Privacy Policy

Last updated: June 27, 2026

This policy explains what Nowhere Yet (operated by Maister, LLC) collects, why, and what choices you have. We aim to collect only what we need to run the Service, and we don’t sell your personal data.

What we collect

  • Account data — your username, your email address (if you provide one), and a securely hashed password. We never store your password in plain text.
  • Trip content — the trips, regions, stays, lodging, activities, notes, and checklists you create, and who you share them with.
  • AI assistant data — when you use the AI features, the messages you send and the relevant trip context are processed by our AI provider to generate responses.
  • Billing data — if you subscribe, payments are handled by our payment provider. We receive your plan and billing status; we do not receive or store your full card details.
  • Technical & usage data — standard server logs (such as IP address and request metadata) and anonymous error and performance monitoring, used to keep the Service secure and working.

How we use it

To provide and maintain the Service, authenticate you, power the features you use (including AI and sharing), process payments, prevent abuse and secure the Service, respond to support requests, and comply with our legal obligations.

Cookies and local storage

We use only strictly-necessary cookies — the kind that don’t require consent because the Service can’t function without them:

  • a session cookie that keeps you logged in;
  • a security (CSRF) cookie that protects your requests;
  • short-lived cookies used only during sign-up and third-party sign-in.

We also use first-party error and performance monitoring (via Grafana Faro) that may store a small amount of data in your browser to diagnose problems and keep the site fast. This is our own operational telemetry — we do not use advertising cookies, cross-site trackers, or third-party analytics, and we don’t track you across other websites. Because of that, there’s no consent banner to click; this notice is purely informational.

You can clear cookies and site data at any time through your browser settings. Clearing the session cookie simply logs you out.

Who we share it with

We share data only with service providers that help us run Nowhere Yet, under agreements that limit them to that purpose:

  • Anthropic — powers the AI assistant (processes your AI messages and the relevant trip context).
  • Polar — payments and subscription management.
  • Fly.io — application hosting and data storage.
  • Grafana — error and performance monitoring.
  • Google — only if you choose “Sign in with Google.”
  • Resend — delivers transactional email such as verification and invitation messages, and handles inbound mail to our contact address.

We may also disclose data if required by law, or to protect the rights, safety, and security of our users, the public, or Nowhere Yet. We do not sell your personal data.

Data retention

We keep your account and trip data for as long as your account is active. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we need to retain certain records — for example billing and transaction records, or security and abuse logs — to comply with applicable laws, resolve disputes, and enforce our agreements. Backups are purged on a rolling schedule.

Your choices and rights

You can view and edit most of your information in the app, and you can delete your account at any time. To request a copy of your data or ask a privacy question, contact us at contact@nowhereyet.com.

EEA, UK, and similar jurisdictions: where data protection law (such as the GDPR or UK GDPR) applies, you have rights to access, correct, delete, restrict, or object to our processing of your personal data, and to data portability. Our legal bases for processing are performance of our contract with you (providing the Service), your consent (where applicable), and our legitimate interests in operating, securing, and improving the Service. You also have the right to lodge a complaint with your local supervisory authority. Your data may be processed in the United States, where privacy laws may differ from your own.

Security

We use reasonable technical and organizational measures to protect your data, including password hashing, encrypted connections, and access controls. No system is perfectly secure, so we can’t guarantee absolute security — keep your own copies of anything important.

Children

The Service isn’t directed to children under 13 (or the minimum age of digital consent where you live), and we don’t knowingly collect their personal data. If you believe a child has given us personal data, contact us and we’ll remove it.

Changes

We may update this policy from time to time. We’ll revise the “Last updated” date above and, for material changes, give notice in the app.

Contact

Questions about your privacy? Reach us at contact@nowhereyet.com.

← Back to the app