nomadic.

Privacy Policy

# Privacy Policy

Last updated: May 05 2026

This Privacy Policy explains what information Brickworks LLC ("Brickworks," "we," "us") collects when you use Nomadic, how we use it, who we share it with, and the rights you have over it.

By creating an account or using Nomadic, you consent to the collection and use described here.

## 1. Information you give us

When you create an account or use the app, you provide:

- Account info — your email or Apple/Google identity, your handle, your display name, and your date of birth. Date of birth is required: it verifies the 17+ minimum at the database level (you cannot create or hold an account without it) and serves as a liability signal for safety-feature use. We do not display your DOB to other users.

- Profile content — photos, bio, the rigs and companions (vehicles, dogs, other animals) you choose to add, your skills and market items.

- User-generated content — waypoints you submit, beacons you raise, hazard reports, dog-water-safety reports, pet rules notes, lost-pet alerts and sightings, route plans, messages, travel party chats, convoy announcements, gathering posts, and photos uploaded with any of these.

- Trusted contacts — names and phone numbers of people you designate to receive safety alerts on your behalf. By adding a trusted contact you confirm you have their permission to share their phone number with us for the purpose of sending safety SMS.

- ID verification documents (only if you choose to verify) — processed by Stripe Identity. We retain only the verified result; we do not store ID images.

## 2. Information we collect automatically

- Location — when you actively use a location-dependent feature, we read your precise GPS coordinates. We do NOT run any background location collection. See the Location Data Policy for the complete list of when and why we read location and what we keep.

- Crew location sharing — if you enable Crew Location Sharing in Settings → Privacy, your last-known location (last GPS ping) is stored on your profile and made visible to accepted Crew and Roadmate connections. This feature is **off by default** for new accounts. You can disable it at any time; disabling it immediately clears the stored point from your profile.

- Device data — device model, operating system version, app version, runtime version, language, timezone, push notification token, and an installation identifier.

- Usage data — what screens you visit, what features you use, error and crash reports.

- AI prompt text — when you use Ask Scout or similar AI features, your prompt is sent to the AI model provider. We retain prompts in our logs for service improvement and abuse detection (see Section 4 for provider details).

- IP address — captured on web sessions and during edge-function calls; used for security and abuse prevention.

We do not track you across other companies' apps or websites. We do not sell your personal information.

## 3. How we use your information

- Provide the app: search waypoints, render maps, store your content, deliver messages.

- Run safety features: route SOS alerts, deliver missed-checkin notifications, fan out beacons, send arrival pings to nearby travelers, send SMS to trusted contacts, propagate lost-pet alerts.

- Communicate with you: transactional dispatches (push and email), security notices, optional community news (opt-in).

- Improve the product: aggregate usage analysis, debugging, fixing crashes, designing new features.

- Prevent abuse: detect spam, harassment, fraud, gaming of merit/pin/vouch systems; investigate reports; enforce our Terms. When a filed content report requires it, a Nomadic team member may access the message history of the reported conversation to evaluate the report. This access is tied to a specific filed report — we do not browse private conversations proactively or outside of an active investigation. Every instance of staff access to private message content is logged internally with the reviewer's identity, the timestamp, and the report that triggered it.

- Comply with law: respond to lawful requests from authorities, resolve disputes, enforce agreements.

## 4. Who we share your information with

We work with the following service providers, who process your data on our behalf:

- Supabase — hosts our database, authentication, file storage, and edge functions (United States).

- Mapbox — provides map tiles for the in-app map and reverse-geocoding when you submit a waypoint or view a friend's last-ping location (so locations can carry a human-readable place name).

- OneSignal — delivers push notifications.

- Resend — delivers transactional email (confirmation, password recovery, account notices).

- Expo / EAS Update — delivers over-the-air JavaScript bundle updates to the mobile app. Receives device + runtime metadata, no user content.

- Sentry — collects crash reports and uncaught error stack traces. Configured to redact location coordinates, message bodies, contact details, tokens, and other sensitive fields before egress.

- PostHog — collects product analytics events (screen visits, feature usage). Does not auto-capture text input. Same redaction list as Sentry.

- RevenueCat — manages subscription state for Nomad Pass.

- Apple and Google — handle sign-in and in-app purchase.

- Twilio — sends safety SMS to trusted contacts.

- Stripe Identity — processes ID verification when you choose to verify.

- Anthropic — provides the AI model ("Claude") that powers Scout features: place-context readings, waypoint name suggestions, and the Ask Scout helper. When you use any Scout feature, your prompt and relevant location context are sent to Anthropic for response generation. Anthropic does not use your prompts to train its foundation models under our data processing agreement.

- Open-Meteo / National Weather Service — the Storm Watch field tool fetches publicly available weather forecast data from Open-Meteo and NOAA's api.weather.gov. No user-identifying information is sent with these requests.

We require these providers to handle your information consistent with this Policy.

