Privacy policy.
What we collect, how we use it, and what we don't do. The short version: very little, and never sold.
1. Who we are
NRI Outpost is a personal informational website operated as a project by an individual based in Tennessee, United States. Contact: hello@nrioutpost.com.
2. What information we collect
| What | When | Why |
|---|---|---|
| Email address | If you sign up for the newsletter | To send you the monthly digest of NRI-relevant updates. Nothing else. |
| Section votes (anonymous) | When you click "Yes, useful" or "Could be better" | To improve content. Stored as a simple counter; no link to you. |
| Checklist progress | When you tick checklist items | Stored only in your own browser (localStorage). Never sent to us. |
| Aggregate analytics | Not currently enabled | Cloudflare Web Analytics is configured but the beacon is currently disabled. When we enable it, we'll update this row. No cookies and no individual tracking either way. |
| Email content (if you write to us) | If you email hello@nrioutpost.com | To respond to your message. We keep correspondence in our email account. |
| Voice input (optional) | Only if you tap the 🎤 mic to speak a grocery list (SmartBazaar) or a question to the chat | Your recording is sent over HTTPS to our own Cloudflare Worker, transcribed to text by Cloudflare Workers AI (the Whisper model, running on Cloudflare), and the audio is then discarded — never stored, never used to train models, and never sent to OpenAI, Google, or any other company. Only the resulting text stays, on your device. See Section 4. |
| Ad delivery (Google AdSense) | On all pages that show ads | Google serves the ads and may set a cookie or identifier to do so. Ads may be personalized depending on your location and settings. See Section 4 for how to control or opt out. |
We do not collect: your IP address (Cloudflare may briefly handle it as part of routing, but we don't store or analyze it), your name (unless you give it to us in an email), your physical location, your browsing history on other sites, or any other identifying data.
3. Cookies, Do Not Track & Global Privacy Control
The Site does not set any cookies of its own. Google AdSense (see Section 4) may set a cookie or similar identifier to serve and measure ads and to prevent fraud. When we enable Cloudflare Web Analytics it will not use cookies and will not fingerprint visitors. Your browser may store small amounts of data in localStorage to remember your preferences and progress. Here's the complete list:
nri-theme— your light / dark / auto theme choicenri-diet-pref— your diet preference filter (Anything / Pure-veg / Jain / Sattvik)nri-section-state— which homepage sections you've collapsed or expandednri-compact-mode— whether you've enabled the master Compact-mode togglenri-weather-city— which Indian city your weather card defaults tonri-fast-traditions— which fasting traditions (Hindu / Jain / etc.) you want listed in the fasting calendarnri-pincode-recent— up to 6 of the most-recent Indian pincodes you've looked upnri-fmw-v1— the First-Month Wizard's saved profile so it can resume where you left off. Contains the fields you typed into the wizard: name, country, city, role, visa type, arrival date, school (for students), origin city. Stored only on your device — never transmitted to us. To wipe it, complete + reset the wizard or clear site data.- Checklist progress — packing list + first-30-days plan item completion
- Feedback votes — your 👍/👎 on each section, so you don't accidentally vote twice
- Chat history — held in memory for the current browser session only; not persisted to localStorage and lost when you close the tab
nri-privacy-voice-notice— remembers that you dismissed the homepage notice about the voice-input update, so it doesn't reappear
All of this is stored exclusively in your own browser, never transmitted to us or to any third party, and can be wiped at any time using the "Clear my saved data" link in the footer or by clearing your browser's site data for nrioutpost.com. Note that this on-device control only clears data held in your browser; it does not delete your newsletter email from Buttondown or any message you've sent us. To request deletion of that information, use the "Delete my data from our records" link in the footer or email privacy@nrioutpost.com (see Section 7).
We honor browser-level Global Privacy Control (GPC) signals. Because we serve ads through Google AdSense, personalized advertising may involve "sharing" or a "sale" of personal information as those terms are defined under California law (CCPA/CPRA) — even though we never receive money for your data or sell it ourselves. When you send a GPC signal, or decline consent where we show a consent prompt, we direct Google to serve non-personalized ads only. The Site sets no tracking cookies of its own and does not change content based on legacy "Do Not Track" (DNT) signals. You can also opt out of personalized ads anytime via Google Ad Settings. To delete your newsletter email, see Section 7.
