Privacy Policy

Nomad Key · Last updated: May 11, 2026 · Version 1.0

One-line summary Nomad Key does not collect, store, or transmit any personal data. Your stays, addresses, and access codes live only on your iPhone.

1. Who we are

Nomad Key (hereinafter, "the App") is developed and operated by Ingeniería.dev, led by Chris Flores (hereinafter, "we", "the Developer").

Contact: christian@irack.mx
Address: Av. Javier Barros Sierra 495, Santa Fe Lomas de Santa Fe Zedec Santa Fé, Álvaro Obregón 01219, Mexico City, CDMX, Mexico

2. What data we collect

None. Nomad Key was built with privacy by default. The App:

Does not require registration or an account
Does not ask for your email, name, phone number, or any personally identifiable information
Does not access your contacts, camera, photos, calendar, microphone, or health data
Does not track your device location (the App does not use CLLocationManager and does not request location permission)
Does not include any third-party SDKs for analytics, advertising, tracking, or crash reporting
Does not send telemetry or usage metrics to any server we control
Has no backend whatsoever — there is no server to send anything to

3. What is stored on your device

The App stores locally (using SwiftData inside a shared App Group between the main App and the Home Screen widget) only the data you type in yourself:

Data	Purpose	Location
Stay records (alias, address, up to two access codes per stay)	Show your saved stays inside the App and on the widget	Device (SwiftData in shared App Group)
Active-stay flag	Tell the widget which stay to display right now	Device (SwiftData)
Cached coordinates (latitude/longitude) per stay	Avoid re-geocoding the same address every time you open the map	Device (SwiftData, only after you tap "Find on map" the first time)
App preferences (language, appearance, onboarding state)	Remember your settings between sessions	Device (`UserDefaults`)

This data is never sent to the Developer's servers. There are no Developer servers. If you delete the App, all of this information is removed with it. There is no cloud backup, no iCloud sync, and no way to recover deleted data — please copy any critical codes into your password manager (1Password, iCloud Keychain) as a backup.

4. External services

Nomad Key is an offline-first app. The only operations that may leave your device are Apple services that you trigger on demand.

4.1 Apple Maps geocoding (CLGeocoder)

When you tap "Find on map" on a stay, the App passes the address string you typed to Apple's CLGeocoder framework so it can return latitude and longitude. This is a network call to Apple's servers.

What is sent: the address string you typed (for example, "Rua Augusta 100, Lisboa").
What is not sent: your access codes, the stay alias, your device identifier, your IP-derived location, or any other personal data.
Who receives it: Apple Inc., under its own Privacy Policy and Maps Terms.
When: only when you explicitly tap "Find on map". Never automatically. Never in the background.
Caching: once an address is resolved, the resulting coordinates are stored on your device so the next time you tap "Find on map" the App reads them locally instead of geocoding again.

If you never tap "Find on map", the App makes no network requests at all.

4.2 Apple Maps rendering (MapKit)

When the map screen is open, Apple's MapKit framework downloads map tiles from Apple's servers to render the map. This is a standard Apple system service, identical to opening the Maps app — handled by iOS, not by the App. The pin coordinates are passed to MapKit locally; only generic map tile requests reach Apple.

5. System permissions

Nomad Key requests no sensitive permissions. The App does not request access to:

Location
Camera
Microphone
Photos
Contacts
Calendar or Reminders
Bluetooth
Local network
HealthKit
Notifications

The App runs entirely with the default sandbox permissions iOS grants every app at install time.

6. Marketing and advertising

The App displays no ads. We do not collect data for remarketing, profiling, segmentation, behavioral analysis, or any promotional purpose. We do not participate in ad networks, and we do not sell information to third parties.

7. Minors

The App is rated 4+. Because the App requires no registration and collects no data, it complies with COPPA (US), LGPD Infantil (Brazil), and GDPR-K (EU) by design. That said, Nomad Key is designed for adult travelers who manage their own short-term stays.

8. User rights (GDPR, CCPA, LFPDPPP, LGPD)

Even though we collect no data, the following rights are guaranteed by design:

Right to access: All your stays and access codes live on your device and are accessible from within the App.
Right to rectification: You can edit or delete any stay, address, or access code at any time.
Right to erasure: Deleting a stay from within the App removes the address, codes, and cached coordinates. Uninstalling the App deletes everything.
Right to portability: Not applicable — no data exists on external servers.
Right not to be subject to automated decisions: The App performs no automated decision-making, profiling, or scoring.

For any questions about your rights, please email christian@irack.mx.

9. Security

Local data is stored inside the iOS sandbox and the App Group shared between the main App and the widget, protected by the operating system and by device-level disk encryption (Apple's Data Protection API). The data is inaccessible to other apps on the device.

Because access codes are sensitive by nature, we strongly recommend you:

Protect your iPhone with a passcode and Face ID or Touch ID
Keep iOS up to date
Do not lend the unlocked device to people who shouldn't see your codes
Delete a stay as soon as you check out, if the codes are reused by the host for other guests

Nomad Key itself does not add an additional in-app passcode in version 1.0; iOS device-level security is the primary protection.

10. International transfers

We do not perform international transfers of personal data because we do not store personal data on any server. The only data that leaves your device is the address string sent to Apple CLGeocoder when you tap "Find on map", which is governed by Apple's own privacy practices.

11. Changes to this policy

We may update this Privacy Policy to reflect changes to the App or to applicable law. The current version will always be published at this URL, along with the date of the last update. Material changes will also be announced inside the App.

12. Governing law

This Policy is governed by the laws of the United Mexican States, in particular the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). Any dispute will be submitted to the competent courts of Mexico City.

13. Contact

Privacy Officer: Chris Flores
Email: christian@irack.mx
Postal address: Av. Javier Barros Sierra 495, Santa Fe Lomas de Santa Fe Zedec Santa Fé, Álvaro Obregón 01219, Mexico City, CDMX, Mexico