Skip to main content
Legal

Privacy Policy

Last updated: 1 June 2026

NativeWay ("we", "us", "our") is a travel platform that connects travellers with authentic local knowledge. Our registered address is NativeWay Ltd, 12 Explorer Street, Oslo, Norway.

We are the data controller for personal data collected through our website and application. If you have any questions about this policy, contact us at privacy@nativeway.app.

We collect only what we need to provide the service. This includes:

  • Account data: email address, display name, and profile photo (optional).
  • Residency verification (locals only): a single document confirming your city of residence. This is reviewed, confirmed, then immediately deleted — we do not store it.
  • Content you create: reviews, pins, routes, and messages you submit through the platform.
  • Usage data: which cities and features you interact with, used solely to improve the product.
  • Device data: browser type, operating system, and app version for bug fixing and compatibility.

We do not collect precise GPS location data. City-level destination selection is stored only while your session is active.

Your data is used exclusively to:

  • Provide, maintain, and improve the NativeWay service.
  • Verify local residency for contributing users.
  • Send transactional emails (account confirmation, waitlist updates, password reset).
  • Detect and prevent fraud, abuse, and spam.
  • Respond to support requests.

We do not use your data for behavioural advertising, do not build advertising profiles, and do not sell or license your data to any third party — ever.

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

  • Contract: processing necessary to provide the service you signed up for.
  • Legitimate interest: security, fraud prevention, and product improvement.
  • Consent: optional communications such as newsletters. You can withdraw consent at any time.
  • Legal obligation: where we are required to retain data under applicable law.

We share your data with a minimal set of trusted processors who help us operate the service:

  • Cloud infrastructure: servers hosted in the EU (AWS Frankfurt region).
  • Email delivery: transactional emails sent via Postmark.
  • Error tracking: anonymised crash reports via Sentry.

All processors are bound by data processing agreements and GDPR-compliant terms. We do not share your data with advertisers, data brokers, or analytics companies that build user profiles.

We retain your data for as long as your account is active. If you delete your account:

  • Personal profile data is deleted within 30 days.
  • Public contributions (reviews, pins, routes) are anonymised and may remain on the platform.
  • Billing records are retained for 7 years as required by law.

Under GDPR and applicable data protection laws, you have the right to:

  • Access: request a copy of the data we hold about you.
  • Rectification: ask us to correct inaccurate data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Portability: receive your data in a machine-readable format.
  • Restriction: ask us to pause processing of your data.
  • Objection: object to processing based on legitimate interest.

To exercise any of these rights, email privacy@nativeway.app. We will respond within 30 days.

We apply industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), access controls, and regular security audits. Despite these measures, no system is perfectly secure — if you believe your account has been compromised, contact us immediately.

NativeWay is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, contact us and we will delete it promptly.

We will notify registered users of material changes to this policy via email at least 14 days before they take effect. The date at the top of this page reflects when it was last updated. Continued use of the service after changes take effect constitutes acceptance.

For privacy-related queries: privacy@nativeway.app

You also have the right to lodge a complaint with your local data protection authority. In Norway, this is the Datatilsynet (datatilsynet.no).