Privacy Policy

nomu.land is the controller of your personal data. Our Data Protection Officer (Encarregado de Proteção de Dados, as defined by LGPD Art. 41) can be reached at:

• Email: privacy@nomu.land
• Subject line: "DPO / Encarregado"

The Encarregado is responsible for receiving communications from data subjects and the national authority (ANPD), and for advising on data protection practices.

We collect information you provide directly to us, as well as information generated automatically when you use our services.

Account and Authentication

• Email address (used for magic-link authentication)
• Display name, bio, and profile photo
• Website URL, social media links (Instagram, Twitter/X, LinkedIn, TikTok, YouTube)
• Languages, travel style, interests, and pronouns
• WebAuthn (passkey) credentials: credential ID, encrypted public key, device name, device type, registration and last-used timestamps

Device and Technical Information

• IP address (collected during authentication and for rate limiting)
• User agent string (browser and OS information)
• Client type (web or mobile)
• Authentication session metadata (timestamps, device type)

Travel and Trip Information

• Trip names, descriptions, and dates (start and end dates)
• Trip thumbnail images
• Favorite trip designations
• Public sharing settings (slug, visibility preferences, publication timestamps)
• Country codes and place information

Place and Location Data

• Place names and vendor place IDs (Geoapify)
• Geographic coordinates (latitude and longitude)
• Geohash data and bounding box coordinates
• Country, region, state, or province
• Timezone information (name and offsets)
• Arrival and departure dates for each place
• Place thumbnail images with photographer attribution

Transportation and Accommodation Details

• Transportation types (flight, train, bus, car, ferry, other)
• Departure and arrival locations and dates
• Confirmation codes and reference numbers
• Class and seat information
• Accommodation types (hotel, hostel, apartment, house, resort, other)
• Accommodation names, check-in and check-out dates
• Reservation codes, room details, and guest information
• Accommodation address

Content and Notes

• Structured notes (reservation, food, place, tip, photo, preparation, money, or other types)
• Note titles and bodies
• Media files you upload (JPEG, PNG, WebP images, up to 10 MB)

Polls and Collaborative Features

• Poll titles, descriptions, and date range options
• Voter name and email (email is hashed for deduplication)
• Vote choices (yes, no, maybe)
• Note: poll voting may collect data from non-registered users who participate in a poll via a shared link

Invites and Waiting List

• Invitee email addresses
• Invite status and timestamps
• Waiting list email addresses

Payment and Billing

• Purchase records (purchase ID, support tier, status, timestamps)
• Currency preference (USD or BRL)
• We do not store credit card numbers, CVVs, or full payment card details. All payment processing is handled by Stripe. See their privacy policy at stripe.com/privacy.

Calendar Feeds

• Calendar feed tokens (SHA-256 hashed) linked to your account, enabling external calendar applications to access your trip dates

Preferences and Settings

• Privacy settings (profile visibility, location sharing, data sharing, third-party sharing preferences)
• Locale, timezone, date format, and unit preferences
• Notification preferences (email, marketing)
• Marketing and analytics opt-out flags
• Map theme and display preferences
• Data retention period and account deletion delay preferences

Usage and Technical Information

• Backend metrics: user actions (e.g., trip created, login), error tracking, and performance data (published to GCP Cloud Monitoring with anonymized user IDs)
• Rate limiting records: IP address, attempt count, and expiration (auto-deleted via TTL)
• Communications with our support team

Under LGPD (Art. 7) and GDPR (Art. 6), we process your personal data based on the following legal grounds:

Performance of Contract (LGPD Art. 7(V) / GDPR Art. 6(1)(b))

• Account creation and authentication (email, WebAuthn credentials)
• Storing and managing your trips, places, transportation, accommodation, and notes
• Processing payments and managing subscriptions via Stripe
• Providing calendar feeds and public trip sharing features
• Processing invites and poll functionality

Consent (LGPD Art. 7(I) / GDPR Art. 6(1)(a))

• Marketing and promotional communications
• Non-essential analytics and usage tracking
• Third-party data sharing (where enabled in your privacy settings)

You may withdraw consent at any time through your account settings or by contacting privacy@nomu.land. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.

