Legal

Privacy Policy

Last updated: 3 March 2026

1. Introduction

Welcome to A Place to Work, operated by Nomii Limited ("we", "us", "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

Nomii Limited is a company registered in England and Wales. Our registered address is 71-76 Shelton Street, London, WC2H 9JQ, United Kingdom.

For the purposes of applicable data protection legislation (including the UK GDPR and the Data Protection Act 2018), we are the data controller.

2. Information We Collect

2.1 Information You Provide

We may collect the following personal data that you voluntarily provide:

Account Information: Email address and password when you create an account
Profile Information: Any additional information you choose to add to your profile
Saved Places: Locations you bookmark or save
Communications: Information you provide when contacting us for support

2.2 Information Collected Automatically

When you access our services, we may automatically collect:

Device Information: Browser type, operating system, and device identifiers
Usage Data: Pages visited, time spent on pages, and navigation patterns
Location Data: Approximate location based on IP address, or precise location if you grant permission
Log Data: IP address, access times, and referring URLs

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience. These include:

Essential Cookies: Required for the website to function properly
Authentication Cookies: To keep you signed in
Preference Cookies: To remember your settings (e.g., dark mode)
Analytics Cookies: To understand how visitors use our site

You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of our services.

3. Google User Data

When you sign in to A Place to Work using your Google account, we access and store the following data from your Google account:

3.1 Data Accessed

Through Google's OAuth authentication, we request the following scopes and access the corresponding data:

Email address — used to identify your account
Display name — used as your profile name within the app
Profile picture URL — used as your avatar within the app

We do not access your Google contacts, calendar, files, or any other Google data beyond what is listed above.

3.2 How We Use Google Data

Google user data is used solely to:

Create and maintain your user account
Display your name and profile picture within the application
Send you account-related communications via your email address

Google user data is not used for advertising, marketing to third parties, or training machine learning models.

3.3 Sharing of Google Data

Your Google user data is stored in our database hosted by Supabase (our infrastructure provider). It is not sold, rented, or shared with any other third parties, except where required by law. Supabase is contractually obligated to protect your data and processes it only on our behalf.

3.4 Storage and Protection of Google Data

Google user data is stored securely in our Supabase database with the following protections:

Encryption in transit using TLS (Transport Layer Security)
Encryption at rest within the database
Row-level security policies that restrict data access to the authenticated user and authorised administrators
Access controls that prevent unauthorised access to user records

3.5 Retention and Deletion of Google Data

Google user data is retained for as long as your account is active. When you delete your account, all Google-sourced data (email, name, and profile picture) is permanently deleted within 30 days. You can request deletion of your data at any time by contacting us at the address provided in Section 12 of this policy.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. How We Use Your Information

We use your personal data for the following purposes:

To provide and maintain our services
To create and manage your account
To personalise your experience and show relevant locations
To process your saved places and preferences
To communicate with you about service updates and support
To improve and develop our services
To ensure the security of our platform
To comply with legal obligations

4.1 Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

Contract: Processing necessary for providing our services to you
Legitimate Interests: Improving our services, security, and user experience
Consent: Where you have given explicit consent (e.g., marketing communications)
Legal Obligation: Where required by applicable law

5. Data Sharing and Third Parties

We may share your information with:

Service Providers: Third parties that help us operate our services (e.g., hosting, analytics)
Authentication Providers: If you sign in using a third-party service
Legal Requirements: When required by law or to protect our rights

We do not sell your personal data to third parties. Any third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.1 Third-Party Services

Our services may integrate with:

Supabase: For authentication and database services
Google Maps: For location and mapping functionality
Vercel: For hosting and analytics

Each of these providers has their own privacy policy governing their use of your data.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal purposes.

8. Your Rights

Under UK data protection law, you have the following rights:

Access: Request a copy of your personal data
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your personal data
Restriction: Request restriction of processing
Portability: Request transfer of your data to another service
Objection: Object to processing based on legitimate interests
Withdraw Consent: Where processing is based on consent

To exercise any of these rights, please contact us at the details provided below. We will respond to your request within one month.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption, secure servers, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:

Nomii Limited
71-76 Shelton Street
London, WC2H 9JQ
United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. The ICO can be contacted at ico.org.uk.