Worth Knowing
N8N Add No Training Committment
The workflow-automation platform n8n refreshed its privacy policy this week with several additions that limit what n8n can do with user data, rather than expanding it. Readers familiar with the rest of this issue will recognize the contrast on their own.
What changed: A new, plainly worded commitment that n8n will not train AI on user data has been inserted
into the data-use section: "We do not use personal data processed in connection with the Website or Services, including data from third-party services or integrations, to train n8n or third party machine learning (ML) models." The "third-party services or integrations" piece matters — n8n is most often used as connective tissue between other tools, and a lot of AI workflows pass through it.
The policy also names an external Data Protection Officer for the first time, at dsb@freshcompliance.de. That makes n8n the second platform in this scrape window to add a DPO contact (Black Forest Labs did the same on its Flux privacy policy). Both run counter to OpenAI's quiet DPO removal from Vol. 26 No. 10.
The table of contents expanded from eleven sections to thirteen. What was previously a single sentence — "We store your data in the EU" — has been replaced with a full GDPR Article 28 and Article 44 disclosure of international transfers, with explicit references to the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. A new Cookies section and a new "Automated Decision-Making and Profiling; Use of AI" section round out the structural additions.
Not all of this is good news. The prior policy named specific vendors processing user data — PostHog for analytics, Paddle as merchant of record. Both names are gone, replaced with generic phrasing ("third party providers," "Merchant of Record"). Readers wanting to know who actually receives their data are now directed to n8n's new Trust Centre at trust.n8n.io rather than the privacy policy itself. The transparency framework got more formal; the named vendors got less so.
Why this matters for AI content producers: The revised language is a clear answer to a question most platforms still leave ambiguous. The vendor de-naming is a step backward on transparency. On balance, this is an update that gives the audience more usable information about n8n's data practices than it removes.
In human terms: A VFX house's CTO has been blocked from deploying n8n in a production pipeline because their security team wanted a written commitment that workflow metadata wouldn't be used to train AI models. The new policy text — "We do not use personal data... to train n8n or third party machine learning (ML) models" — closes the gap. The CTO can finally green-light a workflow they've had stalled for months.