n8n Privacy Policy

n8n GmbH, with its registered business address at Novalisstr. 10, 10115, Berlin, Germany ("Company", "us", "our", "we"), is committed to protecting your privacy. "User", "you", or "your" refers to any individual who accesses or uses our Website or Services, including any features, tools, or functionality made available through them.

This Privacy Policy, which applies to all Users, is designed to explain why, how we and when we process personal data to offer and provide our Website and Services. It also describes the choices available to you regarding the processing of your personal data.

This Privacy Policy is part of, and incorporated into, our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service. This Privacy Policy does not apply where separate privacy terms are provided.

Our Website and Services may contain links to third-party websites and may integrate third-party functionalities, such as social media plug-ins, tools, or APIs, to enhance your experience. We do not control these third parties or how they process, or use personal data, and their privacy practices may differ from ours. Any personal data you provide or that is processed through such third-party websites or functionalities is governed solely by the respective third party’s privacy policy and terms.

We may update this Privacy Policy from time to time without prior notice and immediate effect to reflect legal changes or enhancements to our Website or Services. The latest version is always available on our Website. The "last updated" date indicates if and as of when changes have been made to this Privacy Policy.

We may process the following categories of personal data that you provide to us directly, that are generated through your use of our Website or Services, or that we receive from third-party services or publicly available sources:

• Contact Data (i.e. information used to identify and contact you, such as name, email address, phone number, country or place of residence);
• Communication Data (i.e. information contained in communications with us, such as emails, chat messages, support requests, feedback, or other content you voluntarily provide when contacting us or using our Website or Services);
• Account and Usage Data (i.e. information relating to your account, workspace, subscription and use of the Services, such as pseudonymized User and workspace identifiers, account settings, authentication events, workflow usage metrics, enabled integrations, and billing information);
• Marketing Data (i.e. information relating to marketing communications and interactions, such as contact preferences, newsletter subscriptions, email engagement, and registrations for events, webinars or product updates);
• Traffic and Device Data (i.e. technical information generated when you access or use the Website or Services, such as IP address, device and browser type, operating system, language settings, access times, cookie identifiers, and usage or interaction data).

Our Website and Services are not intended for children under 16 years of age. We do not knowingly process personal data from children under 16. If we become aware that such data has been processed, we will delete it. Parents or guardians who believe their child has provided personal data to us may contact us at any time.

First, we would like to give you an overview of our data processing activities and the purposes of these processes, which we will then explain in more detail below.

Purpose	Personal Data	Description	Legal Basis
Use of our Website	Contact Data, Professional Data, Communication Data, Traffic and Device Data	Ensuring the technical availability, stability, and security and providing access to our Website, Preventing misuse or attacks, Logging access data for troubleshooting, Conducting surveys and gathering feedback, Analyzing usage of our Website	Legitimate interests (Art. 6 (1) (f) GDPR), Contract Performance (Art. 6 (1) (b) GDPR), Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data, Protection Act (TDDDG), insofar Cookies are used)
Use, maintenance and improvement of our Services	Account and Usage Data	Creating, maintaining, and managing User accounts and fulfilling contractual obligations optimizing functionality and stability, correction errors, Analyzing usage of our services, improving services and user experience	Legitimate interests (Art. 6 (1) (f) GDPR), Contract Performance (Art. 6 (1) (b) GDPR)
Handling Contact and Support Requests	Contact Data, Professional Data, Communication Data, Account and Usage Data, Traffic and Device Data	Responding to enquiries, support requests, or other forms of communication, Operating internal business processes, Communicating with Users about their accounts or requests, Resolving disputes and managing customer relationships, Maintaining communication records where necessary	Legitimate interests (Art. 6 (1) (f) GDPR), Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data Protection Act (TDDDG), insofar Cookies are used)
Payment Processing	Contact Data, Credit card details or other payment details	payment processing, fraud prevention, invoicing and tax compliance	Contract Performance (Art. 6 (1) (b) GDPR)
Newsletter & Marketing	Contact Data, Professional Data, Communication Data, Marketing Data, Traffic and Device Data	Sending relevant updates and promotions to the recipient's interests, Sending newsletters and updates, Registrations and attendance for events, webinars, or seminars	Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data Protection Act (TDDDG), insofar Cookies are used), Legitimate interests (Art. 6 (1) (f) GDPR)
Manage our Social Media Channels	Contact Data, Professional Data, Communication Data, Marketing Data, Traffic and Device Data	Operating and maintaining our social media profiles, Communicating with Users and responding to inquiries via social media, Increasing brand awareness and engagement, Analyzing interactions and reach of our social media content	Consent (Art. 6 (1) (a) GDPR; Section 25 (1) German Telecommunications and Digital Services Data Protection Act (TDDDG), insofar Cookies are used), Legitimate interests (Art. 6 (1) (f) GDPR)
Security, Compliance & Legal Obligations	Contact Data, Professional Data, Communication Data, Account and Usage Data, Traffic and Device Data	Ensuring IT and data security, Fulfilling statutory retention requirements, Preventing fraud, Cooperating with authorities, Protecting our rights and interests	Compliance (Art. 6 (1) (c) GDPR), Legitimate interests (Art. 6 (1) (f) GDPR)

When you register for n8n cloud. When you sign up for an account with us, we process your name and email. We process these details to put the contract in place between us that enables you to access our platform. The legal basis for this data processing is Art. 6(1)(b) GDPR.

