement handling for Nodex Premium;
- the Nodex website at nodexapp.eu;
- support, security-reporting and business communications with Magrathean;
- files, screenshots, logs, diagnostics, exports or support bundles that you choose to send to Magrathean.
This Policy does not govern Apple’s own processing through the App Store, iOS/iPadOS, StoreKit, Apple ID, payment, refunds, device diagnostics or platform services. Apple is responsible for its own privacy practices.
This Policy also does not govern your target servers, hosting providers, SSH services, Linux distributions, container runtimes, network providers, observability tools, email providers or export destinations. Those systems may process personal data independently.
Local-first design
Nodex is designed so that the app connects directly from your Apple device to your configured Linux servers over SSH. Nodex does not require a Magrathean cloud account or Magrathean-hosted relay to monitor your servers.
By default, Magrathean does not collect or receive:
- SSH passwords, private keys, passphrases or sudo passwords;
- server hostnames, IP addresses, ports, usernames, groups or tags;
- known-host public keys or fingerprints;
- metrics, history, charts, alerts, systemd service state, process lists, Docker/Podman data, logs or command output;
- CSV exports, support bundles or screenshots;
- local app settings, saved log searches, local alerts or widget snapshots.
This local-first design has an important consequence: for data that remains only on your device or your servers, Magrathean usually cannot access it, export it, correct it or delete it for you. You control that data through your device, your operating system, Nodex settings and your target servers.
Data stored locally by Nodex
Depending on the features you use, Nodex may store the following categories of data on your device.
Server configuration data
Nodex may store:
- server display name;
- hostname or IP address;
- SSH port;
- username;
- server group;
- tags;
- favourite status;
- selected server ID;
- polling interval;
- alert lookback period;
- distribution family;
- whether public-IP lookup is enabled;
- capability information such as kernel, package manager, Docker/Podman support, systemd support, journalctl support, sudo support, tmux support, sensor/storage/network-tool support and related feature flags.
Credentials and SSH key material
Nodex may store or reference:
- SSH password records;
- imported SSH private key data;
- SSH private-key passphrases;
- SSH key labels, key type and fingerprint;
- SSH key-file paths where you choose to reference a key file;
- sudo password records;
- keychain identifiers used to retrieve secrets.
Where supported by Apple’s platform, credential secrets and raw private-key material are stored in the device Keychain with device-only, non-synchronising accessibility. Nodex metadata, such as a key label or fingerprint, may be stored outside the Keychain so the app can display and manage keys.
Known-host and trust data
Nodex may store:
- known-host identifiers;
- hostnames, ports and usernames;
- SSH public key type;
- public key text;
- SSH host-key fingerprints;
- host-key trust decisions;
- trust-event timestamps and details.
This supports host-key verification and warnings when a server identity changes.
Metrics, history and operational data
Nodex may process or store, locally:
- CPU usage, load and CPU summaries;
- memory totals and usage;
- disk usage and mount information;
- network interface names, addresses, counters and transfer rates;
- temperature readings;
- uptime and freshness indicators;
- public IP values where enabled;
- process information;
- systemd service names, descriptions and states;
- failed service information;
- journal/log excerpts;
- alert items and alert override state;
- Docker/Podman container IDs, names, images, status, runtime state, events, logs and stats;
- health-rule findings;
- uptime-check results;
- storage and security-update findings;
- integration metrics fetched from local Prometheus, Glances or Netdata endpoints on the target server where available;
- command metrics and action transcripts.
Some of this data may be personal data if, for example, it contains a hostname linked to a person, a username, a personal IP address, log entries about identifiable users, customer identifiers, account names or data from a production system.
Widgets, Shortcuts, Siri/App Intents and app-group storage
If you use widgets, Shortcuts, Siri/App Intents or other Apple system surfaces, Nodex may cache selected data in app-group storage so those surfaces can work. This may include:
- server IDs, display names, hostnames, groups and tags;
- selected server ID;
- service names, descriptions, server names and service states;
- container IDs, names, images, status, compose project, pod name and runtime state;
- widget snapshots, including CPU, memory, disk, alert count and last-updated information;
- pending routes that tell Nodex what tab, server, service, container or tool to open.
