SOVEREIGNNOMAD

Privacy Policy

Last updated: February 2026

Data Controller

The data controller responsible for your personal data is Sovereign Media.

Overview

At Sovereign Nomad, we practice what we preach. Your privacy matters to us, and we collect only what is necessary to provide our services. This policy explains what data we collect, why, and how we protect it.

Data We Collect

  • Email address - when you subscribe to our newsletter or create an account.
  • Quiz responses - stored locally in your browser (sessionStorage). Not sent to our servers unless you create an account.
  • Payment information - processed securely by Stripe. We never store your card details.
  • Travel logs - when you use the Nomad Tax Tracker, we store your travel dates, countries, and optional notes.
  • Flag plans - when you use the Flag Theory Planner, we store your sovereignty flags including categories, countries, statuses, cost estimates, timelines, and notes.
  • Subscription data - we store your subscription status, plan type, and billing period end date. Payment details are handled exclusively by Stripe.
  • Usage analytics - anonymous page views and interactions to improve our content. No personally identifiable information is collected through analytics.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): Newsletter subscriptions, marketing communications. You may withdraw consent at any time.
  • Performance of a contract (Art. 6(1)(b) GDPR): Processing purchases, managing subscriptions, providing SaaS tool functionality.
  • Legitimate interests (Art. 6(1)(f) GDPR): Anonymous usage analytics, improving our services, fraud prevention and security.

How We Use Your Data

  • To deliver our newsletter and updates (with your consent)
  • To process purchases and manage subscriptions
  • To provide SaaS tool functionality (tax tracking, flag planning, jurisdiction comparison)
  • To improve our tools and content
  • To provide customer support

Data Retention

  • Newsletter subscriptions: Retained until you unsubscribe or request deletion.
  • Account data: Retained as long as your account is active.
  • SaaS tool data (travel logs, flag plans): Retained as long as your account is active. If you cancel your subscription, your data remains stored and is accessible if you re-subscribe. You may request permanent deletion at any time.
  • Payment records: Retained for the period required by applicable tax and accounting laws (typically 7 years).
  • Usage analytics: Aggregated anonymized data is retained indefinitely. Any identifiable analytics data is deleted within 26 months.

Third-Party Services

  • Stripe - payment processing (Stripe Privacy Policy)
  • Supabase - authentication and database
  • Vercel - website hosting

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers (Stripe, Supabase, Vercel) operate.

Where such transfers occur, we ensure they are protected by appropriate safeguards, including EU Standard Contractual Clauses (SCCs) adopted by the European Commission and the data protection certifications of our service providers. You may request further details about these safeguards by contacting us.

Cookies

We use minimal cookies for essential functionality: theme preference (localStorage), authentication session, and Stripe payment processing. We do not use tracking cookies or third-party advertising cookies.

Your Rights

Under applicable data protection law, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data.
  • Right to restriction: Request that we limit the processing of your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to file a complaint with a data protection supervisory authority.

To exercise any of these rights, please contact us. We will respond within 30 days. You can unsubscribe from our newsletter via the link in any email.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request that we delete your personal information, subject to certain exceptions.
  • Right to opt-out: We do not sell or share your personal information as defined by the CCPA/CPRA.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of personal information collected: identifiers (email address), commercial information (purchase history, subscription status), internet activity (usage analytics), and user-generated content (travel logs, flag plans).

Contact

For privacy-related questions, please use the contact information provided in our legal documentation.