< Back to Noma home

Privacy Policy

Noma Privacy Policy

Effective Date: July 1, 2026
Operator and controller: Tash-had Saqif, doing business as Noma
Website: trynoma.co
Contact for privacy requests: contact@trynoma.co
Applications covered: the Noma iOS app, listed as "Noma - for digital nomads" in the App Store, and related websites, services, and features (the Service).

This Privacy Policy explains how Noma (we, us, or our) collects, uses, shares, and protects information when you use the Service. We collect data to provide, secure, personalize, support, and improve the Service. We do not sell personal information and we do not use personal information for third-party advertising.

1. Scope and Controller
   Tash-had Saqif, doing business as Noma, is the controller of personal data processed in connection with the Service where controller concepts apply. This Policy applies worldwide to users who access or use the Service.

2. Information We Collect
   2.1 Information you provide or generate in the app
   - Account and sign-in: When you sign in with Apple, we or our authentication provider receive information needed to authenticate you, such as your Apple-provided user identifier, authentication tokens, and, if Apple provides it and you allow it, your name and email address.
   - Onboarding and profile: Your name, answers to the five Nomad Archetype onboarding questions, final Nomad Archetype, app settings, temperature preference, light-mode preference, time-zone filter settings, and related profile state. These are primarily stored locally on your device, though related analytics events may be sent as described below.
   - Destination preferences and travel history: Destination filter choices, selected or searched reference locations, time-zone preferences, and countries you mark as visited.
   - Trip and itinerary inputs: Destination, destination coordinates when selected, dates or flexible day count, trip type, trip pace, work mode, work hours, work time zone, work environment, neighborhood preference, weekend side-trip preference, and activity preferences.
   - Generated itineraries: Itinerary status, generated schedules, activities, neighborhoods, map-related places and coordinates, summaries, cover image URLs, timestamps, and related itinerary records.
   - Time-zone schedule planner: Work city, destination city, city coordinates, time zones, and saved time blocks. These are currently stored locally on your device unless included in another feature such as feedback or analytics.
   - Visited countries: Countries you select manually and countries added from completed itineraries. These are currently stored locally on your device.
   - Feedback and communications: Feedback categories, description, associated user identifier, associated itinerary identifiers, timestamps, support requests, emails, and any optional contact information you include in the message.

   2.2 Information collected automatically
   - App analytics and diagnostics: App events, feature usage, onboarding progress, selected filters, itinerary-generation status, error events, app version, device type, operating system, language, approximate region, and performance-related data.
   - Subscription status: RevenueCat and Apple may provide subscription entitlement status, product identifiers, purchase identifiers, receipts, renewal status, and related transaction information. We do not receive your full payment card number.
   - Security and integrity data: Firebase App Check, App Attest, DeviceCheck, authentication, abuse-prevention, and request metadata used to help protect the Service.
   - Website analytics: The website uses Google Analytics/Google tag, which may collect page views, referrers, device/browser information, approximate location, identifiers, and cookie or similar technology data.

   2.3 Location and search data
   - Device location: If you grant iOS location permission, the app may collect foreground location while you are using the app to infer your city or time zone for destination filtering and time-zone features. We do not use background location in the current app.
   - Location search and maps: If you search for or select locations, Apple MapKit and related Apple services may process the search query, selected place, coordinates, and map-related data under Apple's terms and privacy policy.
   - Weather: When generating an itinerary, Apple WeatherKit may receive destination coordinates and trip dates to return weather information.

   2.4 Information from third parties
   - Apple: Sign in with Apple information you authorize, App Store transaction information, MapKit data, WeatherKit data, App Attest, and DeviceCheck information.
   - Firebase/Google Cloud: Authentication identifiers, Firestore records, Storage records, Remote Config/App Check data, and Analytics events.
   - RevenueCat: Subscription entitlement and receipt information.
   - OpenAI or similar AI providers: Itinerary prompts, relevant trip context, generated outputs, and image-generation inputs/outputs needed to provide AI-assisted features.
   - Google Analytics: Website analytics and related identifiers.

   We do not intentionally seek to collect sensitive personal information such as precise identity-document numbers, financial account numbers, passwords, health information, religious beliefs, or government identifiers. Please do not submit such information to the Service.

3. How We Use Information
   We use information to:
   - provide and operate the Service, including authentication, subscriptions, onboarding, destination discovery, filters, trip planning, itinerary generation, saved itineraries, maps, weather summaries, time-zone schedules, visited-country tracking, settings, and feedback;
   - personalize the Service, including Nomad Archetype results, For You filters, destination relevance, time-zone-friendly destinations, itinerary structure, and activity recommendations;
   - process subscriptions, trials, entitlements, and billing status through Apple and RevenueCat;
   - generate AI-assisted itineraries, summaries, schedules, maps-related content, and cover images;
   - store and sync itinerary records through Firebase/Google Cloud;
   - provide support, respond to feedback, and communicate important service notices;
   - analyze performance, troubleshoot errors, improve usability, test features, and understand aggregate usage;
   - prevent fraud, abuse, unauthorized access, paywall circumvention, and security incidents;
   - comply with legal obligations, enforce our Terms, and protect rights, safety, and security.

   Legal bases where required may include contract performance, legitimate interests, consent, legal obligations, and protection of rights and safety.