Depending on your device settings, system surfaces may make this information visible in widgets, Shortcuts, Siri suggestions, system search, shared-device contexts, lock-screen widgets or backups. You are responsible for configuring Apple system-surface settings appropriately for your threat model.
Local preferences and app state
Nodex may store local preferences and app state, including:
- auto-connect setting;
- selected theme or appearance settings;
- saved log searches;
- alert acknowledgements and snoozes;
- demo-mode state;
- subscription product IDs or development overrides where applicable;
- pending App Intent routes;
- local diagnostic information.
Exports and temporary files
If you export history or create a support bundle, Nodex may create temporary files on your device. These may remain in temporary storage, shared destinations, email, messaging apps, Files, backups, support tools or third-party services according to your choices and operating-system behaviour.
You should review and delete exports and support bundles when no longer needed.
Data collected by Magrathean
Magrathean receives personal data only in limited circumstances.
Support and security communications
If you contact us, report a vulnerability, request support, send feedback or make a business enquiry, we may receive and process:
- your name;
- email address;
- organisation;
- role;
- message content;
- attachments;
- screenshots;
- logs;
- diagnostics;
- support bundles;
- vulnerability details;
- correspondence metadata;
- any other information you choose to provide.
Do not send secrets, private keys, passphrases, tokens, production credentials, customer data, regulated data or full production logs unless we have agreed a secure route and scope in advance.
Support bundles and diagnostics you choose to send
If you create or send a Nodex support bundle, it may include, depending on your choices and server capabilities:
- kernel and uptime information;
unameoutput;/etc/os-release;/proc/meminfo;- disk usage such as
df -hPT; - failed systemd units;
- recent
journalctloutput; - optional Docker/Podman
psandstatsoutput; - Nodex local diagnostics, including server display name, hostname, port, authentication-method description, connection state, capabilities, alert count, service count, container count, command metrics, action transcripts and SSH diagnostics.
Nodex attempts to redact common secrets before presenting or including local diagnostics, but redaction is not a guarantee. Diagnostics and support material may still include hostnames, IP addresses, usernames, ports, service names, container names, image names, command labels, timestamps, fingerprints, errors, infrastructure identifiers or personal data from your server logs.
You must review, minimise and redact support material before sending it.
App Store and subscription data
Nodex Premium is sold through Apple In-App Purchase. Apple processes payment details, Apple ID information, refunds, subscription management and tax/payment records under Apple’s own terms and privacy policy.
Magrathean may receive or access limited App Store Connect and StoreKit-related information, such as:
- transaction or entitlement status;
- product identifier;
- subscription status;
- renewal or expiry status;
- refund, revocation or billing-status signals where Apple makes them available;
- aggregated or territory-level sales and financial reports;
- Apple-provided customer support or transaction identifiers where relevant.
Magrathean does not receive your full payment card details from Apple.
Website data
When you visit nodexapp.eu or magrathean.uk, website hosting, security and network systems may process:
- IP address;
- user-agent;
- requested URL;
- referrer;
- timestamp;
- approximate technical location derived from IP address;
- TLS and connection metadata;
- security events;
- error logs.
The Nodex website also uses cookies and similar analytics, measurement and tracking technologies (such as Google Analytics) that are active by default; we do not display a cookie consent banner. See Cookies, local storage and similar technologies for the technologies used, the data processed, our lawful basis (legitimate interests) and the controls available to you.
Legal, financial and business records
If you transact with us outside Apple, enter into a contract, submit a legal request, send a complaint or correspond about business matters, we may process records needed for:
- contract administration;
- invoices and accounting;
- tax;
- compliance;
- legal claims;
- audit;
- fraud prevention;
- dispute handling.
Sources of personal data
We may obtain personal data from:
- you, when you contact us, configure the app or send material;
- your device and the Nodex app, where you choose to send logs, diagnostics, screenshots, exports or support bundles;
- your configured SSH servers, but only to the extent that you send resulting data to Magrathean;
- Apple, StoreKit and App Store Connect;
- website hosting, email, security and support providers;
- professional advisers, regulators, law enforcement or courts;
- publicly available sources, where relevant to a security report, misuse report, legal claim or business communication.