We use PostHog in order to better understand how people use our product and to optimize our service and experience (see in more detail below). Additional data including address and credit card information will be processed by our Merchant of Record, Paddle, in order to process your payment (see in more detail below). We do not use any personal data, including data received through any third-party services, for developing, improving, or training AI and/or ML models. We do not transfer or disclose your information to third parties for purposes other than the ones provided. You can delete your n8n cloud account via the product. You can learn more about the data we process on cloud in our docs.

When you use your own n8n self-hosted deployment. If you install n8n on your own server, and unless you opt out per our Documentation instructions at https://docs.n8n.io/hosting/securing/telemetry-opt-out/, we process certain Usage Data (including user identifiers, account settings, user events, workflow usage metrics, enabled integrations) to improve our product and your customer experience. If you chose to submit your email address, we may use it to contact you about your usage of the product. Learn more on our privacy page about data collection. The legal basis for this data processing is our legitimate interests in the technical development of our products, the optimization of functionality and stability, error analysis and correction, and the improvement of the user experience on the basis of Art. 6 (1) lit. f GDPR. You can object to this data processing at any time with effect for the future by activating the opt-out, see our Docs page about telemetry data opt out.

If you sign up for a paid plan, we process your name, email address, company address, and the name and email address of others in your company (e.g. a billing contact). We process these details to put a contract in place between us. If you use our credit card billing feature, our Merchant of Record, Paddle, processes information including your address and credit card information, in order to process your payment. In addition, we process selected, anonymous information about how n8n is used. We use this information to improve your experience with our services and to protect from potential security attacks and abuse. We do not use any personal data, including data received through any third-party services, for developing, improving, or training AI and/or ML models. We do not transfer or disclose your information to third parties for purposes other than the ones provided. You can learn more about the data we process, and how to disable this information processing in our docs.

When you sign up for the community forum. We process your email address or social media handle in order to assign you with an account to use our forum. You can delete your forum account by emailing us at [email protected].

When you attend one of our events or a third party event. When you attend one of our events or a third party event, we may process your personal information including your name, address, email address and phone number. We process this information because it’s in our legitimate interests to know who’s attending our events and to help promote our business at third party events. Where you attend one of our events we may take pictures or videos of you. We do this as we have a legitimate interest to promote our business. You can opt out of having your photo taken in this way both when you attend our events and at any time by contacting us at [email protected].

When you contact us. When you contact us either by email or via our website or product with general queries, we will usually process your name and contact details, because it’s in our legitimate interest to make sure we can properly respond to your query.

On social media. When you connect with us on social media including on Facebook, Twitter, YouTube and LinkedIn we will process your handle, name and email address under our legitimate interest to respond to your comments and queries promptly.

When you receive our news updates. We will handle your personal information (such as your name and email address) to provide you with our news updates in line with any preferences you have told us about.

When we send you our news updates because you have opted-in to receive them, we rely on your consent to contact you. If you have not opted-in and we send you our news updates emails, we do this because of our legitimate interest to promote our business.

You can unsubscribe from our updates at any time by clicking the unsubscribe link at the bottom of any of our emails, or by emailing [email protected].

When you register as an expert. We process your name, email address, and details about your company in order to communicate with you about the n8n expert program

When you register as an affiliate. We process your name and email address in order to communicate with you about the n8n affiliate program.

When you apply for a job with us. When you enter into the recruitment process with us we may process your personal data as set forth in our n8n Privacy Policy for Recruiting https://n8n.io/legal/recruiting-privacy-policy/.

If our business is sold. We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the buyer of our business may not be able to provide services to you.

We use an external payment service provider for the processing of online payments and, where applicable, invoicing and tax handling for digital products. The legal basis for the processing of personal data is Art. 6 (1) b) GDPR, as the processing is necessary for the implementation of pre-contractual measures and for the performance of a contract.

This includes, in particular, name, email address, billing address, payment information (e.g., credit card details or other payment details), IP address, transaction data, and, where applicable, company-related information. The processing is carried out for the purpose of payment processing, fraud prevention, invoicing and tax compliance (e.g., VAT determination)

The payment service provider may act as an independent controller within the meaning of Art. 4 No. 7 GDPR, in particular where it processes payment data in its own name as a so-called “merchant of record.”

