跳到主要内容
NomadGrid

Privacy Policy

最后更新: 2026年5月18日

Ryo Takamatsu (“we”) operates NomadGrid. This policy explains what personal data we collect, how we use it, and the rights you have under GDPR, the Japanese Act on the Protection of Personal Information (APPI), and similar laws.

1. Data We Collect

  • Account: email address, hashed password (via Supabase Auth), optional profile details.
  • Billing: handled by Stripe — we receive customer ID, plan tier, subscription status, and country for tax calculation. We do not receive full card numbers.
  • Usage: product analytics via PostHog (anonymized events, city views, clicks) and error telemetry via Sentry (no IP or headers by default).
  • AI Advisor inputs: queries you send are processed by OpenAI under their data-processing terms. Conversations are stored for up to 90 days to improve the service.

2. Legal Basis (GDPR)

  • Contract — to provide paid features and process payments.
  • Legitimate interest — for security, fraud prevention, and aggregated analytics.
  • Consent — for optional cookies (analytics, marketing) where applicable.

3. Sub-processors

We share data with the following service providers:

  • Supabase (database, auth) — US / EU
  • Vercel (hosting) — global edge
  • Stripe (payments) — US / EU
  • Resend (transactional email) — US
  • PostHog (analytics) — EU
  • Sentry (error tracking) — US
  • OpenAI (AI Advisor) — US

4. International Transfers

Data may be transferred outside your country (e.g. to the US). We rely on Standard Contractual Clauses (SCCs) for EU data transfers.

5. Retention

  • Account data: until account deletion.
  • Billing records: 7 years (tax law requirement).
  • Analytics events: 12 months.
  • AI Advisor queries: 90 days.

6. Your Rights

You may request access, correction, deletion, portability, or objection to processing by emailing privacy@nomadgrid.app. We respond within 30 days. EU residents may also lodge a complaint with their supervisory authority.

7. Cookies

The following cookies and similar storage technologies are used:

  • Strictly necessary: sb-* (Supabase auth session), NEXT_LOCALE (language preference), ng-consent (this consent record). Cannot be disabled.
  • Analytics (consent required): PostHog cookies for anonymous product analytics and 50% sampled session replays. Loaded onlyafter you accept “Product analytics” in our cookie banner.
  • Error tracking (legitimate interest): Sentry sends stack traces and breadcrumbs when errors occur. No cookies are set; IPs and headers are stripped by default.

How to withdraw consent

Open the cookie banner again by clearing site data in your browser, or email privacy@nomadgrid.app to request analytics opt-out. We honor “Do Not Track” and Global Privacy Control (GPC) headers as a Reject signal.

8. Children

The Service is not directed at users under 16.

9. Changes

Material changes will be notified by email or in-app at least 14 days in advance.

10. Contact

Data controller: Ryo Takamatsu, disclosed on request. Contact: privacy@nomadgrid.app.