1. Introduction

This Privacy Policy describes how Nomad Scout Pty Ltd ("we," "us," or "our") collects, uses, and protects information when you use our website (https://nomad-scout.com/) and mobile application (collectively, the "Service").

2. Information We Collect

2.1 Location Data (Primary Data Collection)

Location information is essential for our service to provide nearby recommendations:

• Precise GPS Coordinates: When you grant permission, we access your device's GPS to find services within your specified radius (1-10km)
• IP-Based Location: Approximate location derived from your IP address as a fallback
• Search Location History: Cached locally in your browser for up to 30 minutes to avoid repeated API calls
• Location Display: We reverse-geocode coordinates to show readable addresses (e.g., "Lima, Peru")

Important: Location data is processed client-side and cached temporarily. We do not permanently store your location history on our servers.

2.2 Usage and Technical Data

• Search Queries: Service types you search for (food, ATMs, hostels, etc.)
• Device Information: Browser type, operating system, device type, screen resolution
• Performance Data: Page load times, error logs, API response times
• IP Address: For approximate location and security monitoring
• Cache Data: Search results cached in browser localStorage for better performance

2.3 Communication Data

• Contact Forms: Email and messages submitted through our privacy request form
• Support Inquiries: Communications sent to our support email addresses

2.4 Automatically Collected Data

• Google Analytics: Anonymous usage statistics, page views, user flows
• Error Tracking: JavaScript errors and API failures for debugging
• Affiliate Tracking: When you click booking links, referral data is shared with partners

3. How We Use Your Information

Purpose	Data Used	Legal Basis (GDPR)	Retention
Provide location-based services	GPS coordinates, search queries	Consent, Legitimate Interest	30 minutes (browser cache)
Google Maps integration	Location data, place searches	Legitimate Interest	Per Google's privacy policy
AI-powered recommendations	Search patterns, location preferences	Legitimate Interest	Session-based (no permanent storage)
Performance optimization	Cache data, API response times	Legitimate Interest	6-24 hours (browser cache)
Analytics and improvements	Usage data, page views	Legitimate Interest	26 months (Google Analytics)
Customer support	Contact information, inquiries	Contract Performance	6 years (legal compliance)

4. Data Sharing with Third Parties

4.1 Google Services (Primary Integration)

4.2 Affiliate and Booking Partners

When you click booking links or make reservations, we share necessary information with:

• Hostelworld: For hostel and accommodation bookings
• Booking.com & Agoda: For hotel reservations
• Local Partners: Tour operators and activity providers

Shared data typically includes: referral source, search location, and any booking preferences. Each partner maintains their own privacy policy.

4.3 Form Processing Services

• Formspree: Processes privacy requests and contact form submissions
• Data shared: Email addresses and message content submitted through forms

4.4 Infrastructure and Security

• Render (Hosting): US-based hosting for our web application
• Content Delivery Networks: For faster global access to our Service
• Security Services: DDoS protection and traffic analysis

5. AI Processing and Automated Decision-Making

We use artificial intelligence to enhance your experience:

• Review Summarization: NLP analysis of Google Places reviews to extract key insights
• Price Estimation: AI analysis of reviews and images to estimate service costs
• Recommendation Ranking: Bayesian scoring algorithms to rank results by quality
• Route Optimization: Automated walking route calculations using OSRM and GraphHopper

These AI systems process data client-side when possible and do not make decisions that significantly affect your legal rights.

6. Data Retention and Storage

Data Type	Storage Location	Retention Period	Reason
Search Results Cache	Your browser (localStorage)	30 minutes	Performance optimization
Location History	Your browser (sessionStorage)	Session duration	Avoid repeated location requests
Place Details Cache	Your browser (localStorage)	6 hours	Reduce API costs
Route Cache	Your browser (localStorage)	12 hours	Faster route display
Analytics Data	Google Analytics servers	26 months	Service improvement and compliance
Contact Form Data	Formspree servers	As per your request	Privacy request processing
Server Logs	Render hosting platform	30 days	Security and debugging

7. Your Privacy Rights and Controls

7.1 Location Data Controls

• Browser Permissions: Deny GPS access in your browser settings
• Cache Clearing: Clear browser data to remove cached searches
• Private Browsing: Use incognito mode to prevent local data storage

7.2 Legal Rights (GDPR/CCPA)

Depending on your location, you may have these rights:

• Access: Request information about data we've processed
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your data
• Portability: Receive your data in a portable format
• Objection: Object to processing for legitimate interests
• Withdraw Consent: For location tracking and analytics

8. Data Security Measures

We implement multiple layers of security protection:

• Encryption in Transit: All data transmitted via HTTPS/SSL
• API Security: Secure Google Maps API keys with domain restrictions
• Minimal Data Storage: Most data cached client-side, not on servers
• Third-Party Security: Rely on Google, Render, and Formspree security practices
• Regular Updates: Security patches applied promptly
• Access Controls: Restricted server access and authentication

Limitation: No security system is 100% secure. We cannot guarantee absolute protection of data transmitted over the internet.

9. International Data Transfers

Your data may be processed in multiple countries:

• Australia: Primary business operations and legal compliance
• United States: Google services, Render hosting, Formspree processing
• European Union: Some affiliate partners and CDN services

Transfers outside Australia are protected by:

• Google's global privacy certifications and Standard Contractual Clauses
• Render's SOC 2 compliance and privacy safeguards
• Our data processing agreements with service providers

10. Cookies and Tracking Technologies

We use various tracking technologies:

• Essential Cookies: Google Maps functionality, session management
• Analytics Cookies: Google Analytics for usage statistics
• Local Storage: Browser caching for performance optimization
• Affiliate Tracking: Referral tracking for booking commissions

For detailed information, see our Cookie Policy.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete the information immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements:

• Material Changes: 30 days notice via website announcement
• Technical Updates: Posted immediately with updated date
• Legal Compliance Changes: Effective immediately when required

Continued use of our Service after changes constitutes acceptance of the updated policy.

13. Contact Information and Data Protection

For privacy-related inquiries and requests:

Privacy Officer: privacy@nomad-scout.com
Data Protection Officer: dpo@nomad-scout.com
General Inquiries: admin@nomad-scout.com

14. Regulatory Compliance

This Privacy Policy complies with:

• EU General Data Protection Regulation (GDPR) for European visitors
• California Consumer Privacy Act (CCPA) for California residents
• Google Maps Platform Terms of Service and privacy requirements