Privacy Policy

Nomady ("we", "our", or "us") is operated by MMM 0 LLC, a US limited liability company. This Privacy Policy explains what information we collect when you use the Nomady app, how we use it, and the choices you have.

By using Nomady, you agree to the collection and use of information described in this policy. If you do not agree, please stop using the app.

Information you provide directly:

• Email address and password (if you register with email)
• Citizenship / passport country (used to calculate visa and tax rules)
• Trip data you enter manually: cities, countries, dates, transport, notes

Information collected automatically:

• Precise GPS location — only when you grant permission and the app is active. Used to detect the city and country you are currently in and log it to your timeline.
• Background location — only if you explicitly grant 'Always' permission. Used to record arrivals and departures without opening the app.
• Device information: iOS version, device model (collected by third-party SDKs listed below).

Information we do NOT collect:

• We do not collect payment card numbers. Payments are handled entirely by Apple's App Store.
• We do not build advertising profiles or sell your data to third parties.

• To provide the core app features: map, timeline, visa tracker, tax residence tracker, AI trip suggestions.
• To sync your data across your devices (only if you enable Cloud Sync in Settings).
• To calculate visa days remaining and tax residence thresholds based on your travel history and citizenship.
• To generate AI-powered destination suggestions via Google Gemini (your itinerary is sent to Google's API — no identifying information is included).
• To process your subscription via RevenueCat and Apple's In-App Purchase system.
• To send you important account notifications (e.g. password reset).

By default, all your trip data is stored locally on your device using SQLite. It never leaves your device unless you explicitly enable Cloud Sync.

If you enable Cloud Sync, your data is stored in Google Cloud Firestore, encrypted in transit (TLS) and at rest. Your data is associated with your user account and is not accessible to other users.

You can disable Cloud Sync and delete all cloud data at any time from Settings → Account.

Nomady uses the following third-party services, each with its own privacy policy:

• Firebase (Google) — authentication, optional cloud storage. Privacy Policy
• RevenueCat — subscription management. Privacy Policy
• Google Gemini API — AI destination suggestions. Your trip itinerary (cities, dates) is sent to Google's API. No name, email, or device identifiers are included. Privacy Policy
• Apple Sign In / Google Sign In — OAuth authentication. We receive only your email and a unique user identifier.

Location is the most sensitive data Nomady handles. Here is exactly how we use it:

• Location is used only to detect and log your current city and country.
• Raw GPS coordinates are processed on-device to reverse-geocode a city name. The city name — not the raw coordinates — is what gets stored.
• If Cloud Sync is disabled, location data never leaves your device.
• If Cloud Sync is enabled, the resolved city/country names are stored in Firestore. Raw GPS coordinates are not stored.
• You can revoke location permission at any time in iOS Settings → Nomady → Location.

Nomady is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at legal@nomady.app and we will delete it.

You have the right to:

• Access — request a copy of your personal data.
• Correction — correct inaccurate data.
• Deletion — delete your account and all associated data from Settings → Account → Delete Account. Cloud data is deleted immediately. Local data is deleted when you uninstall the app.
• Portability — export your trip data (coming soon).
• Opt-out — disable Cloud Sync at any time in Settings.

California residents (CCPA): you have the right to know what personal information is collected and to request deletion. We do not sell personal information.

EU/UK residents (GDPR): our legal basis for processing is your consent (location) and contract performance (account, subscriptions). You may withdraw consent at any time.

We retain your account data for as long as your account is active. If you delete your account, all data is permanently deleted within 30 days. Anonymous analytics (if any) are retained for up to 2 years.

We use industry-standard measures including TLS encryption in transit, Firebase Security Rules restricting access to your own data, and hashed passwords (via Firebase Auth). No system is 100% secure — please use a strong, unique password.

We may update this policy from time to time. If we make material changes, we will notify you via the app or by email at least 7 days before they take effect. Continued use of the app after that date constitutes acceptance of the updated policy.

Questions? Email us at legal@nomady.app.

MMM 0 LLC