Privacy Policy

Namora is a brand naming and domain discovery service. When this policy says "we", "us", or "our", it refers to the team behind Namora.

If you have questions about this policy or your data, email us at support@namora.app.

We collect only what's necessary to provide the service. Here's the full picture:

Just as important as what we collect:

• We don't store your Google password — authentication happens entirely through Google's secure OAuth
• We don't collect payment information — we're free right now, and if we add payments, a third party like Stripe will handle it
• We don't track you across other websites — no cross-site tracking, no advertising cookies
• We don't collect precise location — just country-level from IP address
• We don't sell or share your data with data brokers — ever

We use your information to:

• Provide the service — generate brand names, check domains, save your work
• Improve the product — understand which features people use, fix bugs, make things better
• Send important updates — service changes, security notices, policy updates (rare, important stuff only)
• Respond to you — when you contact us with questions or feedback

We don't use your data for advertising. We don't build profiles to sell to marketers. Your brand descriptions aren't training data for our AI — we use pre-trained models from Anthropic.

Running a modern web service means relying on other companies. Here's everyone who might touch your data:

• Vercel — hosts the application and database. Your data lives on their servers. Their privacy policy
• Google — handles sign-in through OAuth. They see that you're signing into Namora. Their privacy policy
• Anthropic — powers our AI features. Your brand descriptions are sent to their API to generate suggestions. Their privacy policy
• Plausible Analytics — privacy-focused analytics. No cookies, no personal data stored. Their privacy policy
• Domainr / Fastly — domain availability checks. Sees what domains you search for. Their privacy policy

We carefully select services that respect privacy. We don't use Facebook pixels, Google Analytics, or other tracking-heavy tools.

Specific retention periods:

• Account data — kept while your account is active. Deleted within 30 days of account deletion.
• Brand sessions and bookmarks — kept while your account is active. Deleted when you delete your account.
• Analytics data — Plausible retains aggregated data indefinitely, but it's not tied to you personally.
• Backups — your data may exist in encrypted backups for up to 30 days after deletion.

You have rights over your data. Here's what you can do and how:

• Access your data — email us and we'll send you everything we have about you within 30 days
• Correct your data — let us know if something's wrong and we'll fix it
• Delete your data — you can delete your account from the settings page, or email us and we'll do it within 30 days
• Export your data — request a copy in a standard format (JSON)
• Object to processing — if you have concerns about how we use your data, let us know

To exercise any of these rights, email support@namora.app. We'll respond as soon as possible, often within 72 hours.

Under the California Consumer Privacy Act (CCPA), you have the right to:

• Know what personal information we collect
• Delete your personal information
• Opt out of the "sale" of personal information
• Non-discrimination for exercising your rights

We don't sell your personal information. We never have and never will. So there's nothing to opt out of on that front.

Under GDPR, you have additional rights:

• Legal basis — we process your data based on contract (to provide the service you signed up for) and legitimate interest (to improve the product and prevent abuse)
• Data transfers — your data is stored on servers in the United States. We rely on standard contractual clauses to ensure adequate protection
• Right to complain — you can lodge a complaint with your local data protection authority if you believe we've mishandled your data

Cookies are small files websites store on your device. We use them sparingly:

• Authentication cookies — keep you logged in. Essential for the app to work.
• Preference cookies — remember things like your theme setting (dark/light mode).

That's it. No tracking cookies, no advertising cookies, no third-party cookies for analytics. Plausible Analytics doesn't use cookies at all.

We take reasonable measures to protect your data:

• All data transmitted over HTTPS (encrypted in transit)
• Database encrypted at rest
• Authentication handled by Google OAuth — we never see your Google password
• Regular security updates to dependencies
• Access limited to essential personnel

No system is 100% secure. If we ever discover a breach affecting your data, we'll notify you within 72 hours with details about what happened and what we're doing about it.

Namora is not intended for children under 16. We don't knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we'll delete it.

We may update this policy as our practices or the law changes. When we make significant changes:

• We'll update the "last updated" date at the top
• For major changes, we'll notify you by email or through the app
• We'll never make changes that reduce your rights without giving you notice and a chance to export your data

Have questions about this policy or your data? We're happy to help.

Email: support@namora.app

We'll respond as soon as possible, often within 72 hours.