Privacy Policy

This Privacy Policy explains how Nerbor collects, uses, and protects your information. By using the Service, you also agree to our Terms of Service.

1. Information We Collect

Information you provide

• Account information: name, email address, date of birth, phone number
• Profile information: bio, avatar photo, addresses
• Listing information: item descriptions, photos, pricing, location (city, county, and approximate coordinates for map display)
• Photo metadata and capture location: When you upload photos to a listing or to a booking handoff (pickup/return evidence), we extract and store any GPS coordinates and timestamp embedded in the photo's EXIF metadata. If your browser or device offers to share its current location at the time of upload, and you grant that permission, we also store those coordinates alongside the photo. This information is used to verify that handoff evidence was captured at the expected location and time, to detect fraud, and to support dispute resolution. See "How We Use Photo Location Data" below for full details.
• Phone verification and SMS delivery data: phone numbers, phone verification status, SMS notification preferences, consent timestamps, opt-out status, message delivery status, and related support or troubleshooting information
• Payment information: processed and stored by Stripe — we do not store card numbers
• Identity verification: processed by Stripe Identity — we store only verification status
• Communications: messages between users, dispute descriptions, support requests

Information collected automatically

• Usage data: pages visited, actions taken, timestamps
• Device information: browser type, operating system, screen size
• Location data: approximate location derived from listing addresses for search and map features. We do not passively track your real-time location while you use the Service. Precise location is only collected from photo EXIF metadata or, with your explicit browser permission, at the moment you upload a photo — see "Photo metadata and capture location" above and "How We Use Photo Location Data" below.
• Cookies: session cookies for authentication and CSRF protection (no third-party tracking cookies)

2. How We Use Your Information

• Provide, operate, and improve the Service
• Process bookings and payments
• Verify user identity and prevent fraud
• Facilitate communication between owners and renters
• Resolve disputes between users
• Send transactional emails (booking confirmations, approval notifications, completion receipts)
• Send phone verification codes, two-factor authentication codes, and transactional SMS notifications when you request or enable them
• Comply with legal obligations

How We Use Photo Location Data

We treat photo-derived GPS coordinates (from EXIF metadata) and browser-reported coordinates captured at upload time as a single category of capture location data. We use this data only for:

• Handoff verification: confirming that pickup and return photos were taken at or near the agreed location and time, so disputes can be evaluated against objective evidence.
• Fraud prevention: identifying patterns such as listings whose photos were taken hundreds of miles from the listed address, or repeated handoff photos taken at the same coordinate by unrelated users.
• Dispute resolution: providing relevant location and timestamp evidence to Nerbor staff (and, where required, to payment processors or law enforcement) when a booking is contested.

Capture location data is never displayed publicly. It is not shown to other users on listing pages, profiles, or in the booking detail view. Photos rendered on the platform do not expose the underlying EXIF coordinates to viewers. Only Nerbor administrators reviewing a specific dispute or fraud signal can access this data.

You can avoid sharing capture location data in two ways: (1) strip EXIF metadata from photos before uploading them (most phones and image editors offer this option), and (2) decline the browser's location permission prompt when uploading. Declining will not block the upload, but the photo may carry less weight as handoff evidence in a dispute. You can also email us to request deletion of capture location data tied to your past uploads, subject to our retention obligations during open or recently closed disputes.

3. Information Sharing

We do not sell your personal information. We share information only in these circumstances:

• With other users: When you book or list items, your first name, profile photo, and general location are visible to the other party. Booking details (dates, pricing) are shared between renter and owner. Full addresses are shared only when a booking is approved.
• Payment processing and fraud detection: We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services, including IP addresses and browser characteristics. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at stripe.com/privacy.
• Email delivery: Your email address is shared with our email service provider to deliver transactional notifications
• SMS delivery and phone verification: We use Twilio to send phone verification codes, two-factor authentication codes, and transactional SMS notifications. Twilio may process your phone number, message content, delivery status, and opt-out signals to provide these services. You can learn more about Twilio's privacy practices at twilio.com/legal/privacy.
• Legal requirements: When required by law, subpoena, or legal process
• Safety: To protect the rights, property, or safety of Nerbor, our users, or the public

4. Data Storage and Security

Your data is stored on secured servers. We use encryption in transit (HTTPS/TLS) and follow industry-standard security practices. Passwords are hashed using bcrypt and are never stored in plain text. While we take reasonable measures to protect your data, no system is 100% secure.

5. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records).

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information in your profile
• Delete your account and associated personal data
• Export your data in a portable format

To exercise these rights, email us at support@nerbor.com or visit our contact page.

7. Cookies

We use only essential cookies required for the Service to function:

• Session cookies: Maintain your login session
• CSRF tokens: Protect against cross-site request forgery

We do not use third-party analytics cookies, advertising cookies, or tracking pixels.

8. Children's Privacy

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

• Request disclosure of the categories and specific pieces of personal information we have collected about you
• Request deletion of your personal information
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information — we do not sell or share your personal information for cross-context behavioral advertising
• Limit the use of sensitive personal information — the only category of sensitive personal information we collect is precise geolocation, derived from photo EXIF metadata and browser geolocation at upload time. We use it solely for the handoff-verification, fraud-prevention, and dispute-resolution purposes described in Section 2 above, and we do not use it to infer characteristics about you
• Not be discriminated against for exercising your privacy rights

To submit a request, email support@nerbor.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or platform notification. Continued use after changes constitutes acceptance.

11. Contact

Questions about this policy? Email us at support@nerbor.com or visit our contact page.