Privacy Policy
How NomadFindr collects, uses, and protects personal data in compliance with the GDPR and French data protection law.
Last updated: 4/9/2026
Data controller
The data controller is Julien Bourgeois, trading as Julab, 94 Boulevard de la Marquette, 31000 Toulouse, France. Contact: contact@nomadfindr.com.
Data we collect
From visitors: name, email address, and message when submitting a contact request; IP-derived metadata and browser user agent at the time of consent. From accountant subscribers: professional name, company name, address, phone number, email, profile description, specialties, spoken languages, and billing information (name, email, billing address) transmitted to Stripe for payment processing. From all users: consent records storing the accepted policy version, timestamp, locale, and IP-derived metadata.
Legal bases for processing
We process personal data on the following legal bases under GDPR Article 6: (a) Contract performance (Art. 6(1)(b)): account creation and management, subscription billing, routing of contact requests you initiated, and transactional emails required to deliver the service. (b) Legal obligation (Art. 6(1)(c)): retention of invoices and accounting records for 10 years (Art. L.123-22 Code de commerce); retention of connection logs for 12 months (Art. R.10-13 CPCE). (c) Legitimate interest (Art. 6(1)(f)): abuse prevention, fraud detection, platform security, and consent audit trails. (d) Consent (Art. 6(1)(a)): transmission of your contact details to a selected accountant when you submit a lead request. You may withdraw consent at any time without affecting the lawfulness of prior processing.
How we use your data
Visitor data is used solely to transmit your contact request to the accountant you selected and to maintain a legally required consent audit trail. Accountant subscriber data is used to create and display your public listing, process subscription payments, send transactional communications (lead notifications, billing emails), and maintain service quality. We do not use personal data for advertising purposes and do not sell data to any third party.
Consent and audit trail
When a visitor submits a contact request or an accountant creates a subscriber account, NomadFindr records an explicit consent event including the accepted policy version, timestamp, locale, and technical metadata. This record is retained for 5 years as proof of consent. By submitting a contact request, you explicitly authorise NomadFindr to transmit your name, email address, and message to the accountant you selected.
Data sharing
Contact request data (name, email, message) is shared with the accountant you selected - this is the core service you consented to. Accountant profile data is displayed publicly on the NomadFindr directory. Billing data is transmitted to Stripe for payment processing. No personal data is sold or shared with advertisers.
Analytics
NomadFindr uses PostHog to measure site usage and improve the platform. PostHog collects page views, navigation events, and interaction data. Where configured for single-site audience measurement without persistent cross-site identifiers, this may qualify for the CNIL analytics exemption from prior consent under French law. PostHog data is used solely by NomadFindr, is not shared with third parties for their own purposes, and is retained for a maximum of 25 months. You may opt out of analytics collection by contacting contact@nomadfindr.com.
Cookies and trackers
NomadFindr uses only cookies strictly necessary for the operation of the platform: a session cookie and a language-preference cookie (nomadfindr_locale). No advertising cookies, retargeting pixels, or third-party tracking cookies are used. The analytics tracker described above may be exempt from prior consent under CNIL guidelines depending on its configuration.
Sub-processors
We use the following sub-processors under GDPR Article 28 data processing agreements: Vercel, Inc. (United States) - application hosting and edge network; Neon, Inc. (United States) - database hosting (AWS eu-west-1, Ireland); Cloudflare, Inc. (United States) - object storage for uploaded images (R2, EU region); Stripe Payments Europe, Limited (Ireland) - subscription payment processing; Resend, Inc. (United States) - transactional email delivery; Inngest, Inc. (United States) - background job orchestration; Upstash, Inc. (United States) - rate-limiting cache (IP addresses only); PostHog, Inc. (United States) - product analytics. Each processor is contractually bound to GDPR-compliant data handling.
International data transfers
Where personal data is transferred outside the European Economic Area, appropriate safeguards apply: transfers to Stripe are covered by Standard Contractual Clauses (SCCs 2021/914) and Stripe's Data Transfers Addendum; transfers to Cloudflare are covered by SCCs and Cloudflare's EU-U.S. Data Privacy Framework certification; transfers to PostHog are covered by SCCs (US cloud) or do not occur (EU cloud); transfers to Resend, Inngest, and Upstash are covered by SCCs. Neon and Cloudflare R2 store data in EU regions (AWS eu-west-1 / Cloudflare EU); no transfer outside the EEA takes place for those services.
Data retention
Contact request data (leads): deleted automatically after 3 years from submission (CNIL guidance on prospecting data). Consent records: deleted automatically after 5 years (CNIL recommendation for proof of consent). Session data: expired sessions are deleted automatically. Invoice and payment records are retained by Stripe for 10 years (Art. L.123-22 Code de commerce, mandatory) — we do not store invoice data in our own database. Analytics data is subject to PostHog's retention settings (maximum 25 months). Automated deletions run on the 1st of each month.
Your rights
Under the GDPR and French Data Protection Law, you have the right to: access your personal data (Art. 15); rectify inaccurate data (Art. 16); request erasure (Art. 17); restrict processing (Art. 18); data portability (Art. 20); object to processing (Art. 21); withdraw consent at any time without affecting prior lawful processing (Art. 7(3)); not be subject to solely automated decision-making with legal effects (Art. 22) - NomadFindr does not use such profiling. To exercise any right, contact contact@nomadfindr.com. You also have the right to lodge a complaint with the CNIL at https://www.cnil.fr/fr/plaintes.
Updates to this policy
NomadFindr may update this policy from time to time. Material changes will be notified to accountant subscribers by email at least 30 days before taking effect. The current version date is shown at the top of this page. Continued use of the platform after the effective date constitutes acceptance.