Privacy Policy

Last updated: June 2026

1. Overview

Nivaro is open-source, self-hosted software. When you deploy Nivaro in your own infrastructure, all data lives entirely within your environment — Nodeworks has no access to it. This privacy policy applies only to the Nivaro marketing website at nivaro.io and describes what limited information that site may collect.

If you are looking for information about data handling within a Nivaro CMS deployment, that is governed by your organization's own privacy policy, since you are the data controller for your instance.

2. Information we collect on this website

We collect the minimum information necessary to operate the marketing website. This includes:

• Server logs — standard web server logs containing your IP address, browser user agent, referring URL, requested page URL, and timestamp. These are retained for up to 30 days for security and diagnostics purposes.
• No persistent identifiers — we do not set cookies, browser fingerprints, or any persistent tracking identifiers on your device.
• No analytics — we do not use any analytics platform (Google Analytics, Mixpanel, Plausible, or similar) on this website.

3. What we do NOT collect

The following data is explicitly not collected on this marketing website:

• No user accounts or registrations
• No email addresses or newsletter sign-ups
• No form submissions
• No tracking pixels or beacon requests
• No third-party analytics or advertising scripts
• No session cookies or authentication cookies
• No payment or billing information

4. Third-party services

This website loads resources from a small number of trusted third-party services. By visiting nivaro.io, your browser will make requests to:

• Google Fonts (fonts.googleapis.com, fonts.gstatic.com) — used to serve the Bricolage Grotesque, Onest, and JetBrains Mono typefaces. Google may log your IP address and user agent when serving these font files. See Google's Privacy Policy for details. Font files are loaded via a standard <link> tag; no JavaScript tracking is involved.
• jsDelivr CDN (cdn.jsdelivr.net) — used to serve open-source JavaScript libraries (Lenis, GSAP). jsDelivr may log standard CDN access data. See jsDelivr's Privacy Policy for details.

We do not share any data with these services beyond what is inherent to a browser loading a resource from their servers. We have no control over their data practices.

5. Self-hosted deployments

Nivaro is self-hosted software. When you or your organization runs a Nivaro instance, you become the data controller for all content, user accounts, audit logs, and other data stored in that deployment. Nodeworks has no visibility into, and no responsibility for, data processed within your Nivaro instance.

If your users have questions about how their data is handled in your Nivaro deployment, they should refer to your organization's privacy policy. You are responsible for:

• Notifying your users about data collection and processing
• Complying with applicable privacy laws (GDPR, CCPA, etc.) for your jurisdiction
• Securing your Nivaro instance and its database
• Managing data retention and deletion in your deployment

6. Changes to this policy

We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the website after changes constitutes acceptance of the updated policy.

7. Contact

If you have questions or concerns about this privacy policy or data handling on the nivaro.io website, you can contact us at rob@nodeworks.com.