Privacy Policy

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

• Email Address: When you sign up to receive the free Sample Material or submit feedback (optionally), we collect your email address. We elaborate further on this in our Terms of Service and in the upcoming sections of this Privacy Policy.

Usage Data & Technical Information

• Log Data & Analytics: We may collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address (which may be anonymized or truncated by our analytics provider), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics. We use Google Analytics for this purpose. Google Analytics uses cookies to help us analyze how users use the site. You can learn more about Google's practices at https://policies.google.com/privacy.
• reCAPTCHA Data: We use Google reCAPTCHA v2 on our forms to prevent spam and abuse. This service collects hardware and software information, such as device and application data, and sends it to Google for analysis. The information collected is used for improving reCAPTCHA and for general security purposes. It is not used for personalized advertising by Google. Your use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Use.
• Rate Limiting Data: We use Upstash Redis for rate limiting API requests to protect our service. This involves processing your IP address temporarily to count requests within a specific time window. This data is typically ephemeral and used solely for security purposes.

Cookies

We use cookies and similar tracking technologies to enhance user experience, analyze website usage, and ensure security. Cookies are small files stored on your device. We use:

• Necessary Cookies: Essential for website functionality (e.g., reCAPTCHA).
• Analytics Cookies: Used by Google Analytics for usage statistics.

By using our website, you consent to the use of cookies unless explicitly disabled in your browser settings. You can manage or withdraw consent for non-essential cookies by adjusting your browser settings. Note that disabling cookies may affect functionality.

Use of Data

Tech Nomad uses the collected data for various purposes:

• To provide and maintain our Service
• To provide the Sample Material you requested
• To notify you about changes to our Service
• To notify you about the full Rulebook availability
• To provide customer support (e.g., responding to feedback)
• To gather analysis or valuable information so that we can improve our Service
• To monitor the usage of our Service
• To detect, prevent and address technical issues and abuse (spam, security threats)

Legal Basis for Processing Personal Data (GDPR)

Under GDPR, we rely on the following legal bases for processing personal data:

• Performance of a Contract: To provide services requested by you (e.g., delivering product materials).
• Consent: For activities such as sending promotional emails (you may withdraw consent at any time).
• Legitimate Interests: For analytics, security measures (e.g., rate limiting), and improving our services.
• Legal Obligation: To comply with applicable laws (e.g., tax or fraud prevention).

Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Data Transfer

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside Europe and choose to provide information to us, please note that we transfer the data, including Personal Data, to Europe and process it there.

If we transfer personal data outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place as required by GDPR. This includes Standard Contractual Clauses (SCCs) or ensuring third-party providers comply with equivalent privacy standards. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Disclosure of Data - Service Providers

We employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclosure or use it for any other purpose.

• Supabase: For database hosting (storing email addresses). Supabase Privacy Policy
• Resend: For sending transactional emails (welcome email). Resend Privacy Policy
• Google (Analytics & reCAPTCHA): For website analytics and protection. Google Privacy Policy
• Vercel: For website hosting and Blob storage (PDF sample). Vercel Privacy Policy
• Upstash: For Redis-based rate limiting. Upstash Privacy Policy
• Google Sheets (via Service Account): For storing feedback submissions. Access is restricted via service account credentials.

Third-Party Providers & Compliance

All third-party providers we use comply with GDPR or equivalent standards. For example:

• Google Analytics anonymizes IP addresses before storage.
• Supabase operates within GDPR-compliant frameworks.
• Upstash Redis processes IP addresses temporarily and deletes them after rate-limiting purposes.

We have signed Data Processing Agreements (DPAs) with these providers where required.

Security of Data

We implement robust security measures, including:

• HTTPS encryption for all website traffic.
• Secure storage of credentials using environment variables.
• Regular vulnerability assessments and updates.

While no system is entirely secure, we continuously improve our practices based on industry standards.

Your Data Protection Rights (GDPR/CCPA Example)

Depending on your location, you may have certain data protection rights.Tech Nomad aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us at Business.Nomad.Tech@gmail.com. In certain circumstances, you have the following data protection rights:

• Right of Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
• Right to Erasure: You have the right to request that we delete your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization or directly to you, under certain conditions.
• Right to Object: You have the right to object to our processing of your personal data, under certain conditions.

Please note that we may ask you to verify your identity before responding to such requests.

Children's Privacy

Our Service does not knowingly collect personal data from individuals under 16 years old without parental consent. If you are a parent or guardian aware that your child has provided us with personal data without consent, please contact us immediately at Business.Nomad.Tech@gmail.com. If we become aware that we have collected Personal Data from children under 16 without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By email: Business.Nomad.Tech@gmail.com