Privacy Policy

Table of content:

Introduction
Scope of Application; Updates
Categories of Personal Data
How do we use your Personal Data
Data processing for payment processing
Email and contact form
Data processing via our website
Disclosure of Personal Data; International Transfers
Use of Cookies
Automated Decision-Making and Profiling; Use of AI
How long do we keep your data for?
What are my rights under data protection laws?
Questions, comments and more details

We are n8n GmbH (registered with number HRB 212509 B) trading as n8n.

Our registered address is:
Novalisstr. 10
10115 Berlin
Germany

If you have any questions about this privacy notice, including requests to exercise your data subject rights, please contact us at [email protected]. Your request may be processed by automated means and forwarded to the relevant teams in order to fulfil it.

For confidential inquiries to our external Data Protection Officer, please contact them at [email protected]. Kindly include a reference to n8n and a brief description of your inquiry. The current postal address of our external Data Protection Officer is available here https://freshcompliance.de/en/legal-notice/

1. Introduction

n8n GmbH, with its registered business address at Novalisstr. 10, 10115, Berlin, Germany ("Company", "us", "our", "we"), is committed to protecting your privacy. "User", "you", or "your" refers to any individual who accesses or uses our Website or Services, including any features, tools, or functionality made available through them.

2. Scope of Application; Updates

This Privacy Policy, which applies to all Users, is designed to explain why, how we and when we process personal data to offer and provide our Website and Services. It also describes the choices available to you regarding the processing of your personal data.

This Privacy Policy is part of, and incorporated into, our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service. This Privacy Policy does not apply where separate privacy terms are provided.

Our Website and Services may contain links to third-party websites and may integrate third-party functionalities, such as social media plug-ins, tools, or APIs, to enhance your experience. We do not control these third parties or how they process, or use personal data, and their privacy practices may differ from ours. Any personal data you provide or that is processed through such third-party websites or functionalities is governed solely by the respective third party’s privacy policy and terms.

We may update this Privacy Policy from time to time without prior notice and immediate effect to reflect legal changes or enhancements to our Website or Services. The latest version is always available on our Website. The "last updated" date indicates if and as of when changes have been made to this Privacy Policy.

3. Categories of Personal Data

We may process the following categories of personal data that you provide to us directly, that are generated through your use of our Website or Services, or that we receive from third-party services or publicly available sources:

Contact Data (i.e. information used to identify and contact you, such as name, email address, phone number, country or place of residence);
Communication Data (i.e. information contained in communications with us, such as emails, chat messages, support requests, feedback, or other content you voluntarily provide when contacting us or using our Website or Services);
Account and Usage Data (i.e. information relating to your account, workspace, subscription and use of the Services, such as pseudonymized User and workspace identifiers, account settings, authentication events, workflow usage metrics, enabled integrations, and billing information);
Marketing Data (i.e. information relating to marketing communications and interactions, such as contact preferences, newsletter subscriptions, email engagement, and registrations for events, webinars or product updates);
Traffic and Device Data (i.e. technical information generated when you access or use the Website or Services, such as IP address, device and browser type, operating system, language settings, access times, , device identifiers and tokens, instance and user identifiers, system diagnostic data, log files, and related technical and usage metadata, such as HTTP request data, workflow or lifecycle events, feature interactions, and associated usage metrics).

We do not use personal data processed in connection with the Website or Services, including data from third-party services or integrations, to train n8n or third party machine learning (ML) models.

Our Website and Services are not intended for children under 16 years of age. We do not knowingly process personal data from children under 16. If we become aware that such data has been processed, we will delete it. Parents or guardians who believe their child has provided personal data to us may contact us at any time.

4. How do we use your Personal Data

First, we would like to give you an overview of our data processing activities and the purposes of these processes, which we will then explain in more detail below.

