NomadFi is an AI-powered personal finance and travel application. We are committed to protecting your privacy in compliance with the UAE Personal Data Protection Law (PDPL), the EU General Data Protection Regulation (GDPR), and other applicable international data protection laws.
We collect: (a) Account information — email address, name when you register; (b) Financial data — expenses, budget settings, loan details you enter; (c) Usage data — screens viewed, features used, for improving the app; (d) Device data — browser type, IP address for security purposes. We do NOT collect: bank account numbers, credit card numbers, passwords (stored as secure hashes only).
Your data is used to: provide the app's features (expense tracking, budget planning, AI assistance); improve and personalise your experience; send transactional emails (verification, password reset); ensure security and prevent fraud. We never sell your data to third parties. We never use your data for advertising.
All data is stored in Supabase (PostgreSQL) with AES-256 encryption at rest and TLS 1.3 in transit. Row Level Security ensures you can only access your own data. API keys and secrets are never exposed to the client. We use rate limiting to prevent abuse.
Your data is stored securely on Supabase (AWS ap-southeast-2, Sydney). AI features use Anthropic Claude API. Currency rates from ExchangeRate-API and Frankfurter. We do not sell your data to third parties.
We use: Supabase (authentication and database — hosted in EU), Anthropic Claude API (AI features — no user data stored by Anthropic), Frankfurter API (currency rates — no personal data sent), Vercel (hosting — EU/US infrastructure). Each provider has their own privacy policy and data protection commitments.
You have the right to: Access your personal data at any time; Correct inaccurate data; Delete your account and all associated data ("right to be forgotten"); Export your data in a portable format; Withdraw consent at any time; Lodge a complaint with your national data protection authority. To exercise any right, contact us at privacy@nomadfi.app
We retain your data as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days. Anonymised usage statistics may be retained for analytics.
NomadFi is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us immediately.
We will notify you of significant changes via email or in-app notification at least 30 days before changes take effect.
For privacy questions or to exercise your rights: Email: privacy@nomadfi.app. We aim to respond within 5 business days as required by UAE PDPL.