Privacy Policy

NomadPilot ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at www.nomadpilot.app.

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

2.1 Information You Provide

• Account data: name, email address, password
• Profile data: nationality, passport country, travel preferences, loyalty programme numbers
• Booking data: passenger names, dates of birth, passport numbers, contact details
• Communications: messages sent to our support team or through Maya (our AI assistant)

2.2 Information Collected Automatically

• Usage data: pages visited, searches performed, features used, session duration
• Device data: browser type, operating system, IP address, device identifiers
• Location data: approximate location inferred from IP address (not precise GPS)

2.3 Information from Third Parties

• Authentication providers: if you sign in with Google, we receive your name and email
• Booking partners: Duffel Technologies may share booking confirmation and ticket data

We use the information we collect to:

• Create and manage your account
• Process flight bookings and send confirmation emails
• Power our AI assistant (Maya) to generate personalised travel plans
• Check visa and entry requirements relevant to your passport and destination
• Send trip alerts, disruption notifications, and operational updates
• Improve our AI models and platform features using anonymised or aggregated data
• Detect fraud and ensure platform security
• Comply with legal obligations
• Send marketing communications where you have consented

For users in the EEA and UK, our legal bases for processing are:

• Contract performance: processing necessary to fulfil your bookings
• Legitimate interests: improving our platform, fraud prevention, security
• Consent: marketing communications and non-essential cookies
• Legal obligation: compliance with applicable laws and regulations

We do not sell your personal data. We share it only in these circumstances:

• Duffel Technologies Ltd: to fulfil flight bookings. Passenger data is shared as required to complete bookings with airlines.
• Airlines: passenger data shared as required to issue tickets.
• Supabase: our database and authentication infrastructure provider (hosted in EU).
• AI providers: we use Google Gemini to power AI features. Prompts may include travel preferences but avoid sensitive personal identifiers.
• Legal compliance: where required by law, regulation, or valid legal process.

We retain your personal data for as long as your account is active or as needed to provide our services. Booking and passenger data is retained for 7 years to comply with financial and legal record-keeping obligations. You may request deletion of your account data at any time (see Section 9).

Your data may be transferred to and processed in countries outside your country of residence, including the United States and United Kingdom. Where we transfer data from the EEA, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

We use the following types of cookies:

• Essential cookies: required for authentication and core platform functionality
• Analytics cookies: help us understand how the Platform is used (with your consent)
• Preference cookies: remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

Depending on your location, you may have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your personal data
• Portability: receive your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: withdraw previously given consent at any time

To exercise any of these rights, contact us at privacy@nomadpilot.app. We will respond within 30 days.

We implement industry-standard technical and organisational measures to protect your personal data, including encryption at rest and in transit, access controls, and regular security reviews.

NomadPilot is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or prominent notice on the Platform.

For privacy-related queries, contact us at:

privacy@nomadpilot.app