Trust & Security

NomadShare is a non-profit community project, not a company. We don't charge fees and don't hold real money. The points balance is a coordination tool to keep exchanges balanced — it is not money and has no cash value.

• No insurance on items — damage and loss are between the two users.
• No real-money escrow or refunds — only internal points move.
• No background checks or ID verification on users.
• No in-person dispute mediation or legal support.
• No guarantee that a listing's description matches reality.

Sign-in is handled by our managed authentication provider. Sessions use short-lived bearer tokens that are refreshed automatically; the browser never stores your raw password.

Privileged actions (moderation, balance adjustments, verification approvals) are gated server-side by a role check — client-supplied role claims are ignored.

Every database table that holds user data has row-level security enabled. Policies restrict reads and writes to the owning user, the other party of a conversation or exchange, or platform staff.

Realtime channels for messages and conversations are scoped per conversation: only the two participants receive change events.

Profile data (display name, handle, avatar URL, optional Couchsurfing handle), listings you publish, messages you send, exchange history, and the points ledger. We do not store payment card data — the platform runs on an internal points balance.

Approximate listing coordinates are rounded before being returned to the public search API so exact addresses are not exposed. See the privacy notice for the full list.

New and edited listings are screened by automated moderation against our listing rules. Borderline items are queued for human review; hard-rejected categories (weapons, drugs, sexual content, counterfeit goods, hazardous or stolen items) are blocked.

You can report messages, block other users, and appeal a rejected listing once from your profile. To report illegal content, email meowtogetfood@gmail.com.

NomadShare runs on the Lovable Cloud platform, which provides managed database, authentication, file storage, and edge compute. Maps and place search are powered by Google Maps. Automated moderation is powered by the Lovable AI Gateway.

You can delete your own listings at any time. To delete your account and associated data, email the address below and we will action the request manually. Because the project is volunteer-run, please allow up to 30 days.

If you believe you have found a vulnerability, please email meowtogetfood@gmail.com with steps to reproduce. Please do not publicly disclose the issue before we have had a chance to respond.