Privacy Policy | Nomadly

01 Introduction

This Privacy Policy describes how Nomadly ("we," "us," or "our") collects, uses, and shares information when you use the Nomadly mobile application ("App"). By using the App, you agree to the practices described in this policy.

02 Information We Collect

2.1 Information You Provide

Account Information: When you register, we collect your email address, username, and password (stored as a secure hash). If you sign in with Apple or Google, we receive your name and email address from those providers.
Profile Information: Optional profile details such as a bio and profile photo that you choose to add.
User Content: Places you add, check-in data (location, rating, comments), photos you upload, and reviews you submit.
Feedback and Reports: Bug reports or feature requests you submit through the App.
Payment Information: If you make a donation, payment is processed directly by Stripe. We do not store your payment card details.

2.2 Information Collected Automatically

Location Data: The App collects your precise GPS location to center the map, detect nearby places, and enable check-ins. Location is collected while the App is in use (foreground only). We do not collect location data in the background.
Device Information: Basic device identifiers and operating system version may be collected to support app functionality and debugging.
Usage Data: Information about how you interact with the App, such as features used and pages viewed, may be collected to improve the App.

2.3 Information from Third Parties

Apple / Google Sign In: If you sign in using a third-party provider, we receive limited profile information (name and email) as permitted by that provider and your privacy settings.

03 How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the App
Authenticate your account and keep it secure
Enable core features: map display, place discovery, check-ins, saved places
Display your profile and contributions to other users
Process optional donations via Stripe
Respond to your feedback and support requests
Detect and prevent fraud, abuse, or violations of our Terms of Service
Improve the App through aggregate, anonymized usage analysis

We do not sell your personal information to third parties.

04 How We Share Your Information

4.1 Publicly Visible Content

The following information is visible to other App users:

Your username and profile photo
Places you add (location, title, description, photos, category)
Your check-in ratings and reviews (associated with your username)

4.2 Service Providers

We share data with third-party service providers who help us operate the App:

Provider	Purpose	Privacy Policy
Supabase	Database, authentication, file storage	supabase.com/privacy
Stripe	Payment processing	stripe.com/privacy
Apple	Sign In with Apple	apple.com/legal/privacy
Google	Sign In with Google	policies.google.com/privacy
Nominatim / OpenStreetMap	Geocoding (city/state search, reverse geocoding)	osmfoundation.org
Flagcdn	State flag images	No personal data transmitted

These providers are contractually obligated to use your data only to provide services to us.

4.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of the App, our users, or others.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is subject to a different privacy policy.

05 Location Data

Location data is central to the App's functionality. Specifically:

Foreground only: Location is only accessed while the App is actively open on your screen. We do not track your location in the background.
Map functionality: Your GPS coordinates are used to center the map, load nearby places from our local database, and detect whether you are near a place to enable check-ins.
Check-in verification: Your location is compared against a place's coordinates to enforce our 0.5-mile check-in radius. This comparison happens on your device.
Reverse geocoding: On first GPS fix, your coordinates may be sent to Nominatim (OpenStreetMap) to determine your current state, solely to prompt you to download offline data for that state.
No continuous server-side tracking: We do not store a log of your GPS coordinates on our servers.

You can revoke location permissions at any time in your device settings, but doing so will limit core App functionality.

06 Photos

Photos you upload as part of place submissions or check-ins are:

Compressed and stored in Supabase cloud storage
Publicly accessible to other App users
Associated with your account

Do not upload photos containing sensitive personal information or images of other people without their consent.

07 Data Retention

Account data is retained for as long as your account exists.
User Content (places, check-ins, reviews, photos) may remain in the App after account deletion, in anonymized or attributed form, as it constitutes community data.
Location data is not stored server-side beyond what is embedded in place/check-in records you create.

To request deletion of your account and associated data, contact us at the address below.

08 Data Security

We take reasonable technical and organizational measures to protect your data, including:

Encrypted transmission (HTTPS/TLS) for all data in transit
Supabase Row Level Security (RLS) to restrict data access by user
Hashed password storage (never stored in plaintext)

No method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

09 Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us personal information, we will delete it promptly. If you believe a child under 13 has used the App, contact us immediately.

10 Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and personal data
Withdrawal of Consent: Revoke location or camera permissions at any time via device settings
Opt-out: The App does not use targeted advertising, so there is no ad targeting to opt out of

To exercise these rights, contact us at the address below.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

European Residents (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to data portability and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is your consent (location) and contract performance (account and core features).

11 Third-Party Links and Services

The App may contain links to third-party websites or services (e.g., navigation apps when you tap "Navigate"). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

12 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this policy. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.

13 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Email: info@nomadly.app
We will respond to requests within 30 days.