Nomadtable Privacy Policy

Version 3.0

Last Updated: October 21, 2025

Effective Date: October 22, 2025

This Privacy Policy (v3.0) replaces our previous Privacy Policy v2.0, which was effective until October 21, 2025. Previous versions are available upon request at [email protected].

1. INTRODUCTION

Welcome to Nomadtable ("we," "our," or "us"), where you can find friends while traveling solo. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and services that connect solo travelers for shared activities worldwide. Undefined terms in this Privacy Policy will have the same definition as in our Terms of Service.

2. INFORMATION WE COLLECT

Some of the information we collect is necessary for you to create and maintain a Nomadtable account, and some voluntary. However, if you don’t provide necessary information when requested, then we may not be able to provide you with access to the App or fulfill our obligations to you (such as providing services you request).

Information You Provide

Contact information (e.g., name, email).
Profile details (e.g., age, gender, home country, languages spoken, interests).
Content you submit (e.g., messages, activities created, future trips).
Profile pictures, images, and locations you send as chat messages
Verification images
Referral information (e.g., how you heard about Nomadtable).

Verification images you choose to submit are retained only temporarily to allow comparison between your profile image and your submitted verification image. After verification, they are deleted within 7 days unless we must retain them longer to comply with law or to investigate fraud/security incidents.

All photos and images you upload—including profile pictures, additional profile images, and images shared in activities or chats—are automatically analyzed using AI-powered tools (AWS Rekognition) to detect explicit, violent, or otherwise prohibited content. This helps maintain a safe community and uphold our Community Guidelines. In some cases, flagged images may be reviewed by trained human moderators under confidentiality obligations. We do not use these images to train external or internal AI models, and analysis is limited to safety and policy-enforcement purposes.

Information We Collect Automatically

Location Information: We collect location information through your device. You can limit this collection via your device controls.
App Usage: We collect information about when and how you use our Products, including what profiles and events you view.
Log Data and Device Information: We automatically collect certain technical information when you use Nomadtable to ensure proper functionality and improve performance. This may include your device model, operating system version, app version, language, time zone, IP address, and diagnostic data related to log-ins, crashes, or errors.

3. HOW WE USE YOUR INFORMATION

We use the personal information we collect mainly to provide our Products to you and to improve them. Specifically, we may use the data we collect to:

Provide the Products you requested.
Register your account, verify your identity, and verify the accuracy of your information.
Develop, operate, improve, maintain, and protect our Products.
Manage and administer your subscription.
Personalize our Products, including to show nearby activities, nearby AI activity suggestions, nearby travelers, and to show your distance from other users on the platform (which you can disable at any time by toggling the “Hide my distance away from others” option in your app settings).
Provide engagement insights, such as profile-view notifications and analytics (e.g., showing premium users nearby travelers who have viewed their profile).
Verify and enhance the safety and security of our Products.
Verify and analyze user engagement, trends, and usage.
Handle and record user rights requests, including opt-ins and opt-outs.
Prevent fraud or other unauthorized or illegal activity.
Enforce, investigate, and report conduct violating our Terms of Service, Community Guidelines, or other policies.
Respond to requests from law enforcement agencies or other government agencies, and comply with legal or regulatory requirements.

Location Data: We collect your location to show nearby travelers, display relevant activities in your area, and generate personalized AI-based activity recommendations. We also use approximate location data to show your distance from other users, and to power profile-view insights for nearby users (premium users can see how far away you were when you viewed their profile, if you have allowed the app to show your distance away). You can disable distance visibility at any time by toggling “Hide my distance away from others” in your app settings.

Verification Data: If we need to verify that your identity matches the identity presented in your profile, we may ask you to submit images for facial verification. This data is used solely for identity verification.

Legal Bases: The table below sets out a description of all the ways we use your personal data, and which of the justifications we rely on to do so. We have also identified what our legitimate interests are where we rely on that justification for processing.