Purposes and lawful bases
The table below explains the main purposes for which Magrathean acts as controller.
| Purpose | Data involved | Lawful basis |
|---|---|---|
| Providing the Nodex app as local-first software | App configuration and on-device processing controlled by you; Magrathean normally does not receive local server data | Contract performance where we provide the app; legitimate interests in providing a privacy-preserving local-first tool |
| App Store subscription entitlement and premium access | StoreKit entitlement status, product identifiers, subscription status, limited App Store reporting | Contract performance; legitimate interests in providing paid features, preventing fraud and maintaining business records |
| Support and troubleshooting | Contact details, messages, screenshots, diagnostics, logs, exports or support bundles you send | Contract performance where support relates to Nodex; legitimate interests in responding to requests, diagnosing issues and improving reliability |
| Security reports and vulnerability handling | Contact details, vulnerability reports, technical evidence, correspondence, security logs | Legitimate interests in protecting Nodex, users and Magrathean; legal obligation where applicable |
| Website delivery and security | IP address, user-agent, request logs, security events | Legitimate interests in operating, securing and defending the website; legal obligation where applicable |
| Website analytics, measurement and campaign attribution | Pages viewed, events and interactions, referring source, UTM and ad-click identifiers, approximate location from IP, device/browser/OS information and similar usage data, collected via cookies and analytics tools (such as Google Analytics) that are active by default | Legitimate interests in understanding and improving how our website and campaigns perform and in keeping the site secure (Article 6(1)(f) UK GDPR) |
| Legal, accounting, tax and compliance | Account, payment, invoice, corporate, correspondence and transaction records | Legal obligation; legitimate interests in operating and defending the business |
| Disputes, misuse and enforcement | Account, support, website, app, security and correspondence records | Legitimate interests in enforcing terms, preventing abuse, protecting systems and handling disputes; legal obligation where applicable |
| Direct communications you request | Contact details and message content | Consent where required; legitimate interests where responding to an enquiry or existing relationship is permitted |
| Product planning and improvement from voluntary feedback | Feedback, correspondence and non-secret technical details you choose to provide | Legitimate interests in improving Nodex; contract performance where feedback relates to support |
We do not use server logs, metrics or support material that you send for advertising, sale of personal data, cross-context tracking or training general-purpose AI models.
Your role when monitoring servers
Nodex is an infrastructure-administration tool. If you use Nodex to monitor or administer systems that contain personal data, you or your organisation may be a controller, processor or administrator of that server-side data. You are responsible for:
- having permission to access each server;
- ensuring there is a lawful basis for processing any personal data surfaced through Nodex;
- giving required notices to users, employees, customers or other data subjects;
- respecting employment, customer, confidentiality, security, monitoring and telecoms rules;
- limiting access to logs and personal data;
- minimising exports and support material;
- protecting SSH credentials and devices;
- handling data-subject requests relating to systems you control.
Magrathean is not your processor for server-side data that remains on your device or your servers. Magrathean only processes server-derived data if you choose to send it to us, or if we enter into a separate written data-processing agreement.
Special category, criminal offence and sensitive data
Nodex is not designed to collect special category data, criminal offence data, children’s data or regulated customer data. However, server logs, process lists, container names, service names, filenames, URLs or support bundles may contain such information depending on your systems.
Do not send Magrathean special category data, criminal offence data, secrets, credentials, medical data, financial data, children’s data, customer production data, regulated data or third-party confidential data unless:
- it is strictly necessary for a clearly defined support or security purpose;
- you have authority and a lawful basis to disclose it;
- you have minimised and redacted it as far as possible;
- we have agreed an appropriate secure route and handling scope.
Recipients and processors
We may share or make available personal data with the following categories of recipients where necessary:
- Apple, App Store, StoreKit, Apple ID, Apple payment, refund and device/platform services;
- website hosting, CDN, DNS, security and infrastructure providers;
- email, support and security-reporting providers;
- professional advisers, accountants, auditors, insurers and legal advisers;
- regulators, law enforcement, courts or public authorities where required or appropriate;
- payment, tax or business administration providers where we transact outside Apple;
- acquirers or successor entities if Magrathean is involved in a corporate transaction;
- providers or destinations you choose, such as your SSH hosts, hosting providers, network providers, Files, email, messaging apps, cloud drives or export destinations.
Where we use processors, we require contractual controls requiring them to process personal data only for authorised purposes, protect it appropriately and support applicable data-protection obligations.