Purpose	Personal Data	Description	Legal Basis
Use of our Website	Contact Data, Professional Data, Communication Data, Traffic and Device Data	Ensuring the technical availability, stability, and security and providing access to our Website, Preventing misuse or attacks, Logging access data for troubleshooting, Conducting surveys and gathering feedback, Analyzing usage of our Website	Legitimate interests (Art. 6 (1) (f) GDPR), Contract Performance (Art. 6 (1) (b) GDPR), Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data, Protection Act (TDDDG), insofar Cookies are used)
Use, maintenance and improvement of our Services	Account and Usage Data	Creating, maintaining, and managing User accounts and fulfilling contractual obligations optimizing functionality and stability, correction errors, Analyzing usage of our services, improving services and user experience	Legitimate interests (Art. 6 (1) (f) GDPR), Contract Performance (Art. 6 (1) (b) GDPR)
Handling Contact and Support Requests	Contact Data, Professional Data, Communication Data, Account and Usage Data, Traffic and Device Data	Responding to enquiries, support requests, or other forms of communication, Operating internal business processes, Communicating with Users about their accounts or requests, Resolving disputes and managing customer relationships, Maintaining communication records where necessary	Legitimate interests (Art. 6 (1) (f) GDPR), Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data Protection Act (TDDDG), insofar Cookies are used)
Payment Processing	Contact Data, Credit card details or other payment details	payment processing, fraud prevention, invoicing and tax compliance	Contract Performance (Art. 6 (1) (b) GDPR)
Newsletter & Marketing	Contact Data, Professional Data, Communication Data, Marketing Data, Traffic and Device Data	Sending relevant updates and promotions to the recipient's interests, Sending newsletters and updates, Registrations and attendance for events, webinars, or seminars	Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data Protection Act (TDDDG), insofar Cookies are used), Legitimate interests (Art. 6 (1) (f) GDPR)
Manage our Social Media Channels	Contact Data, Professional Data, Communication Data, Marketing Data, Traffic and Device Data	Operating and maintaining our social media profiles, Communicating with Users and responding to inquiries via social media, Increasing brand awareness and engagement, Analyzing interactions and reach of our social media content	Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data Protection Act (TDDDG), insofar Cookies are used), Legitimate interests (Art. 6 (1) (f) GDPR)
Security, Compliance & Legal Obligations	Contact Data, Professional Data, Communication Data, Account and Usage Data, Traffic and Device Data	Ensuring IT and data security, Fulfilling statutory retention requirements, Preventing fraud, Cooperating with authorities, Protecting our rights and interests	Compliance (Art. 6 (1) (c) GDPR), Legitimate interests (Art. 6 (1) (f) GDPR)

When you register for n8n cloud. When you sign up for an account with us, we process your name and email. We process these details to put the contract in place between us that enables you to access our platform. The legal basis for this data processing is Art. 6(1)(b) GDPR.

We use third party providers in order to better understand how people use our product and to optimize our service and experience. Additional data including address and credit card information will be processed by our Merchant of Record in order to process your payment We do not transfer or disclose your information to third parties for purposes other than the ones provided. You can delete your n8n cloud account via the product. You can learn more about the data we process on cloud in our Documentation.

When you use your own n8n self-hosted deployment. If you install n8n on your own server, and unless you opt out per our Documentation instructions at https://docs.n8n.io/hosting/securing/telemetry-opt-out/, we process certain Usage Data (including user identifiers, account settings, user events, workflow usage metrics, enabled integrations) to improve our product and your customer experience. If you chose to submit your email address, we may use it to contact you about your usage of the product. Learn more on our privacy page about data collection. The legal basis for this data processing is our legitimate interests in the technical development of our products, the optimization of functionality and stability, error analysis and correction, and the improvement of the user experience on the basis of Art. 6 (1) lit. f GDPR. You can object to this data processing at any time with effect for the future by activating the opt-out, see our Docs page about telemetry data opt out.