4. AI Providers
   We use OpenAI and may use similar AI providers to generate itineraries, schedules, destination-related text, and cover images. We send relevant trip context, such as destination, dates, work preferences, activity preferences, weather context, and other itinerary inputs. We try to limit what we send to what is reasonably needed for the feature.
   AI provider processing, retention, and review are governed by provider terms and policies and by the settings we configure. Do not submit sensitive personal information or confidential information in itinerary inputs or feedback.
   AI outputs may be inaccurate, incomplete, unsafe, duplicated, or outdated and are provided for informational purposes only, not professional advice.

5. Sharing of Information
   We share information only as needed for the purposes described in this Policy:
   - Apple: App Store transactions, Sign in with Apple, MapKit, WeatherKit, App Attest, DeviceCheck, and device permission flows.
   - Firebase/Google Cloud: Authentication, Firestore database, Cloud Storage, Remote Config, App Check, Analytics, cloud functions, hosting, and infrastructure.
   - RevenueCat: Subscription management and entitlement checks.
   - OpenAI or similar AI providers: AI itinerary, content, and image generation.
   - Google Analytics: Website analytics.
   - Email and support providers: Communications you send to us or that we send in response.
   - Legal and safety disclosures: We may disclose information if required by law, legal process, platform rules, or to protect rights, safety, security, users, Noma, or third parties.
   - Business transfers: Information may be transferred in connection with a reorganization, merger, acquisition, financing, sale of assets, change of operator, or formation of a business entity to operate the Service, subject to this Policy or a successor policy.

   We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

6. Local Storage and Cloud Storage
   Some information is stored locally on your device using Apple platform storage, including onboarding state, profile settings, schedules, visited countries, and locally cached itinerary data. Some information is stored in Firebase/Google Cloud, including itinerary requests, generated itinerary records, feedback, and related operational records.
   Removing the app may delete local data on your device but does not automatically cancel subscriptions or necessarily delete cloud records. Subscription cancellation must be handled through Apple ID settings. Account or cloud-data deletion requests can be sent to contact@trynoma.co.

7. Retention
   We retain personal information only as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, maintain subscriptions and records, resolve disputes, enforce agreements, comply with law, protect security, and maintain backups.
   Retention periods vary by category:
   - Account/authentication records: for the life of the account, plus a reasonable period for deletion, backup, security, and legal needs;
   - Itinerary records and prompts: while needed for your account access, generation history, debugging, product improvement, security, and legal needs, unless deleted or anonymized earlier;
   - Deleted itineraries: may be removed locally and marked deleted in cloud records, with residual records retained as needed for backup, security, abuse prevention, debugging, and legal needs;
   - Feedback and support messages: as long as needed to respond, improve the Service, track issues, and maintain business records;
   - Analytics and diagnostics: according to our provider settings and business needs, generally in aggregated or event-level form;
   - Transactions and receipts: as required or permitted by Apple, RevenueCat, tax, accounting, platform, and legal requirements;
   - Aggregated, de-identified, or anonymized information: may be retained indefinitely where it cannot reasonably identify you.

8. Your Rights and Choices
   Depending on where you live, you may have rights to access, correct, delete, restrict, object to processing, withdraw consent, or receive a copy of personal information. To exercise rights or request account/cloud-data deletion, email contact@trynoma.co from your account email and include your name, the email used for Noma, and the request type. We may ask for additional verification before fulfilling a request.
   You can control location and notification permissions in iOS Settings. You can cancel subscriptions in Apple ID settings. You can limit some analytics or tracking through device, browser, and cookie settings where available.
   We do not sell personal information and do not share personal information for cross-context behavioral advertising.

9. International Data Transfers
   We and many of our providers are based in the United States. If you access the Service from outside the United States, your information may be processed in the United States and other countries that may have different data protection laws. Where required, we use appropriate safeguards for cross-border transfers.

10. Security
   We use technical and organizational measures designed to protect information, including platform authentication, Firebase security controls, App Check, access controls, encryption in transit, and provider security measures. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children
   The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.

12. Third-Party Links and Services
   The Service may link to or rely on third-party services. Third-party privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.

13. Do Not Track
   Some browsers offer a "Do Not Track" signal. Our website and Service do not currently respond to DNT signals. You may use browser, device, and cookie controls to limit some collection.

14. Changes to This Policy
   We may update this Policy from time to time. We will post the updated version with a new effective date and, where required, provide additional notice of material changes. Your continued use of the Service after an updated Policy takes effect means you acknowledge the updated Policy.

15. Governing Law and Venue
   Governing Law: New York, USA.
   Venue: State and federal courts located in New York County, New York, USA, subject to the dispute-resolution terms in our Terms of Service.

16. Contact
   Operator: Tash-had Saqif, doing business as Noma
   Email: contact@trynoma.co
   Website: trynoma.co
   Postal: New York, New York, USA (email us for the current mailing address)

Summary of Key Practices
   - No sale of personal information and no third-party advertising use by Noma.
   - Sign in is currently through Apple.
   - Location is optional foreground location used for time-zone and destination-filter features.
   - Itinerary generation uses Firebase/Google Cloud and OpenAI or similar AI providers.
   - The website uses Google Analytics.
   - Subscriptions are handled by Apple In-App Purchase and RevenueCat.
   - You can request access, correction, or deletion by emailing contact@trynoma.co.