International transfers
Magrathean is based in the United Kingdom. Some recipients and providers may process personal data in the United Kingdom, EEA, United States or other countries.
Where UK GDPR or EU GDPR transfer rules apply, we rely on one or more of the following:
- an adequacy regulation or adequacy decision;
- the EU standard contractual clauses;
- the UK International Data Transfer Agreement;
- the UK Addendum to the EU standard contractual clauses;
- transfer risk assessments and supplementary measures where required;
- a specific legal derogation, such as where a transfer is necessary for a contract, legal claim or request you make.
You may request information about relevant transfer safeguards by contacting us.
UK 2026 data-law update: recognised legitimate interests, complaints and local-first boundaries
This notice is drafted for the UK GDPR, the Data Protection Act 2018 and PECR as amended by the Data (Use and Access) Act 2025 where those laws apply.
For ordinary website operation, support, app administration, analytics, B2B outreach, service delivery, account administration and security logging, we rely on the lawful bases stated elsewhere in this notice. We may rely on the UK GDPR recognised legitimate interests basis only where the relevant statutory condition is available, such as prevention or detection of crime, safeguarding, emergency response, national or public security, or disclosure to an organisation or public authority that needs the information for a public task. We do not rely on recognised legitimate interests for routine commercial marketing, ordinary app analytics, cross-site advertising, retargeting or general prospecting.
Nodex is local-first for server profiles, metrics, logs, host fingerprints, SSH material, widgets, history and operational state. Magrathean normally cannot search, delete or export data stored on your device or on your servers unless you send it to us or give us access under a separate written support arrangement.
If a support request, bug report, screenshot, export, diagnostic bundle or legal request contains secrets, tokens, keys, passwords, private footage, raw tenant exports, special-category data, children’s data, criminal-offence data or other high-risk material, we may reject, delete, quarantine, return or restrict that material unless a secure written handling process has been agreed. Sending material to Magrathean does not make Magrathean responsible for data we did not request and cannot reasonably inspect before receipt.
Cookie and storage-technology implementation note
Where a Magrathean website or product page uses cookies, local storage, tracking pixels, scripts, tags, link decoration, device/browser signals or similar storage/access technologies, those technologies should be read in three groups:
- strictly necessary, security, anti-abuse, load-balancing, rate-limiting, form-protection and fraud-prevention technologies;
- low-risk analytics or measurement technologies where an applicable UK PECR exception is available and the use is not for advertising, cross-site tracking or user-level profiling;
- advertising, remarketing, cross-site tracking, tag-based conversion measurement, fingerprinting, behavioural profiling or similar technologies, if enabled.
The operational position remains that the relevant websites may run cookies, analytics, measurement, attribution and similar technologies by default without a consent banner, as described in this notice. You can block or delete cookies and similar technologies through browser, device, DNS, content-blocking or network controls. This notice describes the processing; the live cookie/tag configuration should be kept aligned with this notice and with any product-specific statement.
Cookies, local storage and similar technologies
Website: cookies, analytics and tracking
The Nodex website (nodexapp.eu) and magrathean.uk use cookies and similar technologies — including first- and third-party analytics, measurement and tracking tools such as Google Analytics — to understand how the site is used, measure traffic and campaigns, improve content, and protect the site. These technologies are active by default when you visit the site. We do not display a cookie consent banner and we do not ask you to opt in before analytics run.
Acceptance. By accessing, browsing, or continuing to use this website, you accept the use of the cookies, analytics, measurement, attribution, and tracking technologies described in this section, and you acknowledge that they are active by default from your first visit without a consent banner. If you do not accept this, use the browser-level controls described in this section or stop using the website. This acceptance operates alongside — and does not replace — the lawful basis stated in this section, and you may object to our legitimate-interests processing at any time.
Through these technologies we may process: pages viewed, events and interactions, referring source, UTM and ad-click identifiers (such as gclid, gbraid, wbraid, msclkid), approximate location derived from IP address, and device, browser and operating-system information, together with similar usage data.
Lawful basis. For website analytics, measurement and attribution we rely on our legitimate interests (Article 6(1)(f) UK GDPR) in understanding and improving how our website and campaigns perform and in keeping the site secure. We do not sell personal data and we do not use this data to make decisions producing legal or similarly significant effects about you.