Legitimate Interest (LGPD Art. 7(IX) / GDPR Art. 6(1)(f))

• Rate limiting and abuse prevention (IP address, user agent collection)
• Security monitoring and fraud detection
• Service improvement through aggregated, anonymized analytics
• Technical error logging and debugging

Legal Obligation (LGPD Art. 7(II) / GDPR Art. 6(1)(c))

• Retention of payment and billing records for tax and audit purposes
• Responding to lawful requests from authorities

We use the information we collect to:

• Provide, maintain, and improve our travel planning and trip management services
• Store and organize your trips, places, transportation, and accommodation information
• Display your travel data on maps and visualizations using location coordinates
• Process and manage your travel bookings, reservations, and confirmations
• Enable you to create, edit, and manage travel notes
• Process payments and manage your subscription tier
• Enable collaborative features (polls, invites, public trip sharing)
• Personalize your experience based on your preferences and settings
• Authenticate your identity and secure your account
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and support requests
• Monitor and analyze usage trends to improve our services
• Send marketing communications (only with your consent)
• Prevent abuse and enforce rate limits
• Comply with legal obligations and protect our rights

We share personal data with the following categories of service providers, strictly for the purposes described below. Each provider processes data under their own privacy policies and applicable data processing agreements.

Cloud Infrastructure and Storage

• Google Cloud Platform (Firestore): Primary database for all user data (account, trips, places, preferences, etc.)
• Google Cloud Storage: Storage for uploaded files (profile photos, trip images)
• Google Cloud Monitoring: Aggregated metrics and telemetry (user IDs are anonymized UUIDs; no directly identifying information is sent)

Payment Processing

• Stripe: Handles all payment card processing. We send Stripe your user ID and email (as metadata) to associate payments with your account. Stripe processes your card number, expiration date, and CVC directly — we never receive or store this data. See Stripe's Privacy Policy.

Email Delivery

• Resend: Delivers transactional emails (magic links, welcome emails, invite notifications, poll invitations). We share your email address and email content with Resend for delivery purposes. See Resend's Privacy Policy.

Geolocation Services

• Geoapify: Provides place search, geocoding, and place detail enrichment. Search queries and coordinates are sent to Geoapify to resolve place information. See Geoapify's Privacy Policy.

Image Services

• Unsplash: Provides place thumbnail images. Search queries are sent to Unsplash to find relevant photos. No personal user data is shared. See Unsplash's Privacy Policy.

Map Tile Providers

• OpenStreetMap: Map data used under the Open Database License (ODbL).
• CartoDB/CARTO: Map tile rendering. Your browser requests map tiles directly from CartoDB servers, which may log IP addresses per their own policies.

We do not sell, trade, or rent your personal information. Beyond the third-party service providers listed above, we may share your information only in the following circumstances:

• With your consent: When you explicitly authorize sharing (e.g., enabling third-party sharing in your privacy settings)
• Public trip sharing: When you publish a trip with a public link, the trip data you chose to make visible (places, dates, itinerary) becomes accessible to anyone with the link, and optionally to search engines if you enable indexing
• Poll participants: When you create a poll, your name and poll details are visible to participants. Voter names and choices are visible to the poll creator.
• Legal obligations: To comply with applicable law, regulation, legal process, or governmental request
• Rights protection: To protect the rights, property, or safety of nomu.land, our users, or the public
• Business transfer: In connection with a merger, acquisition, or sale of assets, in which case you will be notified

Your personal data is stored on Google Cloud Platform servers, which may be located outside of Brazil, including in the United States. Our third-party service providers (Stripe, Resend, Geoapify, Unsplash) may also process data outside of Brazil and the European Economic Area.

These international transfers are conducted in compliance with:

• LGPD Art. 33: Transfers to countries or international organizations that provide an adequate level of data protection, or with appropriate safeguards including standard contractual clauses
• GDPR Art. 44–49: Where applicable, transfers are protected by Standard Contractual Clauses (SCCs) or the service provider's adherence to adequacy decisions

All third-party providers listed in this policy maintain data processing agreements that include appropriate safeguards for the protection of your personal data during international transfers.

We use cookies and other browser storage technologies to provide and maintain our services. We only use strictly essential cookies required for authentication — we do not use analytics, advertising, or preference cookies. Because these cookies are necessary to provide the service you have requested, they are exempt from consent requirements under ePrivacy and LGPD guidelines.

