[kls]

You need to look at your data, you need to look at the sensitivity of that data and check it against current laws at the least and company policy at the best. You then need to ensure that the technology complies with privacy, PCI and any other regulating bodies that may have guidelines or regulations on technology. Then you have to decide whether Node can provide the level of data protection you need. They have a crypto set so a lot of it can be dealt with with crypto but I don't know that there are any PCI modules built so if you have PCI requirements you may have to roll your own token exchange to be compliant should you have PCI concerns. There is not enough information to go on in your post to know if using Node is a good or bad idea.