Privacy Policy

Last updated: March 21, 2026

WestHash ("we", "us", or "our") operates the Overlander platform (overlander.app). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services, in compliance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

Data Controller

The data controller is WestHash, based in the United States. For any privacy-related inquiries, you can contact us at overlander@westhash.io. For users in the European Union, we comply with Regulation (EU) 2016/679 (GDPR).

Data We Collect

User Content: parking area descriptions, photos, reviews, and calendar availability set by landowners.

  • Account Data: name, email address, encrypted password, profile photo, role selection (nomad or landowner), phone number (optional).
  • Geolocation Data: precise GPS coordinates collected during check-in/out and proximity monitoring. This data is essential for the core functionality of our service.
  • Transaction Data: credit purchases, check-in/out records, daily billing charges, credit balance, and payment information processed via our payment provider.
  • Communications: in-app chat messages between nomads and landowners, email addresses for transactional notifications.
  • Technical Data: IP address, browser type, device information, and anonymized usage analytics.
  • User Content: parking area descriptions, photos, reviews, and calendar availability set by landowners.

Legal Basis for Processing

  • Consent: for geolocation tracking, analytics cookies, and marketing communications.
  • Contract Performance: for account management, credit transactions, check-in/out services, and billing.
  • Legitimate Interest: for platform security, fraud prevention, service improvement, and basic analytics.
  • Legal Obligation: for tax records, regulatory compliance, and responding to lawful requests.

Purposes of Processing

We process your data to: provide and maintain the Overlander platform; manage your account and authenticate sessions; process credit transactions and daily billing; enable geofence-based check-in and check-out; facilitate communication between nomads and landowners; send transactional email notifications (check-in/out confirmations); improve our services through anonymized analytics; prevent fraud and ensure platform security.

Data Sharing and Third Parties

We share data with the following third-party processors, all bound by data processing agreements:

  • Cloud infrastructure provider for authentication, data storage and application hosting. User data is stored within the European Union.
  • Email provider: transactional email delivery for check-in/out notifications.
  • Payment provider: secure payment processing for credit purchases.
  • Landowners can see basic profile information (name) of nomads who check in to their areas. Nomads can see landowner names and area details.

Data Retention

Account data is retained for the duration of your account plus 30 days after deletion. Transaction records are kept for 10 years as required by tax regulations. Geolocation data from check-ins is retained for 2 years. Chat messages are retained for 1 year after the last activity. You may request deletion of your data at any time, subject to legal retention requirements.

Your Rights

Under the GDPR, you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: limit the processing of your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw Consent: revoke consent at any time without affecting prior processing.
  • To exercise these rights, contact us at overlander@westhash.io. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

International Transfers

WestHash is based in the United States. When personal data of EU/EEA users is processed, appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection in compliance with the GDPR.

Security Measures

We implement appropriate technical and organizational measures to protect your data, including: encryption in transit and at rest; database-level access control policies; secure password encryption; authenticated access controls; regular security reviews.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "last updated" date at the top indicates the latest revision.

Contact Us

For privacy inquiries or to exercise your rights, contact us at:

Email: overlander@westhash.io

WestHash LLC