Privacy Policy
Effective Date: June 2025 · Last Reviewed: June 2026
1. Introduction
Retire All Over (“we,” “us,” or “our”) operates this website and the Nomad Tools application at app.retireallover.com. This Privacy Policy explains what personal information we collect, how we use and protect it, your rights regarding your data, and how to contact us with questions.
This policy is designed to comply with applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and other applicable US state and international privacy regulations.
2. Information We Collect
Information You Provide
- Account information — email address and identity verified through Cloudflare Access when you log in to Nomad Tools
- Financial data — account balances, transaction records, and subscription details you enter manually or import
- Linked institution data — account metadata and balances retrieved through Plaid when you choose to connect a bank or brokerage
- Travel data — trip itineraries, border crossing dates, and location information you enter
- Documents — files you upload to the Vault (insurance cards, vaccine records, passport scans, etc.)
Information Collected Automatically
- Usage data — pages visited and features used within the application
- Authentication data — access tokens issued by Cloudflare Access to verify your identity
- Log data — server-side request logs retained for security and operational purposes
We do not knowingly collect personal information from children under 13. We do not use advertising trackers, third-party analytics SDKs, or sell data to any party.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the application and its features | Performance of contract |
| Authentication and account security | Legitimate interests / contract |
| Storing and retrieving your financial and travel data | Performance of contract |
| Security monitoring and abuse prevention | Legitimate interests / legal obligation |
| Compliance with legal obligations | Legal obligation |
We do not sell personal information. We do not use your data for advertising or share it with third parties for their marketing purposes.
4. Sharing of Information
We share personal information only in the following circumstances:
- Infrastructure providers — We use Cloudflare (Access, Pages, D1, R2) to operate the application. Cloudflare processes data as a service provider under appropriate data processing agreements.
- Financial data providers — If you connect a bank or brokerage, Plaid processes the connection and returns account information needed for balance sync. We store Plaid access tokens encrypted and use them only to sync accounts you connected.
- Legal requirements — We disclose information when required by law, court order, or regulatory authority, or to protect the rights and safety of users.
- Business transfers — In the event of a merger or acquisition, affected users will be notified before data becomes subject to a different privacy policy.
5. International Data Transfers
Your data is stored and processed on Cloudflare’s global infrastructure. Where data is transferred outside the European Economic Area (EEA) or United Kingdom, appropriate safeguards including Standard Contractual Clauses are in place. Details of Cloudflare’s data transfer mechanisms are available at cloudflare.com/trust-hub/gdpr.
6. Data Retention
Your data is retained for as long as your account is active and for up to 7 years following account closure to meet legal and tax obligations. Uploaded documents are retained until you delete them or close your account. Server logs are retained for up to 12 months. When data is no longer needed it is securely deleted.
7. Your Privacy Rights
All Users
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your personal data (subject to legal retention obligations)
- Portability — receive your data in a structured, machine-readable format
EU / UK Residents (GDPR / UK GDPR)
All rights above apply. You may also restrict processing while a dispute is resolved, withdraw consent at any time where processing is consent-based, and lodge a complaint with your national data protection authority.
California Residents (CCPA/CPRA)
You have the right to know what personal information is collected, delete it, correct inaccuracies, and opt out of its sale (we do not sell personal information). You will not be discriminated against for exercising these rights.
To exercise any of these rights, contact us at privacy@retireallover.com. We will respond within the timeframes required by applicable law (generally 30–45 days).
8. Security
We implement technical and organizational measures to protect personal information, including encryption in transit (TLS 1.2+) and at rest, access controls, and regular security reviews. In the event of a data breach affecting your rights and freedoms, we will notify you and applicable regulators as required by law.
9. Cookies and Tracking
Nomad Tools uses cookies only for authentication and security (session tokens issued by Cloudflare Access). We do not use tracking cookies or advertising cookies. No cookie consent banner is required for essential authentication cookies.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or prominent notice within the application at least 30 days before taking effect. Continued use of our services after changes take effect constitutes acceptance of the revised policy.
11. Contact
For questions, requests, or complaints regarding this policy or our data practices:
Email: privacy@retireallover.com
Website: retireallover.com