Privacy Policy
NomadCode — Mobile IDE · Effective 2026-05-06
1. What Stays On Your Device
All file editing, file storage, terminal output, and Git operations happen on-device. The following data is stored locally and never transmitted unless explicitly noted:
- The contents of your workspace files and unsaved edits
- Your editor settings, snippets, and installed extensions
- Local Git history, branches, and uncommitted changes
- Terminal history
2. Credentials & Authentication
OAuth tokens (GitHub) and any API keys you paste in are stored exclusively in the platform keychain — Apple Keychain on iOS / iPadOS, Android Keystore on Android. They are never written to app storage, logs, or backups.
- NomadCode never sends credentials to any server we operate
- Tokens are sent only to the issuing service (e.g. github.com) when you act
- You can sign out at any time from Settings → Account
3. Network Activity
NomadCode does not phone home. The only outbound connections it makes are the ones you initiate:
| Action | Destination | What's sent |
|---|---|---|
| Sign in to GitHub | github.com | OAuth handshake |
| Clone / push / pull | Your chosen Git remote | Repository data |
| AI completion (Pro+AI) | Selected AI provider | Code prefix/suffix around the cursor |
| Crash report (opt-in) | Sentry | Stack trace, app version, no source code |
| First-run editor assets | cdn.jsdelivr.net | Monaco editor bundle (cached locally) |
4. AI Features (Pro+AI)
AI inline completions and chat are off by default and only available on the Pro+AI plan. When enabled:
- Only the code surrounding your cursor (a bounded prefix/suffix) is sent
- Whole-file or whole-workspace context is never transmitted automatically
- Your chosen provider's privacy policy applies to that data in transit and at rest
- You can disable AI features at any time in Settings → AI
5. Crash Reporting
Crash reporting via Sentry is opt-in and disabled by default. When enabled, only the crash stack trace, the app and OS version, and a random installation ID are sent. File contents, file paths, and personal identifiers are filtered before upload.
6. Subscriptions & Payments
Pro and Pro+AI are sold as in-app subscriptions. Payment is handled entirely by Apple (App Store) or Google (Play Store). We never see, receive, or store your payment details. Receipts are validated through RevenueCat to verify entitlement.
7. Children's Privacy
NomadCode is a developer tool not directed at children under 13. We do not knowingly collect any personal information from children.
8. Data Security
Code never leaves your device unless you initiate a network action. All credentials live in the OS keychain. All network connections use TLS. The terminal and any extensions run sandboxed (WASI / WebAssembly workers) with no unrestricted process spawning on your device.
9. Your Rights
Because we do not collect personal data on our servers, there is nothing for us to export or delete on your behalf. Uninstalling NomadCode removes all locally stored data. To revoke OAuth access, visit your provider's connected-apps settings (e.g. github.com/settings/applications).
10. Changes to This Policy
If this policy changes, the new version will be posted here with an updated effective date. Material changes will be surfaced in-app on next launch.
11. Contact
Kamal Syed · ksyed0@gmail.com