Your controls. Because we do not operate a consent banner, you control these technologies yourself. You can: block or delete cookies in your browser settings; install the Google Analytics opt-out browser add-on (tools.google.com/dlpage/gaoptout); use privacy or content-blocking extensions; or object to our legitimate-interests processing by emailing [email protected]. We do not currently respond to browser Do-Not-Track signals. Blocking cookies may limit some features but will not stop you reading the site.
The website and its hosting and security providers may also use or generate strictly necessary technical data to deliver pages, secure the service, prevent abuse, maintain logs, debug errors and protect the website. This may include IP addresses, user agents, request logs and security events.
App
The Nodex app uses local storage technologies such as SwiftData, Keychain, UserDefaults, temporary files and App Group storage for app functionality, security, subscriptions, preferences, widgets, Shortcuts, diagnostics and exports. These are not used by Magrathean for advertising or cross-site tracking.
Apple’s operating system and App Store services may use their own storage, diagnostics and identifiers under Apple’s rules.
Security
Nodex includes security-oriented design measures, including:
- direct SSH connections from your device to your configured hosts;
- no Magrathean cloud relay for server monitoring by default;
- local Keychain storage for secrets where supported;
- device-only, non-synchronising Keychain attributes where supported;
- SwiftData local persistence with no CloudKit database configured by the app;
- host-key verification and known-host trust records;
- separation of credential storage from ordinary server metadata;
- redaction of common secrets in diagnostics;
- bounded local diagnostic and metric histories;
- support for deleting servers, credentials, known-host data and metrics through app workflows.
No app can guarantee absolute security. You remain responsible for device security, passcodes, biometric access, iCloud and device backup settings, Mobile Device Management profiles, physical access to your device, SSH account permissions, least-privilege server users, key rotation, sudo configuration, server logging policies, VPN/network security and reviewing exports before sharing.
Retention
Local retention on your device
Local server profiles, known-host records, SSH key metadata, preferences, saved searches, app-group system-surface data and related settings remain on your device until you delete the relevant data, delete hosts, remove keys, clear history, reset local data, remove widgets/shortcuts, uninstall Nodex or the operating system removes them.
Local metric history is kept for up to approximately 7 days or approximately 2,880 records per server unless you clear it sooner.
Recent action transcripts are limited to approximately 100 entries. Command metrics are limited to approximately 200 entries. The in-app SSH diagnostic collector is limited to approximately 1,000 messages. Alert history and override state may be retained locally for operational use and then aged or removed according to app behaviour.
Temporary exports and support bundles remain where the operating system or you store, share or copy them until they are deleted.
Data held by Magrathean
We keep Magrathean-controlled data only as long as reasonably necessary for the relevant purpose:
- ordinary support correspondence: up to 24 months after closure;
- support attachments, logs, diagnostics, screenshots and support bundles: up to 12 months after closure unless needed for security, legal or dispute reasons;
- vulnerability reports and security evidence: up to 6 years after closure where needed to maintain security records and defend against claims;
- legal complaints, misuse reports, dispute records and enforcement evidence: up to 6 years after final resolution, or longer where required by law;
- accounting, tax, invoice and business records: up to 7 years;
- website access logs: up to 12 months;
- website security logs and abuse-prevention records: up to 24 months;
- App Store transaction and entitlement records accessible to us: according to Apple availability and our business, tax, accounting and dispute needs, usually up to 7 years for business records;
- business enquiries that do not become customers: up to 24 months.
We may retain records longer where required by law, a regulator, tax authority, court order, legal claim, security incident or audit obligation.
Deleting and exporting data
For local Nodex data, use the app and device controls available to you. Depending on the data, this may include:
- deleting a server profile;
- clearing metric history;
- deleting SSH keys from the key library;
- removing saved credentials;
- removing known hosts;
- clearing saved log searches;
- deleting temporary CSV exports;
- deleting support bundles from the temporary folder, Files app or shared destinations;
- removing widgets and Shortcuts;
- clearing app data or uninstalling the app;
- managing iCloud, device backup and MDM settings.
Magrathean cannot delete data that remains only on your device, in your Apple account, on your target servers, in your backups or in third-party destinations you chose.
For data that Magrathean controls, such as support correspondence or files you sent us, contact [email protected].
