Privacy Policy

Effective Date: March 13, 2025
Last Updated: March 13, 2025

Welcome to NomadHarbor (“we,” “us,” “our”), a hub for digital nomads built and operated by Spyral Media, a digital marketing agency owned by two nomads with over 15 years of experience living and working globally. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website at nomadharbor.com or engage with our services (“Services”), such as reading our content, signing up for our newsletter, or interacting with our affiliate links. We’re committed to protecting your privacy while helping you dock your digital life—whether you’re in Croatia, the Philippines, or anywhere else.

1. Who We Are

  • Company: Spyral Media, doing business as NomadHarbor.
  • Contact: Reach us at [Spyralmedia.oma@gmail.com] or via our Contact Page.
  • Locations: Operated by founders based in Croatia (EU) and the Philippines, serving a global audience.

2. Information We Collect

We collect personal information to enhance your experience and operate our Services. Here’s what we gather:

  • Information You Provide:
    • Newsletter Signup: Email address and optional name when you subscribe to “Unlock exclusive nomad hacks.”
    • Contact Form: Name, email, and message content when you reach out (e.g., feedback, guest author pitches).
    • Comments/Contributions: Name, email, and content if you comment on articles or submit guest posts.
  • Automatically Collected:
    • Cookies & Tracking: IP address, browser type, device info, pages visited, and interaction data (e.g., clicks on affiliate links like NordVPN or Amazon) via cookies and analytics tools (e.g., Google Analytics). See our Cookie Policy for details.
    • Log Data: Time stamps, referral URLs, and access logs via Bluehost hosting.
  • Third-Party Sources:
    • Affiliates: If you click links to NordVPN, Bluehost, Booking.com, Amazon, or Temu, we may receive anonymized transaction data (e.g., purchase confirmation) for commission tracking.
    • Social Media: Public data (e.g., username) if you engage with us on platforms like Twitter or Pinterest.
  • Children’s Data: We don’t target users under 13, but if a guardian believes we’ve unintentionally collected a child’s data, contact us to remove it (per COPPA).

3. How We Use Your Information

We process your data for these purposes, with legal bases under GDPR/PIPEDA:

  • To Provide Services: Deliver content (e.g., articles on Nomad Tech & Tools), send newsletters, and respond to inquiries (Legitimate Interest, Consent).
  • Analytics: Understand site performance and user behavior via Google Analytics (Legitimate Interest).
  • Marketing: Promote affiliate products (e.g., “Best Juicers” on Amazon) and tailor content (Consent).
  • Security: Protect against fraud or abuse via Bluehost logs (Legitimate Interest).
  • Legal Compliance: Meet obligations under GDPR, CCPA, PIPEDA, etc. (Legal Obligation).

4. How We Share Your Information

We share data only as necessary:

  • Service Providers:
    • Hosting: Bluehost (USA) stores site data.
    • Email: Gmail/WP Mail SMTP (USA) sends newsletters, contact replies.
    • Analytics: Google Analytics (USA) tracks usage.
    • Cookies: CookieYes (UK) manages consent.
  • Affiliates: NordVPN, Bluehost, Booking.com, Amazon, Temu receive anonymized data if you purchase via our links.
  • Legal: We may disclose data if required by law (e.g., court order) or to protect our rights.
  • Business Transfers: If Spyral Media is sold, data may transfer to new owners.

5. Cookies and Tracking

We use cookies for functionality, analytics, and ads. Manage preferences via our Cookie Settings button (powered by CookieYes). See our Cookie Policy for details.

6. Your Rights

Depending on your location, you have rights under GDPR, CCPA, PIPEDA, etc.:

  • Access: Request your data.
  • Correction: Fix inaccuracies.
  • Deletion: Ask us to erase your data (e.g., unsubscribe from newsletters).
  • Opt-Out: Stop marketing or sales of data (CCPA: see below).
  • Portability: Get your data in a usable format.
  • Object: Challenge processing (e.g., analytics).
  • Withdraw Consent: Revoke permission anytime via Cookie Settings.

To exercise rights, email [privacy@nomadharbor.com]. We’ll respond within 30 days (GDPR/PIPEDA) or 45 days (CCPA).

CCPA Note: We don’t “sell” data as defined by CCPA, but affiliates may track purchases. Opt-out via “Do Not Sell My Personal Information” requests at [Spyralmedia.oma@gmail.com].

7. Data Storage and Security

  • Where: Data is stored on Bluehost servers (USA) and Google servers (USA/global).
  • Security: We use SSL encryption, secure hosting, and access controls. No system is 100% secure, but we strive to protect your data.
  • Retention: Newsletter data is kept until you unsubscribe; analytics data for 26 months (Google Analytics default); contact form data for 1 year unless legally required longer.

8. International Transfers

Based in Croatia (EU) and the Philippines, we transfer data to the USA (Bluehost, Google). We rely on:

  • GDPR: Standard Contractual Clauses with providers.
  • Philippine DPA: Adequate safeguards per NPC guidelines.
  • CCPA: Transparency herein.

9. Third-Party Links

Our site links to affiliates (e.g., Amazon) and social platforms. Their privacy policies apply once you leave NomadHarbor—we’re not responsible for their practices.

10. Children’s Privacy

We don’t target kids under 13 (COPPA). If we accidentally collect such data, guardians can request deletion at [Spyralmedia.oma@gmail.com].

11. Changes to This Policy

We may update this policy to reflect legal or operational changes. Check here for the latest version. Significant updates (e.g., new data use) will notify you via email or site banner, with opt-in/out options if required.

12. Contact Us

Questions? Concerns? Reach us:

For complaints, we’ll investigate and reply within 30 days. You may also contact your local data protection authority (e.g., AZOP in Croatia, NPC in the Philippines, FTC in the USA).

13. Compliance Notes

COPPA: No child targeting, guardian recourse.

GDPR: Transparent processing, rights, and transfers.

CCPA/CPRA: No data sales, opt-out available.

PIPEDA: Consent-based, accountable.

Philippine DPA: Grievance officer, security measures.

Subscribe
Subscribe