NearWise is a nearby services discovery application operated as an individual project. For any privacy-related questions, contact us at: [email protected]
As a service accessible to users in the European Economic Area (EEA), this policy complies with the General Data Protection Regulation (GDPR) and Norway's Personal Data Act (Personopplysningsloven).
| Data | Why we collect it | Where it's stored | How long |
|---|---|---|---|
| Location (GPS coordinates) | To search for nearby places | Sent to our server per request — not persisted | Not stored — discarded after each search |
| Full name | To personalise your account display (first name shown in greeting) | Our backend server (EU, Germany) | Until you delete your account |
| Email address | To create and identify your account, and to send transactional emails (password reset) | Our backend server (EU, Germany) | Until you delete your account |
| Password | To authenticate you | Stored as a bcrypt hash only — never in plain text | Until you delete your account |
| Password reset token | To verify a password reset request sent by you | Our backend server — one-time use only | 1 hour or until used, whichever comes first |
| Saved places, preferences, vibes | To personalise your experience | Your device only (browser localStorage) | Until you clear your browser data |
| Push notification subscription | To deliver closing-soon alerts for your saved places when the app is not open | Our backend server (encrypted endpoint URL and push keys — no personal data) | Until you disable notifications in Settings, or delete your account |
| Notification permission | To alert you when saved places are closing soon | Your device only | Until you revoke permission in your browser or device settings |
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Neon.tech | PostgreSQL database — stores user accounts | Full name, email address, hashed password, account metadata | Frankfurt, Germany (EU — AWS eu-central-1) |
| Resend | Transactional email — delivers password reset emails | Email address (only when a reset is requested) | United States (processed under Standard Contractual Clauses) |
| Render.com | Backend hosting | All server traffic passes through Render | Frankfurt, Germany (EU) |
| Cloudflare | Frontend CDN | IP address, browser info (standard CDN logs) | Global edge network |
| OpenStreetMap | Places data and address search | Approximate location for nearby search | EU servers |
| Google Places API (optional) | Enhanced places data with photos and ratings | Approximate location (server-side only) | Google global infrastructure |
We do not sell your data to any third party. We do not use advertising networks.
Our backend server is located in Frankfurt, Germany (European Union). If you access NearWise from outside the EU, your data is transferred to the EU for processing. This transfer is covered by standard contractual clauses and the GDPR adequacy framework.
Under GDPR you have the right to:
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
In-app (instant): Open the Account panel → scroll to the bottom → tap "Delete account". You will be asked to confirm with your password. Your account and all associated server-side data are deleted immediately.
By email: If you cannot access your account, email [email protected] with the subject line "Delete my account" and include the email address you registered with. We will permanently delete your account within 7 days.
Locally stored data (saved places, preferences) can be cleared at any time by clearing your browser's site data for nearwise.pages.dev.
NearWise is not intended for users under the age of 15. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it immediately.
NearWise does not use tracking cookies. We use browser localStorage exclusively to store your preferences, saved places, and session token on your own device. This data never leaves your device unless you explicitly perform an action that requires it (such as syncing preferences).
We use HTTPS for all data in transit. Passwords are hashed with bcrypt (cost factor 12) and are never stored or transmitted in plain text. Our API uses rate limiting and brute-force protection on all authentication endpoints.
If we make significant changes, we will update the effective date at the top of this page. Continued use of NearWise after changes are posted constitutes acceptance of the updated policy.
For privacy questions: [email protected]
If you are in Norway and believe we have not handled your data correctly, you have the right to lodge a complaint with the Norwegian Data Protection Authority: