The Node

CDK

Privacy Policy

1. Who we are ?

THE NODE
455 Avenue Alfred Sauvy
34470 PÉROLS
Siret: 89467939800020

Contact: dev@thenode.gg

This policy explains how we collect, use, share, and protect the personal data of users who use our website to claim CD keys after signing in with Twitch or YouTube.

2. Service overview

Our website offers a collection of games where a signed-in user (via Twitch or YouTube) can claim a CD key. To operate, we only use the data strictly necessary to:

  • verify the user’s identity through OAuth (Twitch / YouTube);
  • associate and deliver a CD key by email to the requester.

3. What data do we collect?

We only collect the following information when you log in via Twitch or YouTube:

  • Username (display name)
  • Email address (to send the CD key)
  • Avatar (profile image URL)
  • Follower count (public data read via API)

We do not extract or store any other data from your accounts (no private messages, no video history, etc.).

4. OAuth scopes used

For authentication, we only request the following scopes:

YouTube (Google): [ 'email', 'https://www.googleapis.com/auth/youtube.readonly', 'https://www.googleapis.com/auth/userinfo.profile' ]
Twitch: [ 'user:read:email', 'channel:read:subscriptions' ]

These scopes allow us to retrieve your email, username, avatar, and public channel information (followers/subscriptions) in read-only mode.

5. Cookies and storage

We use the minimum number of cookies required:

  • Session cookie — to keep the user session active after login. This is the only authentication cookie we use.

We do not use any tracking or analytics cookies by default. If we ever add such tools (analytics, advertising, etc.) in the future, we will clearly indicate it and, where required, request user consent.

6. Purpose of processing

We use your data to:

  • authenticate you and maintain your session;
  • link a user to a CD key claim request;
  • send the CD key by email (randomly chosen from the available stock);
  • prevent fraud and enforce our terms of service (e.g., prevent automated or repeated claims).

7. Legal basis

Under the GDPR (if applicable), we process your data on the following legal bases:

  • Contract performance: to provide the service (authentication and CD key delivery);
  • Legitimate interest: security, fraud prevention, service improvement;
  • Consent: if any non-essential processing (marketing, analytics) is added in the future, we will request explicit consent.

8. Data sharing and subprocessors

We may share your data with:

  • technical service providers (hosting, email sending) acting as data processors;
  • the external APIs used for authentication: Google (YouTube) and Twitch — we comply with their terms of use and data policies;
  • authorities, if required by law (e.g., legal request).

We do not sell your data to third parties.

9. Transfers outside the EU

Some of our providers may be located outside the European Economic Area (EEA). In such cases, we implement appropriate safeguards (such as standard contractual clauses or other legally recognized mechanisms) to protect your data.

10. Data retention period

We keep your data for as long as necessary to provide the service, comply with legal obligations, and resolve disputes. By default:

  • authentication/session data: during your session + a short technical retention period (configured server-side);
  • contact data (email used for key delivery): retained if needed for delivery records and fraud prevention, then deleted or anonymized according to our internal policy.

You may request the specific retention duration for each data type by contacting us (see section Contact).

11. Security

We apply reasonable technical and organizational measures to protect personal data against loss, alteration, or unauthorized access (encryption, restricted access, monitoring, internal policies).

No system is completely invulnerable; if a security incident compromising personal data occurs, we will notify affected users and the competent authorities as required by law.

12. Your rights

Depending on applicable law, you have the following rights:

  • access your data;
  • rectify it;
  • erase it (right to be forgotten) within legal limits;
  • restrict processing;
  • object to processing (where applicable);
  • data portability (where applicable).

To exercise any of these rights, contact us at dev@thenode.gg. If you believe we have not complied with the applicable data protection law, you may also contact your local data protection authority (e.g., CNIL in France).

13. Policy updates

We may update this policy from time to time. The version published on the website always indicates the latest update date. We will inform users of any significant changes.

14. Contact

For any question regarding data protection:

THE NODE
Email: dev@thenode.gg
Address: 455 Avenue Alfred Sauvy, 34470 PÉROLS, France