Privacy Policy

Last updated: February 2026

Nomad State FZCO ("we," "us," or "our") operates the website nomadstate.org and the products described below. This Privacy Policy explains what information we collect, how we use it, and what choices you have.

By using any of our products or visiting our website, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account or sign in through Google OAuth, we may collect your name, email address, and profile picture. This information is used to identify your account and provide you with access to our products.

1.2 Product-Specific Data

Community Manager

When you use Community Manager, we collect and process the following data:

• Discord and/or Telegram server information and message content necessary to provide moderation and AI response services
• Knowledge base content you upload to train the AI agent
• Usage analytics (message volumes, response times, escalation rates)
• Payment information processed securely through Stripe (we do not store your full card details)

Stop the Spam

When you use Stop the Spam, we access the following through Google OAuth:

• Gmail metadata (sender addresses, subject lines, email headers) needed to identify newsletters and promotional senders
• We do not read the body content of your emails
• Filter and unsubscribe preferences you set within the tool

Nomad Ops

When Nomad Ops launches, it may collect:

• Location data (with your explicit permission) to provide location-based recommendations
• Preference and check-in data you enter within the app

1.3 Automatically Collected Information

When you visit our website or use our products, we may automatically collect:

• IP address and approximate location
• Browser type and operating system
• Pages visited, time spent, and referral source
• Device identifiers

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve our products
• Process payments and manage subscriptions
• Send transactional emails (receipts, account notifications)
• Respond to support requests
• Detect and prevent fraud or abuse
• Comply with legal obligations

We do not sell your personal information to third parties.

3. Third-Party Services

We use the following third-party services to operate our products. Each has its own privacy policy governing how they handle your data:

• Stripe — Payment processing. Stripe collects and stores payment card details on our behalf. See Stripe's Privacy Policy.
• Supabase — Database and authentication infrastructure. See Supabase's Privacy Policy.
• Vercel — Website and application hosting. See Vercel's Privacy Policy.
• Google OAuth — Authentication for user sign-in. See Google's Privacy Policy.

4. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in to your account
• Remember your preferences
• Understand how our products are used (analytics)

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our products.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete or anonymize your personal data within 30 days, unless we are required to retain it for legal or compliance purposes.

Payment records are retained as required by applicable tax and financial regulations.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 GDPR Rights (European Economic Area)

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your personal data
• Portability — Request your data in a portable format
• Restriction — Request that we limit processing of your data
• Objection — Object to processing based on legitimate interests

6.2 CCPA Rights (California Residents)

• Right to Know — Request what personal information we collect and how it is used
• Right to Delete — Request deletion of your personal information
• Right to Opt-Out — We do not sell personal information, so this right is automatically satisfied
• Non-Discrimination — We will not discriminate against you for exercising your rights

To exercise any of these rights, contact us at hello@nomadstate.org. We will respond within 30 days.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. International Data Transfers

Nomad State FZCO is based in Dubai, UAE. Your data may be processed and stored in locations outside your country of residence, including the United States (where our infrastructure providers operate). We ensure appropriate safeguards are in place for any international transfers of personal data.

9. Children's Privacy

Our products are not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date above. Your continued use of our products after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Nomad State FZCO
Dubai Silicon Oasis, DDP, Building A1
Dubai, UAE
Email: hello@nomadstate.org