← Home

Privacy Policy

Last updated: May 17, 2026

What we collect

  • Account data: email, password (hashed), display name.
  • Profile data: birthday, gender, photos, bio, lifestyle answers, languages, and other fields you choose to fill in.
  • Location: approximate latitude/longitude when you grant browser permission, used to compute distance to other users and your "current city". Precise coordinates are never shared with other users — they only see distance and city.
  • Travel booking data: when you book through NOMADR we collect passenger details (full legal name, date of birth, gender as required by carriers), contact email and phone, passport / travel-document numbers and expiry where the Supplier requires them, frequent-flyer numbers, seat and meal preferences, payment method tokens, booking references (PNRs), and itinerary details.
  • Usage data: swipes, matches, messages, reports, blocks, search history, and basic device/IP info for security and abuse prevention.

How we use it

  • To operate matching, messaging, and the rest of the social service.
  • To search, price, book, ticket, modify, and cancel travel on your behalf via our integrated travel infrastructure provider.
  • To enforce age (18+), our Terms, and applicable law.
  • To investigate reports and prevent fraud, harassment, and abuse.
  • To send transactional emails (verification, password reset, account changes, booking confirmations, schedule changes).

We do not sell your personal data.

Travel data & Duffel

To complete a flight or hotel booking, we transmit the passenger and payment information you provide to Duffel, our travel infrastructure provider, which in turn shares the data with the airline, hotel, or other travel supplier you have selected, and with Global Distribution Systems (GDS), payment processors, and government agencies where required by law (for example Advance Passenger Information / API and Secure Flight programs).

Once a booking is made, the relevant Supplier becomes an independent controller of that data and its handling is governed by the Supplier's own privacy policy. We cannot delete data held by a Supplier on your behalf; requests to access or erase data inside a carrier's reservation system must be directed to that carrier.

Payment card data is tokenized; we do not store raw card numbers on our servers.

Who sees what

Other users can see your display name, photos, bio, age (unless hidden), distance (unless hidden), and the profile fields you've completed. They cannot see your email, birthday, exact coordinates, travel itineraries, passport details, or auth data. Travel bookings and passenger details are visible only to you and to the Suppliers and processors required to fulfill the booking.

How long we keep data

We keep your social data while your account is active. When you delete your account, your profile, photos, matches, and messages are permanently removed. Travel booking records (itineraries, invoices, PNR references) are retained for up to seven years after the travel date to satisfy tax, accounting, consumer-protection, and dispute-resolution obligations, even after account deletion. Logs needed for safety, abuse prevention, or legal compliance may be retained longer in anonymized form.

Your rights

You can:

  • Access and edit your profile from Settings.
  • Delete your account permanently from Settings → Account → Delete account.
  • Request a copy of your data by emailing privacy@nomadr.app.
  • If you're in the EU/UK (GDPR) or California (CCPA), you have additional rights to access, port, correct, or delete your data — contact us and we'll respond within 30 days. Note that travel data already transferred to a Supplier must be requested from that Supplier directly.

Security

We use encryption in transit, hashed passwords, tokenized payment instruments, and row-level database security. No system is perfectly secure — please use a strong, unique password.

Third parties

We use service providers to run the app: hosting, authentication, database, email delivery, map/geocoding, photo moderation, and our travel infrastructure provider (Duffel) plus its downstream airline, hotel, GDS, and payment-processor network. They process data on our behalf under contract and may not use it for their own purposes, except that Suppliers acting as independent controllers (e.g. airlines fulfilling your booking) operate under their own privacy policies.

International transfers

Travel by its nature crosses borders. To fulfill a booking, your data may be transferred to Suppliers and authorities in the country of origin, destination, and any transit points, which may have different data-protection laws than your home country. By making a booking you instruct us to make these transfers as necessary to deliver the travel service.

Children

NOMADR is for adults 18+ only. We do not knowingly collect data from anyone under 18. If you believe a minor is using NOMADR, email safety@nomadr.app and we will remove the account. Adult account holders may submit data about minor passengers traveling with them solely to complete a booking; that data is used only for the booking and retained per the section above.

Changes

We'll notify you in-app of material changes to this policy.

Contact

Privacy questions: privacy@nomadr.app.