Purpose	Legal Bases	Data Categories Used
Create and maintain your account and enable account login/ authentication	Contractual Necessity	Contact info; profile details; profile photos; verification images; device/log data
Verify your identity and protect the platform from fraud	Contractual necessity; legal obligation	Verification images; profile details; log data; AWS Rekognition comparison data
Enable chat, groups, and activity participation	Contractual Necessity	Profile info; messages; group membership; device/log data
Display nearby users and activities	Consent (for location); legitimate interests (to provide core functionality)	Location grid data; profile info; activity participation
Personalize suggestions and AI-generated recommendations	Legitimate interests (service improvement); consent (for AI features where required)	Location; interests; AI suggestion data
Process subscriptions and payments (Nomadtable Plus)	Contractual necessity; legal obligation (tax/audit)	Transaction identifiers; subscription status; email
Improve, troubleshoot, and secure the app	Legitimate interests	Analytics data; log data; crash reports
Investigate and act on policy violations or legal requests	Legal obligation; legitimate interests (platform safety)	Any relevant account, content, or log data
Provide engagement insights (e.g., profile-view notifications and analytics)	Legitimate Interests – to help users understand engagement with their profile and encourage meaningful interactions	Profile details (e.g., name, photo, home country), App Usage data (e.g., profiles viewed), Location Information (for nearby views)

Automated Decision-Making: Nomadtable does not make decisions with significant legal or similar effects based solely on automated processing. AI-based systems are used only to assist with moderation, recommendations, and safety features, under human oversight.

4. HOW WE SHARE INFORMATION

We may share Personal Information we collect about you:

With other Nomadtable users, according to your account preferences and consistent with our Terms of Service and Community Guidelines.
With service providers who help us operate the platform (for example, for hosting, analytics, messaging, verification, or customer support). These providers only access the information necessary to perform their services and are bound by confidentiality and data protection obligations.
For legal, safety, and protection purposes, including to comply with law enforcement requests, subpoenas, or court orders, or to protect the rights, property, and safety of Nomadtable, our users, or the public.
To enforce our rights, including investigating or preventing potential violations of our Terms of Service, Community Guidelines, or applicable law.
In connection with a corporate transaction, such as a merger, acquisition, financing, or sale of assets. In such cases, any successor entity will be required to treat your information in a manner consistent with this Privacy Policy.

We do not sell your personal information and we do not share your personal information with third parties for cross-context behavioral advertising.

Other Users and Travelers Here List:

When you are in a given area, your public profile (including name, profile photo, home country, and age) may appear in the “Travelers Here” list visible to other users in that area. Your exact location is never shown to other users. Instead, your location is associated with a map grid, with the most precise level being approximately 8 km × 8 km. Depending on zoom level, the grid may be larger (less precise). If users zoom in beyond a certain threshold (more precise than the 8 km x 8 km grid), the “Travelers Here” list will show users in the broader 8 km x 8 km grid around the center point of the map’s screen, not the users whose location is in the more precise viewport.

Users can freely move the map to view other cities or countries, but doing so does not reveal your exact location; it only loads public traveler data for the selected area. In less populated or remote areas, even grid-based visibility may still allow others to infer your general region. By using the platform, you acknowledge and accept this potential.

Users can enable “Snooze Mode” at any time to hide themselves from the “Travelers Here” List

Third-Party Service Providers

We use third-party providers to enable essential app functions, such as analytics and messaging. Service Providers will have access to your Personal Information needed to perform their business functions, but may not use or share that Personal Information for purposes outside the scope of their functions related to the App:

Firebase (Google LLC) – Usage analytics and crash reporting, authentication, database, backend functions, storage
Stream Chat (GetStream.io, Inc.) – Chat functionality.
OpenAI API (OpenAI, Inc.) – AI-generated recommendations.
AWS Rekognition (Amazon Web Services, Inc.) – AI-powered image moderation and identity verification.
Independent Moderators and Reviewers – In limited cases, we may engage independent contractors to assist with human review for identity verification and content moderation. These contractors are bound by confidentiality agreements and data protection obligations and are only permitted to access the minimum information necessary to perform their assigned tasks.