The payment service provider may also process personal data in order to comply with legal obligations (e.g., commercial and tax law retention requirements) and for fraud prevention or the assertion and defense of legal claims. Personal data will only be disclosed to third parties if this is necessary for contract processing, required by law, or carried out within the framework of commissioned data processing. The storage period for personal data is determined by statutory retention obligations and contractual requirements. Data relevant under commercial and tax law is generally stored for the duration of the applicable statutory retention periods.

Due to legal requirements, our website provides information that enables you to contact us quickly and communicate with us directly. This includes both our email address and our contact form. If you contact us by email or via our contact form, the personal data you provide will be stored automatically. The other personal data processed during the contact process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) lit. b GDPR. We use the personal data you provide exclusively for the purpose of processing your specific inquiry. The data provided will always be treated confidentially.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was processed. For personal data from the input mask of the contact form and that sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

a) Access data in server log files

Every time you visit our website, we automatically store access data in so-called server log files.The legal basis for the temporary storage of your data and the log files is Art. 6 (1) lit. f GDPR.

This includes the date and time of the visit, the amount of data transferred and, if applicable, the name of the requested file, the browser used and its version, the operating system used, the IP address and the referrer URL (the URL you visited immediately before). The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your end device. For this purpose, your IP address must remain stored for the duration of the session.

Our website uses a content delivery network (CDN) and security service provider (category of recipient: IT infrastructure and security service provider). For this purpose, incoming requests are routed via the provider’s globally distributed edge servers (reverse proxy). In this context, access data - in particular IP address, request header information, and browser data - may already be processed by the provider before being forwarded to our web server.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your end device. This also applies where the delivery takes place via edge servers of the CDN provider. For this purpose, your IP address must remain stored for the duration of the session.

This data is evaluated exclusively to ensure the permanent and trouble-free operation of the website and to improve the content of our website, as well as to transmit it to law enforcement authorities in the event of a cyber attack and to ensure the security of our information technology systems, which also constitute our legitimate interest in data processing. The processing of data for the provision of the website and the storage of data in log files is essential for the operation of our website. Consequently, there is no possibility of objection.

The use of the CDN and security service provider also serves the purposes of load balancing, protection against distributed denial-of-service (DDoS) attacks, bot detection, and safeguarding the integrity and confidentiality of our information technology systems.
Insofar as personal data is processed by the CDN provider in its own responsibility (e.g., for network security purposes), the provider acts as an independent controller within the meaning of Art. 4 No. 7 GDPR. Where processing is carried out on our behalf, this is based on a data processing agreement pursuant to Art. 28 GDPR.

b) Use of third-party tools for marketing, analysis and optimization purposes

When you visit our websites, we process data for marketing purposes, statistics, optimization, and to ensure IT security, in some cases with the support of service providers (so-called third-party tools). We ask for your consent for this processing. Detailed information on the cookies and services used can be found in the settings options of the cookie banner, via the cookie button, which you will find at the bottom left, by clicking on the “Show Details” button. The legal basis for this data processing is §25 (1) TDDDG in conjunction with Art. 6 (1) a) GDPR.

In particular, IP address, browser type and version, time zone setting, browser plugin types, geolocation, operating system and version, click behavior, return visits, transaction data, and use of third-party services are processed. The recipients of the data are the providers of the respective third-party tools used, our IT and hosting service providers, and marketing and analysis service providers.

The data processed in this way is stored for the duration specified in the cookie banner and then irretrievably deleted. You can revoke your consent to this data processing at any time by adjusting the cookie settings accordingly by clicking the cookie button at the bottom left.

We store your data in the EU.

Whenever we transfer your personal information outside of the EU, we ensure it receives additional protection as required by law. To keep this privacy policy as short and easy to understand as possible, we haven’t set out the specific circumstances when each of these protection measures are used. You can contact us at [email protected] for more detail on this.

We store your personal information for no longer than necessary for the purposes for which it was processed, including for the purposes of satisfying any legal or reporting requirements, and in accordance with our legal obligations and legitimate business interests. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure of your personal data; the purposes for which we process your personal data; and the applicable legal requirements.

In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to analyse our programmes and support other similar programmes around the world.

You have various other rights under applicable data protection laws, including the right to:

• access your personal data (also known as a “subject access request”)
• correct incomplete or inaccurate data we hold about you
• ask us to erase the personal data we hold about you
• ask us to restrict our handling of your personal data
• ask us to transfer your personal data to a third party
• object to how we are using your personal data
• withdraw your consent to us handling your personal data
• You also have the right to lodge a complaint with your relevant supervisory authority, you can find which one applies to you here.

We do not engage in automated decision-making or profiling in the meaning of Art. 22 GDPR.

Your feedback and suggestions on this notice are welcome.

More information about n8n's data privacy practices, including GDPR compliance, data processing agreements, sub-processors, data collection, and AI integration, with distinctions between n8n Cloud and self-hosted versions is here.

We’ve worked hard to create a notice that’s easy to read and clear. But if you feel that we have overlooked an important perspective or used language which you think we could improve, please let us know by email at [email protected].

Last updated: 18th Feb 2026