If you sign up for a paid plan, we process your name, email address, company address, and the name and email address of others in your company (e.g. a billing contact). We process these details to put a contract in place between us. If you use our credit card billing feature, our Merchant of Record, Paddle, processes information including your address and credit card information, in order to process your payment. In addition, we process selected, anonymous information about how n8n is used. We use this information to improve your experience with our services and to protect from potential security attacks and abuse. We do not use any personal data, including data received through any third-party services, for developing, improving, or training AI and/or ML models. We do not transfer or disclose your information to third parties for purposes other than the ones provided. You can learn more about the data we process, and how to disable this information processing in our docs.

When you sign up for the community forum. We process your email address or social media handle in order to assign you with an account to use our forum. You can delete your forum account by emailing us at [email protected].

When you attend one of our events or a third party event. When you attend one of our events or a third party event, we may process your personal information including your name, address, email address and phone number. We process this information because it’s in our legitimate interests to know who’s attending our events and to help promote our business at third party events. Where you attend one of our events we may take pictures or videos of you. We do this as we have a legitimate interest to promote our business. You can opt out of having your photo taken in this way both when you attend our events and at any time by contacting us at [email protected].

When you contact us. When you contact us either by email or via our website or product with general queries, we will usually process your name and contact details, because it’s in our legitimate interest to make sure we can properly respond to your query.

On social media. When you connect with us on social media including on Facebook, Twitter, YouTube and LinkedIn we will process your handle, name and email address under our legitimate interest to respond to your comments and queries promptly.

When you receive our news updates. We will handle your personal information (such as your name and email address) to provide you with our news updates in line with any preferences you have told us about.

When we send you our news updates because you have opted-in to receive them, we rely on your consent to contact you. If you have not opted-in and we send you our news updates emails, we do this because of our legitimate interest to promote our business.

You can unsubscribe from our updates at any time by clicking the unsubscribe link at the bottom of any of our emails, or by emailing [email protected].

When you register as an expert. We process your name, email address, and details about your company in order to communicate with you about the n8n expert program

When you register as an affiliate. We process your name and email address in order to communicate with you about the n8n affiliate program.

When you apply for a job with us. When you enter into the recruitment process with us we may process your personal data as set forth in our n8n Privacy Policy for Recruiting https://n8n.io/legal/recruiting-privacy-policy/.

If our business is sold. We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the buyer of our business may not be able to provide services to you.

5. Data processing for payment processing

We use an external payment service provider for the processing of online payments and, where applicable, invoicing and tax handling for digital products. The legal basis for the processing of personal data is Art. 6 (1) b) GDPR, as the processing is necessary for the implementation of pre-contractual measures and for the performance of a contract.

This includes, in particular, name, email address, billing address, payment information (e.g., credit card details or other payment details), IP address, transaction data, and, where applicable, company-related information. The processing is carried out for the purpose of payment processing, fraud prevention, invoicing and tax compliance (e.g., VAT determination)

The payment service provider may act as an independent controller within the meaning of Art. 4 No. 7 GDPR, in particular where it processes payment data in its own name as a so-called “merchant of record.”

The payment service provider may also process personal data in order to comply with legal obligations (e.g., commercial and tax law retention requirements) and for fraud prevention or the assertion and defense of legal claims. Personal data will only be disclosed to third parties if this is necessary for contract processing, required by law, or carried out within the framework of commissioned data processing. The storage period for personal data is determined by statutory retention obligations and contractual requirements. Data relevant under commercial and tax law is generally stored for the duration of the applicable statutory retention periods.

6. Email and contact form

Due to legal requirements, our website provides information that enables you to contact us quickly and communicate with us directly. This includes both our email address and our contact form. If you contact us by email or via our contact form, the personal data you provide will be stored automatically. The other personal data processed during the contact process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) lit. b GDPR. We use the personal data you provide exclusively for the purpose of processing your specific inquiry. The data provided will always be treated confidentially.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was processed. For personal data from the input mask of the contact form and that sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