Verification. We use AI-powered image moderation and verification to detect inappropriate content and confirm identity. For verification, users may be required to submit a live photo (e.g., taking a selfie in the app) for comparison. These images are processed by AWS Rekognition, an AI service that assists with image moderation and identity verification.

Legal Compliance

We may share your information when required by law, including in response to:

Law enforcement requests, subpoenas, or court orders.

Legal obligations related to fraud prevention, financial regulations, or national security.

Compliance with applicable data protection laws, including GDPR and CCPA/CPRA.

Security & Protection

We may also process or share your information when necessary to:

Detect, investigate, and prevent fraudulent activities, unauthorized access, or security threats.

Enforce our Terms of Service and protect the rights, safety, and property of Nomadtable, our users, or the public.

Respond to reports of inappropriate content or violations of our community guidelines.

5. THIRD-PARTY SERVICES

Parts of Nomadtable may link to or integrate with third-party services. Nomadtable does not own or control these third parties, and this Privacy Policy does not apply to their data practices. When you interact with these services or choose to link your Nomadtable account (for example, with a social network), you are providing your information directly to that third party. Please review their privacy policies before sharing any information.

6. DATA SECURITY

While no organization can guarantee perfect security, we are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unlawful or unauthorized access, loss, destruction, or alteration.

Access to personal data is restricted to authorized personnel and service providers under strict contractual and technical safeguards, and data is encrypted in transit and at rest where applicable.

7. YOUR PRIVACY RIGHTS AND CHOICES

You can control your experience on the App via the settings in the Nomadtable App, options on our other surfaces, or your device controls - for instance, by updating your contact information, unsubscribing from marketing emails, turning off push notifications, or restricting sharing of your location.

Depending on your location, you may have additional rights under local privacy laws:

Access and Portability. You may request certain copies of your personal information held by us. In certain instances, you also have the right to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).

Rectification. You may ask us to correct inaccurate or incomplete personal information about you (and which you cannot update yourself within your Nomadtable account).

Erasure. We generally retain your personal information for as long as is necessary for the performance of the contract between you and us, to comply with our legal obligations, and as permitted by applicable law. You may ask us to delete your personal information, subject to certain limitations and restrictions. Please note that if you request the erasure of your personal information, we may retain certain information about you:

as necessary for our legitimate business interests and safety, such as prevention of money laundering, fraud detection and prevention, and enhancing safety.
to the extent necessary to comply with our legal, tax, reporting, and auditing obligations.

Withdrawing Consent. If we are processing your personal information based on your consent you can withdraw your consent at any time by changing your account settings or, consistent with applicable law, by emailing [email protected] specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.

Restriction of Processing. You may ask us to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information, (ii) the processing is unlawful and you oppose the erasure of your personal information, (iii) we no longer need your personal information for the purposes of the processing, but you require the personal information for the establishment, exercise, or defence of legal claims, or (iv) you have objected to the processing and pending the verification whether the legitimate grounds of Nomadtable override your own.

Objection to Processing. You may contact us to tell us that you object to the processing of your personal information based on grounds specific to your situation if such processing is for direct marketing or is for a purpose based on a legitimate interest or public interest. If you object to processing based on legitimate or public interests, we will no longer process your personal information for these purposes unless we have compelling legitimate grounds for such processing or where the processing is otherwise lawful or required for the establishment, exercise, or defence of legal claims. To submit an objection, including objections related to the processing of your personal information for direct marketing purposes, you may send us an email at [email protected].

Opting Out of Personalized Advertising and Sale and Sharing of Data. We do not show personalized ads in the Nomadtable app and we do not sell or share personal information for cross-context behavioral advertising.

Opt-out Signals. We strive to honor opt-out preference signals where required by applicable law. When we detect an opt-out preference signal, we will make reasonable efforts to honor such opt outs for jurisdictions that require them. Please note that your opt-out preference signal might only apply to the particular browser, device, or technology that you use to opt-out. The opt-out preference signals are offered by a third party that we do not control. Please see the opt-out preference signal settings and policies for more information.