Your rights
Depending on your location and the relevant law, you may have rights to:
- access your personal data;
- receive a copy of personal data;
- correct inaccurate personal data;
- delete personal data;
- restrict processing;
- object to processing;
- data portability;
- withdraw consent where processing is based on consent;
- object to direct marketing at any time;
- lodge a complaint with a supervisory authority.
The right to object to processing based on legitimate interests is available where the law provides it. If you object, we will stop processing the relevant personal data unless we have compelling legitimate grounds or need the data for legal claims.
These rights apply to personal data that Magrathean controls. They do not automatically apply to purely local app data that Magrathean cannot access, to Apple-controlled App Store records, or to personal data on servers and systems controlled by you or third parties.
We may need to verify your identity before responding. We normally respond within one month where UK GDPR or EU GDPR applies, but may extend that period where the law allows for complex or multiple requests.
Complaints and rights-request handling
You may complain to Magrathean first by emailing [email protected]. Please include enough information for us to identify the product, website, account, support thread, submission, export, device-local issue or customer engagement involved. Do not include passwords, private keys, bearer tokens, recovery codes or unnecessary raw personal data in the first message.
Where UK data-protection law requires complaint handling, we will acknowledge a data-protection complaint within 30 days and respond without undue delay. A complaint is separate from a UK GDPR rights request, but we may treat the same message as both where it asks us to exercise a data-protection right.
For rights requests, we normally respond without undue delay and within one month of receipt, or within one month of receiving information reasonably needed to confirm your identity or clarify the request. Where the law permits it, we may extend the response period by up to two further months for complex or multiple requests. Searches for access requests will be reasonable and proportionate. For local-first product data, we can usually act only on data Magrathean actually controls or has received.
You may also complain to the UK Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/. We would prefer the chance to address the issue first, but you are not required to contact us before contacting the ICO.
If EU GDPR applies to your use, you may also complain to a supervisory authority in the EU Member State where you live, where you work or where you believe an infringement occurred.
Automated decision-making and profiling
Magrathean does not use Nodex data for solely automated decisions with legal or similarly significant effects on individuals.
Nodex may generate alerts, health findings, freshness indicators, feature gates and local operational recommendations. These are informational or app-access functions. Administrators remain responsible for deciding whether to act on them.
Children and minors
Nodex is an infrastructure-administration tool. It is not directed to children or minors.
Do not use Nodex if you are below the age required to administer the relevant systems or make App Store purchases in your country. If you believe a child or minor has sent personal data to Magrathean, contact us so we can take appropriate steps.
No sale, advertising tracking or AI training
Magrathean does not sell personal data.
Magrathean does not use Nodex server data, support bundles, logs, metrics, command output or diagnostics for behavioural advertising, cross-context tracking or training general-purpose AI models.
If we use anonymised or aggregated operational lessons from support to improve Nodex, we do not use them to identify you, your organisation or your systems.
Changes to this Policy
We may update this Policy when Nodex, our website, our vendors, legal requirements or our operating practices change. We will update the “Last updated” date when we make changes.
If a change materially affects how Magrathean controls personal data, we will take reasonable steps to bring it to users’ attention, such as updating the website, App Store metadata or in-app notices where appropriate.
Governing law
This Policy and any non-contractual obligations arising out of it are governed by the laws of England and Wales, without prejudice to any mandatory data-protection or consumer rights you have under the laws of the country where you live.
Local app data
Nodex may process host profiles, credentials, known-host trust data, metrics, command output, logs, service status, container status, alert history, support bundles, exports, screenshots, subscription state, preferences, and local diagnostics on your device.
Operational actions
Where Nodex exposes service actions, container actions, diagnostic collection, support-bundle generation, widgets, Shortcuts, or other operational surfaces, those actions are initiated from your device against systems you configure and are your responsibility.
Data we do not collect from the app
Magrathean does not automatically collect command output, logs, service status, container status, server lists, host metrics, SSH credentials, private keys, screenshots, diagnostics, exports, alerts, history, analytics, behavioural tracking, advertising identifiers, or cross-app tracking data from the app by default.
Contact
For privacy requests, support-material deletion requests, security-report handling questions or data-protection enquiries, contact:
MAGRATHEAN UK LTD Email: [email protected] Registered office: 16 Caledonian Court, West Street, Watford, England, WD17 1RY