7. Data processing via our website

Access data in server log files
Every time you visit our website, we automatically store access data in so-called server log files.The legal basis for the temporary storage of your data and the log files is Art. 6 (1) lit. f GDPR.
This includes the date and time of the visit, the amount of data transferred and, if applicable, the name of the requested file, the browser used and its version, the operating system used, the IP address and the referrer URL (the URL you visited immediately before). The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your end device. For this purpose, your IP address must remain stored for the duration of the session.
Our website uses a content delivery network (CDN) and security service provider (category of recipient: IT infrastructure and security service provider). For this purpose, incoming requests are routed via the provider’s globally distributed edge servers (reverse proxy). In this context, access data - in particular IP address, request header information, and browser data - may already be processed by the provider before being forwarded to our web server.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your end device. This also applies where the delivery takes place via edge servers of the CDN provider. For this purpose, your IP address must remain stored for the duration of the session.
This data is evaluated exclusively to ensure the permanent and trouble-free operation of the website and to improve the content of our website, as well as to transmit it to law enforcement authorities in the event of a cyber attack and to ensure the security of our information technology systems, which also constitute our legitimate interest in data processing. The processing of data for the provision of the website and the storage of data in log files is essential for the operation of our website. Consequently, there is no possibility of objection.
The use of the CDN and security service provider also serves the purposes of load balancing, protection against distributed denial-of-service (DDoS) attacks, bot detection, and safeguarding the integrity and confidentiality of our information technology systems.
Insofar as personal data is processed by the CDN provider in its own responsibility (e.g., for network security purposes), the provider acts as an independent controller within the meaning of Art. 4 No. 7 GDPR. Where processing is carried out on our behalf, this is based on a data processing agreement pursuant to Art. 28 GDPR.
Use of third-party tools for marketing, analysis and optimization purposes
When you visit our websites, we process data for marketing purposes, statistics, optimization, and to ensure IT security, in some cases with the support of service providers (so-called third-party tools). We ask for your consent for this processing. Detailed information on the cookies and services used can be found in the settings options of the cookie banner, via the cookie button, which you will find at the bottom left, by clicking on the “Show Details” button. The legal basis for this data processing is §25 (1) TDDDG in conjunction with Art. 6 (1) a) GDPR.
In particular, IP address, browser type and version, time zone setting, browser plugin types, geolocation, operating system and version, click behavior, return visits, transaction data, and use of third-party services are processed. The recipients of the data are the providers of the respective third-party tools used, our IT and hosting service providers, and marketing and analysis service providers.
The data processed in this way is stored for the duration specified in the cookie banner and then irretrievably deleted. You can revoke your consent to this data processing at any time by adjusting the cookie settings accordingly by clicking the “Cookie Settings” button at the bottom left.

8. Disclosure of Personal Data; International Transfers

We may share personal data with carefully selected service providers that support our business operations. These include, in particular, providers of IT hosting and infrastructure services (e.g. cloud hosting and content delivery networks), cybersecurity and fraud prevention solutions, data storage and backup services, website analytics and performance monitoring tools, marketing and advertising platforms, subscription management, billing and revenue analytics systems, payment processing services, as well as customer relationship management software, internal collaboration and productivity tools, document management systems, and customer support and communication services (e.g. ticketing systems, live chat and email services). Where such service providers process personal data on our behalf, we conclude data processing agreements pursuant to Article 28 GDPR, ensuring that personal data is processed solely in accordance with our instructions and in compliance with applicable data protection standards. In some cases, third parties process personal data as independent controllers or joint controllers, in particular in the context of advertising and social media services.

We may disclose personal data where required by law or where such disclosure is necessary to comply with legal obligations or lawful requests by public authorities, courts, or law enforcement agencies, enforce our commercial contracts or other agreements, investigate potential violations, prevent or address fraud, security, or technical issues, or protect our rights, property, users, or the public. Such disclosures are carried out strictly in accordance with applicable legal provisions. Where legally permissible, we aim to ensure transparency towards data subjects.