Opt-Out of Processing or Limit Use and/or Disclosure of Sensitive Personal Information. Certain categories of personal information that we collect and use might be “sensitive” under data privacy laws. Consistent with applicable law, you may have the right to limit certain uses or disclosures of your sensitive personal information or opt-out of processing of your sensitive personal information.

Please note that you may need to verify your identity and request before further action is taken. As a part of this process, you may be required to provide personal information, such as your name, state of residence, phone number, email address associated with your account, and government identification. Consistent with applicable law, you may also designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, we may require that: (i) you or your authorized agent provide a valid power of attorney, (ii) the agent provide proof that you gave the agent signed, written permission to submit the request, (iii) you verify your identity with us, and (iv) you directly confirm with us that you provided the authorized agent permission to submit the request. To appeal a refusal to take action on your request, please see the instructions in our response to your request or submit your appeal in writing by contacting [email protected] with the subject “Appeal of Consumer Rights Request.”

8. DATA RETENTION

We retain personal information for as long as needed or as permitted in light of the purpose(s) for which it was obtained and further processed and consistent with applicable law. The criteria used to determine our retention periods include:

the length of time we have an ongoing relationship with you and provide services to you, what activities you engage in on the platform (for instance, whether you host activities), and the length of time during which we may have a legitimate need to retain your personal information, such as to manage and protect our business, to address issues or defend claims that may arise,
whether there is a legal, tax, reporting, or auditing obligation to which we are subject, such as anti-money laundering requirements that requires us to keep records of your transactions for a certain period of time before we can delete them, and
whether retention is advisable in light of our legal position or to protect the safety of individuals, which includes retention that is required or prudent in accordance with applicable statutes of limitations, litigation, or regulatory investigations.

Residual Copies. Because we take measures to protect data from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.

9. INTERNATIONAL DATA TRANSFERS

As a global platform, we may transfer, store, and process your information with partners and service providers based in Europe, Asia Pacific, and North and South America, including the United States. Laws in these countries may differ from the laws applicable to your country of residence. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in these other countries may be entitled to access your personal information. Where necessary, measures have been taken pursuant to applicable data protection law, such as standard contractual clauses within Nomadtable or with the relevant third party to protect this personal data. When we transfer personal data from the EEA/UK to countries without an adequacy decision (e.g., the U.S.), we rely on the European Commission’s Standard Contractual Clauses (and the UK IDTA/Addendum, as applicable).

10. CALIFORNIA "SHINE THE LIGHT" LAW

California residents may request information about whether we disclose personal data to third parties for their direct marketing purposes. Nomadtable does not sell or share personal data with third parties for their direct marketing purposes.

If you have questions about how we handle your data, contact us at [email protected].

11. CHILDREN’S PRIVACY

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete the information promptly.

12. CHANGES TO THIS PRIVACY POLICY

We may modify this Privacy Policy at any time in accordance with applicable law. When we do, we will post the revised version within the app and on our website and update the “Last Updated” date at the top. For material changes, we may also notify you by email, in-app message, or other reasonable means. Your continued use of Nomadtable after the updated version is posted constitutes your acceptance of the revised Privacy Policy.

13. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Email: support@nomadtable.app

Mailing Address:
Nomadtable Inc.

Address: 2108 N St Ste N,

Sacramento, CA 95816
United States of America

For users in the EU/EEA:

Nomadtable Inc. is the data controller responsible for your personal data. We do not yet have an appointed EU representative under Article 27 GDPR but are in the process of designating one.

Until then, EU users may contact us directly at [email protected] for any privacy-related questions or to exercise their data rights.

You also have the right to lodge a complaint with your local supervisory authority.

This Privacy Policy is designed to be transparent about our data practices while ensuring compliance with global privacy regulations. We encourage you to read it carefully and contact us with any questions.