Privacy Policy

This Privacy Policy explains how Nerbor collects, uses, and protects your information. By using the Service, you also agree to our Terms of Service.

1. Information We Collect

Information you provide

• Account information: name, email address, date of birth, phone number
• Profile information: bio, avatar photo, addresses
• Listing information: item descriptions, photos, pricing, location (city, county, and approximate coordinates for map display)
• Payment information: processed and stored by Stripe — we do not store card numbers
• Identity verification: processed by Stripe Identity — we store only verification status
• Communications: messages between users, dispute descriptions, support requests

Information collected automatically

• Usage data: pages visited, actions taken, timestamps
• Device information: browser type, operating system, screen size
• Location data: approximate location derived from listing addresses for search and map features (we do not track your real-time GPS location)
• Cookies: session cookies for authentication and CSRF protection (no third-party tracking cookies)

2. How We Use Your Information

• Provide, operate, and improve the Service
• Process bookings and payments
• Verify user identity and prevent fraud
• Facilitate communication between owners and renters
• Resolve disputes between users
• Send transactional emails (booking confirmations, approval notifications, completion receipts)
• Comply with legal obligations

3. Information Sharing

We do not sell your personal information. We share information only in these circumstances:

• With other users: When you book or list items, your first name, profile photo, and general location are visible to the other party. Booking details (dates, pricing) are shared between renter and owner. Full addresses are shared only when a booking is approved.
• Payment processing and fraud detection: We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services, including IP addresses and browser characteristics. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at stripe.com/privacy.
• Email delivery: Your email address is shared with our email service provider to deliver transactional notifications
• Legal requirements: When required by law, subpoena, or legal process
• Safety: To protect the rights, property, or safety of Nerbor, our users, or the public

4. Data Storage and Security

Your data is stored on secured servers. We use encryption in transit (HTTPS/TLS) and follow industry-standard security practices. Passwords are hashed using bcrypt and are never stored in plain text. While we take reasonable measures to protect your data, no system is 100% secure.

5. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records).

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information in your profile
• Delete your account and associated personal data
• Export your data in a portable format

To exercise these rights, email us at support@nerbor.com or visit our contact page.

7. Cookies

We use only essential cookies required for the Service to function:

• Session cookies: Maintain your login session
• CSRF tokens: Protect against cross-site request forgery

We do not use third-party analytics cookies, advertising cookies, or tracking pixels.

8. Children's Privacy

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Request disclosure of the categories and specific pieces of personal information we have collected about you
• Request deletion of your personal information
• Opt out of the sale of personal information — we do not sell your personal information
• Not be discriminated against for exercising your privacy rights

To submit a request, email support@nerbor.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or platform notification. Continued use after changes constitutes acceptance.

11. Contact

Questions about this policy? Email us at support@nerbor.com or visit our contact page.