Some of the recipients listed above may be located outside the European Union (EU) or the European Economic Area (EEA), in particular in the United States. Where personal data is transferred to third countries, such transfers are carried out only where permitted under Articles 44 et seq. GDPR and are subject to appropriate safeguards. These safeguards include in particular reliance on adequacy decisions, such as the EU–U.S. Data Privacy Framework, where applicable, the use of Standard Contractual Clauses (SCCs) approved by the European Commission, and additional technical and organizational measures to ensure an adequate level of data protection. We assess the data protection and security posture of each recipient together with our Privacy Office and ensure that appropriate technical safeguards (such as encryption and access controls) are implemented. These safeguards are reviewed on an ongoing basis and updated as necessary to reflect legal or regulatory developments.

9. Use of Cookies

If you browse our Website, we may collect Traffic and Device Data that your browser sends to us. As a protective measure in favor of privacy, we delete or anonymize the IP address after your visit to our Website. This means that Traffic and Device Data can no longer be traced back to you and is only used for anonymous, statistical purposes to optimize our Website or Services.

Our Website may use so-called cookies (i.e. small text files stored in your browser or on your device) and similar tracking technologies such as pixels or scripts, which are used to collect information about how our Website is used ("Cookies"). This information may be processed by us or transmitted to the relevant provider and may include a unique device identifier. Cookies contain information about the current or last visit to our Website (e.g., name of the Website, expiration date of the Cookie, other values). If Cookies do not contain an exact expiration date, they are stored only temporarily and are automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date will still be stored even when you close your browser or restart your device. Such Cookies will not be deleted until the specified date or if you delete them manually.

We may use the following three types of Cookies: (a) Essential Cookies that are required for the functionality of our Website; (b) functional and performance-related Cookies that help us improve your experience; and (c) advertising and analytics Cookies that enable personalized ads and analytics.

Where Cookies collect information that constitutes personal data, this Privacy Policy applies. In this case, you can update or withdraw your Cookie preferences at any time via our Consent Management Platform (via the “Cookie Settings” button). You can further configure, block and delete Cookies in your browser settings. If you delete all Cookies, some functions of our Website or Services may not be displayed correctly. Helpful information and instructions for the most common browsers can be found online.

10. Automated Decision-Making and Profiling; Use of AI

We do not make decisions about you that are based solely on automated processing (including profiling) and that produce legal effects concerning you or similarly significantly affect you, within the meaning of Article 22 GDPR. If we were to introduce such automated decision-making in exceptional cases in the future, we inform you in advance where required by law and ensure appropriate safeguards are in place. These safeguards would include, at a minimum, your right to obtain human intervention, to express your point of view and to contest the decision.

We may use AI-supported or automated tools to assist with internal processes or to support our Services. However, these tools do not replace human decision-making where a decision could have legal or similarly significant effects on you. We further do not use personal data for the development, training or improvement of any artificial intelligence or machine-learning models.

11. How long do we keep your data for?

We store your personal information for no longer than necessary for the purposes for which it was processed, including for the purposes of satisfying any legal or reporting requirements, and in accordance with our legal obligations and legitimate business interests. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure of your personal data; the purposes for which we process your personal data; and the applicable legal requirements.

In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to analyse our programmes and support other similar programmes around the world.

12. What are my rights under data protection laws?

You can contact us at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights:

Right to withdraw your consent (Art. 7 (3) GDPR);
Right to access your data (Art. 15 GDPR);
Right to correct your data (Art. 16 GDPR);
Right to have your data deleted (Art. 17 GDPR);
Right to limit data collection (Art. 18 GDPR);
Right to data portability (Art. 20 GDPR);
Right to object how your data is handled (Art. 21 GDPR);
Right to send complaints to the supervisory authority (Art. 77 GDPR).

To exercise your rights, please contact us at: [email protected].

13. Questions, comments and more details

Your feedback and suggestions on this notice are welcome at [email protected]. For confidential inquiries, you can also contact our external Data Protection Officer at [email protected].

More information about n8n's data privacy practices, including GDPR compliance is available here.

Last updated: 28 April 2026