Authentication Cookies (Strictly Essential)

• access_token: HTTP-only, Secure, SameSite cookie containing your JWT access token. Expires after 1 hour. Required for authentication.
• refresh_token: HTTP-only, Secure, SameSite cookie containing your refresh token. Expires after 7 days. Required to maintain your session.

These cookies are set on the .nomu.land domain to enable cross-subdomain authentication. They cannot be accessed by JavaScript (HttpOnly flag) and are only transmitted over HTTPS (Secure flag).

Other Browser Storage (Not Cookies)

In addition to cookies, we use standard browser storage APIs to improve performance and enable offline access. This data never leaves your device and is not transmitted to our servers.

• localStorage: Trip planner preferences, theme settings, and display options
• IndexedDB (query cache): Previously fetched data cached locally to enable offline access and faster loading
• IndexedDB (media cache): Images cached as blobs for offline viewing
• IndexedDB (map cache): Map tiles and geographic data cached for offline map access

Managing Cookies and Storage

You can manage cookies and browser storage through your browser settings. Be aware that:

• Blocking or deleting authentication cookies will prevent you from logging in or staying logged in
• Clearing IndexedDB or localStorage will remove cached data and preferences but will not affect your account data stored on our servers

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest (GCP encryption)
• HTTP-only, Secure, SameSite cookies for authentication tokens
• Server-side authentication and token validation on every request
• Hashing of sensitive tokens (magic links, calendar feeds) before storage
• Encryption of WebAuthn public keys
• Rate limiting to prevent brute-force and abuse
• IP address collection limited to security purposes with automatic expiration
• Location data privacy controls based on your preferences

No method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Under LGPD (Art. 18) and GDPR (Art. 15–22), you have the right to:

• Confirmation and access: Confirm whether we process your data and obtain a copy of it
• Correction: Update or correct inaccurate or incomplete personal data
• Anonymization, blocking, or deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the law
• Portability: Request transfer of your data to another service provider (LGPD Art. 18(V) / GDPR Art. 20)
• Deletion: Request deletion of data processed with your consent
• Information about sharing: Know which public and private entities your data has been shared with
• Consent withdrawal: Withdraw consent at any time, without affecting the lawfulness of prior processing
• Objection: Object to processing based on legitimate interest if you believe your rights are being violated
• Opt out of marketing: Unsubscribe from marketing communications at any time via your account settings
• Restrict processing: Request restriction of processing in certain circumstances (GDPR Art. 18)

How to Exercise Your Rights

You can exercise most of these rights directly through your account settings (privacy controls, data export, account deletion). For any requests that cannot be handled through the settings interface, contact us at privacy@nomu.land. We will respond within 15 days (LGPD) or 30 days (GDPR).

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority:

• Brazil: Autoridade Nacional de Proteção de Dados (ANPD) — www.gov.br/anpd
• European Union: Your local Data Protection Authority (DPA)

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy. Specifically:

• Account and profile information: Retained while your account is active
• Trip, place, and travel data: Retained until you delete your account or specific items. Deleted trips are soft-deleted first and permanently removed after your configured retention period.
• Authentication tokens: Access tokens expire after 1 hour; refresh tokens after 7 days. Expired tokens are automatically purged.
• Magic link tokens: Consumed on use or expire automatically
• Rate limiting records: Auto-deleted via TTL after the limiting window expires
• Payment records: Retained as required by applicable tax and financial regulations
• Invites: Expire after 72 hours. Expired invites are automatically purged.
• Poll data: Polls expire after 30 days from creation
• Usage analytics: Retained in aggregated, anonymized form

When you delete your account, we will delete or anonymize your personal information within 30 days (configurable in your settings), except where we are required to retain it for legal or regulatory purposes.

You can configure your preferred data retention period and account deletion delay in your privacy settings.

nomu.land is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@nomu.land and we will delete that information promptly.

For users in jurisdictions where the age of digital consent is lower (e.g., 13 in some countries), the local minimum applies, but never below 13 years of age.

nomu.land does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you (LGPD Art. 20 / GDPR Art. 22). Rate limiting is applied automatically based on IP address to prevent abuse, but this does not constitute profiling and does not affect your rights or access to the service beyond temporary throttling.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes that affect your rights, we will provide additional notice via email. Your continued use of our services after the changes take effect constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:

• General privacy inquiries: privacy@nomu.land
• Data Protection Officer (Encarregado): privacy@nomu.land (subject: "DPO / Encarregado")
• General support: support@nomu.land