We may also share information when:

- You make it public — your handle, display name, profile photo, public waypoints, beacons, market items, skill listings, lost-pet alerts, gatherings, and merit/pin status are visible to other users.

- You message someone — your messages, travel party posts, and convoy announcements are visible to recipients (and stored on our infrastructure).

- You enable Crew Location Sharing — your last-known GPS ping is visible to users you have accepted as Crew or Roadmates.

- You post a convoy — your origin location (used to compute the route bearing) and your stated destination are visible to other users viewing convoy listings within the discovery radius.

- You opt into the mutual aid mesh — your last-seen point and willingness to respond are visible to nearby Nomadic users with active safety alerts.

- You report or are reported — if you file a content report or are named in one, a Nomadic team member may access the messages or other content referenced in that report to evaluate it and take appropriate action. Users who file reports do not receive access to any other user's private messages; report outcomes are communicated as a moderation decision, not as a content disclosure.

- Required by law — we will respond to valid legal process. Where allowed, we will notify the affected user before responding.

- Business transfer — if Brickworks LLC is acquired or merges, your information may transfer with the company. We will notify you of any change of controller.

## 5. Your choices and rights

- Access, correction, deletion — you can review and edit most profile information from settings. To delete your account, see Settings → Delete Account (30-day grace window; see Section 6). To request a copy of your data outside the in-app surfaces, email team@nomadic.guide. We will respond within 30 days.

- Notification preferences — granular per-channel push and email controls in Settings → Notifications.

- Location — controlled by your device's OS permission, plus Nomadic-specific opt-ins for the mutual aid mesh, crew location sharing, arrival pings, lost-pet alerts, and visibility mode.

- California residents — you have rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of sharing. We do not sell your information.

- EU/UK residents — you have rights under GDPR/UK GDPR, including access, rectification, erasure, restriction, portability, and objection. The legal bases we rely on are: performance of our contract with you, your consent for optional features, our legitimate interests in security and product improvement, and compliance with law. The data controller is Brickworks LLC.

## 6. Retention

We enforce the following retention windows with scheduled cron jobs that run nightly. The schedules are part of our database — not aspirational policy.

- **Account information** — kept while your account is active. When you request account deletion, your account enters a 30-day grace period. During the grace window your profile is hidden, your check-ins are anonymized, and your last-seen point is cleared from the Mutual Aid Mesh and from Crew Location Sharing. You can cancel from inside the app at any point during the window. After 30 days, the account and its associated rows (subject to cascade) are permanently removed.

- **Check-ins** — inactive (checked-out) check-ins are hard-deleted 12 months after they end. Active check-ins are preserved indefinitely.

- **Safety alerts** — kept for 24 months as part of the safety audit trail (so trusted contacts and moderators can reconstruct sequences after the fact), then hard-deleted along with their recipient records.

- **Mutual Aid Mesh location** — your last-seen point is cleared immediately when you opt out of the mesh, request account deletion, or are suspended. Even if you stay opted in, any last-seen point older than 14 days is cleared nightly so your stored location reflects only recent activity.

- **Crew Location Sharing (last ping)** — governed by the same 14-day nightly clear as the Mutual Aid Mesh point. Disabling Crew Location Sharing in Settings → Privacy clears the point immediately.

- **Convoy announcements** — active convoy listings are visible to matched users. A convoy is archived (no longer discoverable) after its departure date passes or you leave/disband the convoy; archived convoys are retained for 12 months then purged.

- **Public content** — waypoints, public beacons, market items, gatherings, and other content you intentionally published may persist after account deletion in anonymized form, because removal would also affect other users who depend on that content.

## 7. Children

Nomadic is not directed to anyone under 17. We enforce the 17+ minimum at sign-up via a database-level age trigger and an in-app age gate. We do not knowingly collect information from anyone under 17. If you believe we have collected such information, contact team@nomadic.guide and we will delete it.

## 8. International transfers

Nomadic is operated from the United States. Information you provide is stored and processed in the United States and other countries where our service providers operate. By using Nomadic, you consent to this transfer.

For users in the EU/UK, we rely on Standard Contractual Clauses where required.

## 9. Security

We use industry-standard practices — encrypted transport (TLS), database-level access controls, row-level security, redaction of sensitive fields before observability egress, and limited employee access — to protect your information. No system is perfectly secure. You are responsible for keeping your account credentials safe and for promptly reporting any suspected unauthorized access.

## 10. Over-the-air updates

We may push incremental updates and bug fixes to the mobile app via Expo's EAS Update service. EAS Update delivers JavaScript bundles only — it cannot change device permissions, add new native modules, or modify anything outside the JavaScript layer of the app. The device requests an update on launch and downloads it in the background; no personal information is sent to Expo as part of this process beyond device + runtime metadata required to select the right bundle.

## 11. Changes

We may update this Privacy Policy. Material changes will be communicated through the app and require you to acknowledge the new version before continuing to use Nomadic. The "last updated" timestamp at the top of this document reflects the most recent change.

## 12. Contact

Brickworks LLC

Email: team@nomadic.guide