NomadPath · Legal
Privacy Policy
Last Updated: January 20, 2025
Nomad Path ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our hunting and fishing intelligence platform, including our website, mobile applications, and related services (collectively, the "Service").
By using Nomad Path, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, username, password, full name, and primary state of residence
- Profile Data: Avatar/profile photo, experience level, preferred activities (hunting/fishing), profile visibility settings, and subscription tier
- Trip Information: Trip plans, planned dates, duration, target locations, species targeted, equipment checklists, participant information, and completed trip reports
- Hunting Preferences: Tag tracking data, species of interest, hunting zone preferences, season alerts, and license information you choose to store
- Fishing Preferences: Favorite water bodies, fish species preferences, stocking alert preferences, and fishing location history
- User-Generated Content: Posts, comments, photos, ratings, trip logs, and other content you share on our community features
- Alert Preferences: Tag availability alerts, fishing stocking notifications, season opening/closing updates, and weather alerts
- Payment Information: Billing address and payment method details (processed securely through Stripe; we do not store full card numbers)
1.2 Information Collected Automatically
- Usage Data: Pages viewed, features used, search queries, filters applied, maps viewed, and interaction patterns
- Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution
- Location Data: Approximate location based on IP address for state/county-based recommendations; precise GPS location only with explicit permission for map features
- Cookies and Tracking: Session cookies for authentication, preference cookies for settings, and analytics cookies for service improvement
- Log Data: Server logs including access times, error logs, and referring URLs
1.3 Information from Third Parties
- State Wildlife Agencies: Public hunting season data, tag/license availability, regulations, and fishing stocking reports from Michigan DNR, Minnesota DNR, North Dakota Game and Fish, South Dakota Game Fish and Parks, and Wisconsin DNR
- Mapping Services: Geographic boundary data, hunting zone polygons, water body locations, and topographic information from OpenStreetMap and similar providers
- Weather Services: Current conditions, forecasts, and weather alerts from third-party weather data providers
- Authentication Providers: Basic profile information if you choose to sign in through third-party services (e.g., Google)
2. How We Use Your Information
- Provide and Maintain Service: Account management, trip planning tools, interactive maps, tag tracking, and all platform features
- Personalized Content: Customized alerts for tags, stocking events, and seasons in your selected states and counties
- Location-Based Recommendations: Suggest relevant hunting zones, water bodies, and opportunities based on your location preferences
- Weather Integration: Provide weather forecasts and conditions for your planned trip locations
- Communications: Service updates, subscription notifications, alert deliveries, and important announcements
- Community Features: Display your posts, comments, and ratings to other users (based on your visibility settings)
- Analytics and Improvements: Understand usage patterns, identify bugs, and enhance our Service
- Security: Detect fraud, prevent abuse, enforce terms of service, and protect user safety
- Legal Compliance: Comply with applicable laws, regulations, and legal processes
- Marketing: Send promotional content about new features or services (you can opt-out at any time)
3. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
We may share your information in the following limited circumstances:
- With Your Consent: When you explicitly authorize sharing
- Public Content: Posts, comments, trip reports, and ratings you make public are visible to other users based on your privacy settings
- Service Providers: Trusted third-party vendors who assist with hosting (Vercel), database services (Supabase), email delivery, payment processing (Stripe), error monitoring (Sentry), and analytics - all bound by confidentiality agreements
- Business Transfers: In connection with mergers, acquisitions, bankruptcy, or asset sales, with notice to affected users
- Legal Requirements: To comply with valid legal processes, court orders, subpoenas, or governmental requests
- Safety and Security: To protect rights, property, or safety of Nomad Path, our users, or the public; to investigate potential violations of our terms
- Aggregated/De-identified Data: Anonymized, aggregated statistics that cannot reasonably identify you (e.g., "X% of users fish for walleye")
4. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our Service:
- Essential Cookies: Required for authentication, security, and basic functionality - cannot be disabled
- Preference Cookies: Remember your settings, selected states, and display preferences
- Analytics Cookies: Help us understand how users interact with our Service to make improvements
Managing Cookies: You can control cookies through your browser settings. Disabling certain cookies may limit functionality of the Service.
Do Not Track: Our Service does not currently respond to "Do Not Track" browser signals. However, you can opt out of analytics tracking by contacting us.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit (HTTPS/TLS 1.3) and at rest (AES-256)
- Secure authentication with bcrypt-hashed passwords
- Row-level security policies in our database
- Regular security audits and vulnerability assessments
- Access controls limiting employee access to personal data on a need-to-know basis
- Secure cloud infrastructure with redundancy, backups, and disaster recovery
- Rate limiting and abuse prevention mechanisms
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot guarantee absolute security.
Data Breach Notification: In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of discovery via email and prominent notice on our Service, as required by applicable law.
6. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of your personal information we hold
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and personal data
- Portability: Receive your data in a structured, machine-readable format (JSON)
- Opt-Out: Unsubscribe from marketing emails or disable certain data collection
- Restrict Processing: Limit how we use your information in certain circumstances
- Object: Object to certain types of processing
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time
To exercise these rights, please contact us at privacy@nomadpath.net or use the account deletion feature in your account settings. We will respond within 30 days (or sooner as required by law).
7. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
Categories of Information Collected: Identifiers (name, email), commercial information (subscription history), internet activity (usage data), geolocation data, and inferences drawn from this information.
To submit a CCPA request, email privacy@nomadpath.net with "CCPA Request" in the subject line. We may need to verify your identity before processing your request.
8. Automated Decision-Making
We use automated processes to provide personalized recommendations and alerts:
- Alert Matching: Automatically match tag availability and stocking reports to your preferences
- Location Recommendations: Suggest hunting zones and water bodies based on your selected states and past activity
- Content Personalization: Display relevant seasons and opportunities based on your interests
These automated processes do not make decisions that produce legal effects or similarly significant effects on you. You can adjust your preferences at any time in your account settings.
9. Data Retention
We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:
- Account Data: Retained while your account is active; deleted within 90 days of account deletion request
- Trip Data: Retained as long as you maintain your account; deleted with account
- Alert Preferences: Retained while your account is active; deleted with account
- Posts and Content: Retained unless you delete them or request account deletion
- Analytics Data: Individual data deleted after 24 months; aggregated data may be retained indefinitely
- Payment Records: Retained for 7 years for tax, legal, and audit compliance
- Security Logs: Retained for 12 months for security and fraud prevention
10. Children's Privacy
Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@nomadpath.net. We will promptly delete such information from our systems.
Users between 13 and 18 years of age may use the Service only with parental or guardian consent and supervision.
11. International Data Transfers
Our Service is hosted in the United States and is intended primarily for users in Michigan, Minnesota, North Dakota, South Dakota, and Wisconsin. If you are accessing our Service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States where data protection laws may differ from your jurisdiction.
By using our Service, you consent to the transfer of your information to the United States. We will take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
- Posting the new Privacy Policy on this page with a new "Last Updated" date
- Sending an email notification to your registered email address for significant changes
- Displaying a prominent notice on our Service
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Inquiries: privacy@nomadpath.net
General Support: customer.service@nomadpath.net
We will acknowledge your inquiry within 5 business days and aim to respond substantively within 30 days.
Review our Terms of Service