NomadbaseBack to Home

Last updated: 2026-04-24

This Privacy Policy describes how Nomadbase ("Nomadbase," "we," "us") collects, uses, and shares your personal information when you use our mobile applications for iOS and Android, our website at nomadbase.com, and our event services (collectively, the "Service").

The Service is operated by DN Ventures, Dios 29, Teresfanou, 7562, Cyprus. For privacy questions, contact us at hello@nomadbase.com.

1. Information We Collect

1.1 Information you provide

  • Account information — first name, last name, e-mail address, password (hashed), and optional profile photo when you sign up. We support sign-up via Apple, Google, or e-mail magic link.
  • Profile information — bio, company, tagline, languages, skills, social media handles, things you are looking for (e.g. mentor, collaboration), and what you are open to (e.g. coffee chats).
  • Location — current city / country (manually entered or detected from device GPS, with your permission), and optional travel plans (cities + dates you intend to visit).
  • Bookings & payments — the events you book, billing address, optional VAT ID, and amount paid. Card details are entered into Stripe's payment sheet and never reach our servers.
  • Community content — posts, stories, comments, votes, questions, and direct messages you create.
  • Support & feedback — content of e-mails, in-app feedback, and any screenshots you attach.

1.2 Information we collect automatically

  • Device & usage — device model, operating system, app version, language, time zone, IP address (transient, used for security and locale), and basic interaction logs.
  • Push tokens — when you allow notifications, we store the Apple/Firebase push token to send you event updates and direct messages.
  • Crash & performance data — anonymized stack traces and breadcrumbs via Sentry to fix bugs.

1.3 What we do not collect

  • We do not use third-party advertising or analytics SDKs (no Facebook, Google Ads, AppsFlyer, Mixpanel, etc.).
  • We do not track you across other apps or websites. The iOS App Tracking Transparency prompt is not shown because we do not track.
  • We do not sell your personal information to anyone, ever.

2. How We Use Your Information

  • To provide the Service — sign you in, show events, process bookings, deliver messages, and display your profile to other members of an event you have booked.
  • To send transactional e-mails — booking confirmations, magic-link logins, password resets, event reminders, and important account notifications.
  • To send push notifications — only those you have opted into. You can disable any category in app settings.
  • To enable community features — discoverability of your profile to fellow event participants, coffee-chat suggestions, and travel-plan matches.
  • To process payments — via Stripe, our payment processor. Stripe acts as an independent controller for the card data they collect.
  • To improve the Service — debug crashes, measure feature usage internally (no third-party trackers), and prevent abuse.
  • To meet legal obligations — tax records for bookings, lawful requests from authorities, and to enforce our Terms of Service.

3. Legal Bases (for users in the EU/UK)

  • Performance of contract — to deliver the Service you signed up for.
  • Legitimate interests — to operate the community, prevent abuse, secure the Service, and improve features.
  • Consent — for optional features like precise location, push notifications, marketing e-mails, and access to photos. You can withdraw consent at any time in the device's OS settings or in-app.
  • Legal obligation — for tax-record retention and law-enforcement requests.

4. Who We Share Information With

We share data only with the following processors, all bound by data-protection agreements:

  • Supabase (database, auth, file storage) — hosting region: EU.
  • Stripe (payment processing) — required to process card payments and Apple Pay / Google Pay.
  • Apple Push Notification service (Apple Inc.) and Firebase Cloud Messaging (Google) — to deliver push notifications to your device.
  • Resend (transactional e-mail) — to send booking confirmations, magic-link logins, and event reminders.
  • Sentry (crash & error reporting) — to fix bugs.
  • Vercel (web hosting) — to serve the public website and admin backoffice.

We may also disclose information when required by law, court order, or to protect the rights, property, or safety of Nomadbase, our users, or others.

5. International Transfers

Some of our processors (e.g. Stripe, Sentry, Vercel) may store data outside the European Economic Area, including in the United States. Where this happens, transfers are protected by Standard Contractual Clauses approved by the European Commission, in line with applicable data-protection law.

6. Your Rights

If you are in the EU/UK, you have the right to:

  • access the personal information we hold about you;
  • correct it, restrict its processing, or object to processing based on legitimate interests;
  • have it deleted ("right to be forgotten") — you can do this directly inside the app under You → Settings → Data & Privacy → Delete Account, or by writing to hello@nomadbase.com;
  • receive a portable copy of your data in a machine-readable format;
  • lodge a complaint with your national data-protection authority.

California residents have similar rights under the CCPA / CPRA, including the right to know, delete, correct, and opt out of any "sale" or "sharing" of personal information. We do not sell or share your personal information.

7. Account Deletion

You can delete your Nomadbase account at any time inside the app under You → Settings → Data & Privacy → Delete Account. Deletion removes your profile, posts, messages, travel plans, and location history within 30 days. Booking history and invoices are retained for tax-law compliance (10 years in the EU).

8. Data Retention

  • Account & profile data — until you delete your account.
  • Community content (posts, messages) — until you delete your account or the content.
  • Booking and invoice records — 10 years (EU tax law).
  • Crash logs and security logs — up to 90 days.
  • E-mail logs — up to 90 days.

9. Security

We use TLS for all data in transit and AES-256 encryption at rest for our database. Card details are handled directly by Stripe and never reach our servers. Access to production data is restricted to authorized engineers using two-factor authentication.

10. Children

Nomadbase is intended for users aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with information, contact us at hello@nomadbase.com and we will delete the account.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by e-mail or in-app notice at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent change.

12. Contact Us

If you have any questions, complaints, or requests regarding this Privacy Policy or your data, please contact us at:

DN Ventures
Dios 29, Teresfanou
7562, Cyprus
E-Mail: hello@nomadbase.com