Your Privacy is Our Priority: NomadCore is designed to work fully offline. Your data stays on your device by default. Cloud backup is optional and only activated when you create an account.
1. Data Collection
NomadCore is designed with privacy at its core. The app works fully offline by default, storing all data locally on your device. We do not sell your data or use it for advertising.
Optional Account: If you choose to create an account for backup and sync, your data is securely stored using Supabase (our cloud database provider). This is entirely optional—the app functions fully without an account.
2. Local Storage
All your data is stored locally on your device using secure storage methods, including:
- Emergency contacts (ICE contacts) — always local-only, never uploaded
- Inventory items (PackMind)
- Location preferences
- Custom procedures
- Personal profile information (may include medical details such as blood type, allergies, and medications)
- Emergency plans
- Weather locations
- Radio frequency favorites and morse code progress
- Trip plans and saved locations
- Journal entries
If you create an account, most of this data (except contacts — see Section 3) is also backed up to your private cloud storage for sync and recovery purposes. See Section 4 for details on cloud storage.
3. Permissions
NomadCore may request the following permissions:
- Location: Used for weather updates, disaster risk assessment, finding nearby emergency resources, and optional family location sharing. When these features are used, your coordinates are sent to third-party services (see Section 4). Location data is never stored or shared for advertising purposes.
- Contacts: Used only to let you quickly select emergency contacts from your address book for your preparedness plan. Your contacts are never uploaded to our servers or any third party. Contact data stays entirely on your device and is excluded from cloud backup.
- Storage: Required to save your data locally on your device.
- Camera: Used for scanning documents and QR codes in emergency plan sharing (optional features).
- Phone: To enable quick dialing of emergency contacts and 911.
- Notifications: Used for family group alerts and emergency notifications. If enabled, a device push token is registered with Expo's push notification service (see Section 4).
4. Third-Party Services
When online, NomadCore may connect to the following services. No personal information beyond what is listed is shared with any of these providers.
Cloud Storage & Authentication
- Supabase: For optional account backup, sync, and family sharing (only if you create an account). Stores your email, display name, and backed-up app data. Family sharing data (inventories, plans) is encrypted on your device using a shared group key before upload — Supabase stores the encrypted data but cannot access the plaintext. Bulletin posts and group messages are stored unencrypted. All data is protected by row-level security scoped to your account. Supabase does not use your data for any other purpose.
Weather & Environmental Data
- Open-Meteo: For weather forecasts and air quality data. Only your location coordinates are sent; no API key or personal information is included.
- NOAA / National Weather Service: For severe weather alerts. Your location coordinates are sent to determine your alert zone.
Maps & Geocoding
- OpenStreetMap / Nominatim: For map tiles and address-to-coordinate lookups. Your search queries or coordinates are sent as URL parameters. No personal information is included.
- U.S. Census Bureau: For county and state identification from coordinates. Only location coordinates are sent.
- MapTiler: For offline map tile downloads (legacy; being replaced by OpenStreetMap). No personal data is sent beyond tile coordinates.
Notifications
- Expo Push Notification Service: If you enable notifications, a device push token is sent to Expo's servers to deliver family group alerts. Notification content (which may include display names or alert details) passes through Expo's infrastructure.
Crash Reporting
- Sentry: In production builds, crash reports are sent to Sentry to help us fix bugs. This may include your user ID, email, device information, and error details. Sensitive fields (passwords, tokens, API keys) are automatically redacted before sending. Sentry data is used solely for debugging and is not shared with any other party.
Subscription Management
- RevenueCat: For in-app subscription and purchase management. RevenueCat receives an anonymous app user ID (your Supabase account ID, not your email or name), purchase receipts from Apple or Google, and basic device information. RevenueCat does not receive your email address, display name, or any app content. Data is used solely to manage subscription entitlements. See RevenueCat's Privacy Policy.
Other
- OpenMHz: For radio scanner system data. No personal information is sent.
- Google: A connectivity check (no data sent beyond a standard HTTP request) is used to determine if your device is online.
