Legal

Privacy Policy

Last updated: March 2026

NomadSignal ("we," "our," or "us") operates the jurisdiction intelligence platform at nomadsignal.io. This policy explains what data we collect, how we use it, and how we protect it.

We collect only what we need to provide the service. We do not sell your data. We do not use tracking cookies or third-party analytics.

What We Collect

Account information

  • Email address (required for sign-up via magic link or Google OAuth)
  • Display name (optional, provided during onboarding or via Google profile)

Platform data you create

  • Jurisdiction preferences and saved comparisons
  • Plans, tasks, milestones, and associated notes
  • Business entities (company names, jurisdictions, registration details)
  • Family member profiles (names, dates of birth, passport details, relationships)
  • Travel and presence records (countries, entry/exit dates, purpose of stay)
  • Engagement records and discussion threads with professionals
  • File uploads (documents you attach to plans or engagements)
  • Marketplace listings and inquiry messages

Automatically collected

  • Session data (authentication tokens stored in cookies)
  • Subscription tier (stored in a cookie for access control)

How We Use Your Data

  • Provide and operate the platform (jurisdiction scoring, plan tracking, compliance alerts)
  • Send transactional emails (magic link sign-in, engagement invitations, compliance alerts, notification digests)
  • Process payments and manage subscriptions
  • Generate compliance alerts based on your entities, presence records, and passport expiry dates
  • Enable collaboration between you and professionals you engage with

We do not use your data for advertising. We do not build behavioral profiles. We do not share your data with data brokers.

Where Your Data Is Stored

  • Database: PostgreSQL hosted on DigitalOcean infrastructure in the Toronto, Canada region
  • File uploads: DigitalOcean Spaces (S3-compatible object storage)
  • Email delivery: Resend (transactional emails sent from [email protected])

Third-Party Services

We share data with the following services only as needed to operate the platform:

Cookies

We use two cookies, both functional:

  • Session cookie - keeps you signed in for up to 30 days. Set on login, cleared on sign-out.
  • Tier cookie (ns-tier) - stores your subscription tier so the app can show the right features. No personal data.

We do not use tracking cookies, advertising pixels, or third-party analytics scripts.

Data Retention and Deletion

We keep your data for as long as your account is active. If you cancel your subscription, your data remains accessible in read-only mode under the free tier limits.

You can request full account deletion by emailing [email protected]. Upon deletion, we will remove your account data, plans, entities, presence records, family profiles, uploaded files, and engagement history. Some data may persist in encrypted backups for up to 30 days after deletion.

Security

  • All traffic is encrypted in transit via TLS/HTTPS
  • Database access is protected by row-level security (RLS) policies so users can only access their own data
  • Passwords are not stored (we use magic link and OAuth authentication)
  • File uploads use presigned URLs with expiring access tokens
  • Server access is restricted to a private VPN (not exposed to the public internet)

Your Rights

You can:

  • Access and export your data through the platform at any time
  • Update or correct your information in your account settings
  • Request deletion of your account and all associated data
  • Opt out of non-essential emails through notification preferences

For any of these requests, contact us at [email protected].

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or through the platform. The "last updated" date at the top reflects the most recent revision.

Contact

Questions about this policy? Email us at [email protected].

Terms of ServiceDisclaimer