Hey there,
Are private instances tracked and workflow content being collected? I hope not that would be crazy
Would be good to translate it for us 
Advertising with “Privacy for your Data” while deliberately tracking users and consistently violating the GDPR: That’s n8n from Berlin. 
A flagship startup engaging in “privacy greenwashing.” 
More below 
n8n develops workflow automation software that is currently benefiting greatly from the AI boom. The software is open-source, can be easily installed on local servers, and enjoys strong popularity in the AI community.
The n8n slogan “Committed to the privacy and safety of your data” helps build trust and contributes to the company’s positive community image. That’s exactly why I decided to take a closer look at n8n a few weeks ago.
But this claim apparently serves only as a façade for data greed, disrespect for user preferences, and numerous TTDSG & GDPR violations (see infographic).
What has happened so far:
In early June, I contacted n8n’s data protection officer and outlined the problems in the form of questions.
However, I did not receive a reply from the data protection officer, but rather from a technical lead at n8n.
“Commitment to Privacy” via the technical lead. 
The technician did not answer any of my critical questions (including about the legal basis for data collection), but did promise immediate improvement.
The correction of the privacy issues on the website would supposedly be “handled by the marketing team.” To this day: No changes. Users continue to be illegally tracked by Facebook, Google, and others—without any legal basis.
Is that a “Commitment to Privacy”?
My suggestion to disable the default, privacy-unfriendly tracking in the locally(!) installed n8n application and replace it with transparent opt-in tracking was immediately rejected by n8n.
Is data greed a “Commitment to Privacy”?
The tracking—which even includes workflow contents—is justified by the n8n lead as legitimate interest (Art. 6.1 f GDPR).
When I asked how n8n users could exercise their right to object under Art. 21, the answer was: “Art. 21 GDPR [in our understanding] does not apply.”
Lack of GDPR knowledge, unbelievable audacity, or “Commitment to Privacy”?
At the same time, I ran a LinkedIn poll to measure expectations raised by n8n’s “privacy claim”: 70% expect that “no usage data at all” would be collected. 
But even this poll did not move n8n. According to the technical lead, they want to stick with tracking in local installations just as much as they want to keep their slogan.
Another “Commitment to Privacy”, perhaps?
To me, a “Commitment to Privacy” is an attitude. It includes absolute data minimization, full transparency, and respect for user wishes.
Unfortunately, I can’t see any of that at n8n. On the contrary, I see their slogan in the face of blatant data greed as pure privacy greenwashing.
A nasty punch to the gut of the n8n community. 
In the meantime I found this so it seems to be true 
So yeah I cannot take this seriously as it says n8n is open source. This shows that the writer of this (probably AI) doesn’t know what they are talking about.
Also telemetry can be disabled and doesn’t include privacy stuff, just what nodes you are using and such.
From Opt out of data collection | n8n Docs
Your n8n instance sends most data to n8n as the events that generate it occur.
It sends most of the data it says here. So probabaly everything most definitely including the “privacy stuff”
please don’t make assumptions. also you have the option to disable so no reason to complain about it.
From the n8n docs
Your n8n instance sends most data to n8n as the events that generate it occur.
It sends all the events which occur. So that is probably everything
There is reason to complain as it is against European law.
Also the reason that you flag my posts here and try to hide them, citing the official documentation as well as the fact that you now blocked me posting links to the official docs makes me very very suspicous. What assumptions should I have based on that?
Why cant I post links to docs.n8n…..? That does not make sense?
I am not flagging your posts. I am actually approving them. So please don’t make assumptions.
There is a couple of checks for posts and as you are new they are more strict as well I think.
Oh okay sorry I didnt know about that! Thanks a lot then
1 Like
But Ill give you that the guy in LinkedIN is not really specific with his claim what kind of data is actually transferred. But I am also wondering if this is just bs, why would someone make such claims against n8n? That also does not make any sense for me.
there is always people btching for the views/clicks. So don’t just believe everything someone says. As I mentioned he already had his facts wrong on n8n being open source. If he isn’t specific that is probably because he is full of sht. 
1 Like