5. Data Sharing
We never share, sell, or transmit your personal data to third parties for marketing or advertising. Your information stays on your device unless:
- You create an account (data syncs to Supabase for backup — see Section 4)
- You use weather, maps, or geocoding features (location coordinates are sent to the providers listed in Section 4)
- You join a family group (group membership, bulletin posts, and shared data are stored in Supabase; shared inventories and plans are encrypted on your device before upload)
- You enable push notifications (device token and notification content pass through Expo's servers)
- The app encounters an error in production (crash data is sent to Sentry — see Section 4)
- You explicitly export data (such as sharing emergency plans via QR code with trusted contacts)
6. Data Security
We take multiple steps to protect your data:
- Local storage: Data on your device is protected by your device's built-in security measures. Sensitive tokens are stored in your device's secure keychain/keystore.
- Cloud storage: All cloud data is protected by row-level security (RLS), ensuring only you can access your own records. Family-shared inventories and plans are encrypted on your device using AES-256 before upload — Supabase stores the encrypted data but cannot access the plaintext, as encryption keys never leave your device. Personal cloud backups are encrypted with a key derived from your password.
- Crash reports: Sensitive fields (passwords, tokens, API keys, credit card numbers) are automatically redacted before crash reports are sent.
We recommend using device lock screens and keeping your operating system updated.
7. Data Deletion
You have complete control over your data. You can delete all your data at any time through:
Settings > Data Management > Delete All Data
Or by uninstalling the app, which removes all locally stored data.
8. Your Rights
You have the following rights regarding your personal data:
General Rights
- Right to access your data: You can view all data stored in the app at any time through the Settings menu.
- Right to correct inaccurate data: You can edit any information directly within the app.
- Right to delete your data: You can delete all app data through Settings > Data Management > Delete All Data, or by uninstalling the app.
- Right to data portability: You can export your data at any time through the app's export function.
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know: You have the right to know what personal information we collect, use, and disclose.
- Right to delete: You have the right to request deletion of your personal information.
- Right to opt-out: We do not sell your personal information to third parties. This right does not apply because we do not engage in such practices.
EU Residents (GDPR)
If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to access: You have the right to obtain confirmation that we are processing your data and to access that data.
- Right to rectification: You have the right to correct inaccurate personal data.
- Right to erasure: You have the right to request deletion of your personal data.
- Right to restrict processing: You have the right to request that we restrict processing of your personal data under certain circumstances.
- Right to data portability: You have the right to receive your personal data in a structured, commonly used format.
- Right to object: You have the right to object to processing of your personal data under certain circumstances.
How to Exercise Your Rights
To exercise any of these rights, or if you have questions about your data, please contact us at:
Email: support@nomad-core.com
We will respond to your request within 30 days.
9. Analytics and Tracking
NomadCore respects your privacy by minimizing data collection:
- No advertising or behavioral tracking in the mobile app. The app does not include Facebook Pixel, ad SDKs, or any behavioral analytics. We do not build user profiles or track your activity for marketing purposes.
- Crash reporting (Sentry): In production builds, the app sends crash reports to Sentry to help us identify and fix bugs. These reports may include your user ID, email, device information, and error details. Sensitive data is automatically redacted. Crash data is used solely for debugging.
- Basic usage events: If you create an account, the app records basic events — such as login, backup, restore, accessibility settings, data migrations, update checks, and feature usage — to your private account record in Supabase. This data is not shared with any third party and is only accessible to you and our support team for troubleshooting.
- Website analytics: The nomad-core.com website uses Google Analytics 4 (GA4) to collect anonymous usage statistics such as page views, referral sources, and general visitor demographics. No personally identifiable information is collected by GA4 on our website. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
10. Children's Privacy
NomadCore does not knowingly collect information from children under 13. The app is designed for general audiences interested in emergency preparedness. If a child uses NomadCore under parental supervision, the parent or guardian is responsible for the child's use and any data entered.
11. Changes to This Policy
We may update this privacy policy from time to time. Check the "Last Updated" date at the top of this page for the latest version. Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact Information
NomadCore is developed by Lost Pines Creative LLC. For privacy concerns or questions, please contact us:
- Email: support@nomad-core.com
- Website: nomad-core.com
Be Prepared. Stay Safe. Live Free.