4. Third-party services we rely on
To keep the Site running, we use a small number of third-party services. Each receives only what's needed for its role. Each has its own privacy policy:
- Cloudflare — hosting, DNS, and (when enabled) Web Analytics. Like any CDN, Cloudflare briefly handles your IP address to route the request and to apply WAF rules. Privacy policy.
- Buttondown — newsletter delivery, if you subscribe. Your email goes to them so they can send you mail. Privacy policy.
- Our Cloudflare Workers — small server-side proxies we run on Cloudflare for the Weather card (proxies WeatherAPI.com), Cricket scores card (proxies CricAPI), the feedback voting endpoint, and voice transcription (see the next item). The Worker sees your IP address (as any web server does) to apply rate-limiting and to forward to the upstream API; it does not persist your IP and does not associate it with any other data.
- Cloudflare Workers AI (Whisper speech-to-text) — used only when you tap the 🎤 voice button on the SmartBazaar grocery planner or the chat. Your browser sends the short audio clip over HTTPS to our Cloudflare Worker, which runs OpenAI's Whisper model on Cloudflare's own infrastructure to convert it to text. The audio is held in memory only for that request and discarded when it finishes: we do not store it, log it, or link it to you, and it is not sent to OpenAI, Google, or any other third party. Only the resulting text is returned to your device — and voice input is entirely optional; you can always type instead. Per Cloudflare, inputs to Workers AI are not retained beyond processing and are not used to train models. Cloudflare privacy policy.
- WeatherAPI.com (indirect, via our Worker) — provides current weather and AQI for Indian cities. They see our Worker's IP, not yours. Privacy policy.
- CricAPI (indirect, via our Worker) — provides cricket fixtures and live scores. They see our Worker's IP, not yours. Privacy policy.
- api.frankfurter.app — public, free currency rates API used by the converter. Called from your browser; they receive your IP and the currency codes you're converting. No personal data is transmitted. About.
- api.postalpincode.in — India Post pincode lookup used by the Pincode card (when enabled). Called from your browser; they receive your IP and the 6-digit pincode you typed. No personal data is transmitted. India Post derives the underlying data; the API is operated by a community maintainer.
- Google Maps Embed — when you open the inline map for a consulate or address, your browser loads an
<iframe>from Google, which receives your IP address and User-Agent. The map is sandboxed but Google may still log the request. If you prefer to avoid this, click the "Open in Google Maps" link instead of opening the inline preview, or skip the map entirely. Google privacy policy. - Resend — transactional email vendor used by our Cloudflare Worker to relay the chat widget's "Email us instead" form to our inbox. When you submit that form, the Worker sends an email through Resend's API containing the fields you typed (name, email address, subject, message). Resend holds the message in its sending log for ~90 days (free-tier retention). Your email address is also set as the Reply-To header so we can respond to you directly. Privacy policy.
- Bunny Fonts (
fonts.bunny.net) — typography served via a GDPR-friendly CDN that does not log IP addresses, does not set cookies, and does not track or profile visitors. About Bunny Fonts. - Google AdSense — we display non-intrusive ads served by Google to help support the site. Google may use cookies and similar technologies to serve ads, and depending on your location and settings these ads may be personalized based on your prior visits to this and other websites. You can review your ad settings or turn off personalized advertising at Google Ad Settings, or visit aboutads.info for broader opt-out options. How Google uses data.
We previously loaded fonts from Google Fonts. We migrated away from Google's CDN in May 2026 to remove the residual GDPR risk of IP-address sharing with a US third party.
4a. International data transfers
NRI Outpost is operated from the United States, and the third-party services above (including Cloudflare, Buttondown, Resend, and Google) process data on servers located in the United States and potentially other countries. If you are located in the European Union, United Kingdom, Canada, or elsewhere outside the US, any personal data you provide (such as your newsletter email or a message you send us) will be transferred to and processed in the United States. We rely on the transfer safeguards offered by these processors — such as the EU Standard Contractual Clauses and their participation in applicable data-transfer frameworks — as described in each provider's own privacy policy linked above. By subscribing or contacting us, you understand that your information will be handled in the US.
5. How we use your email
If you subscribe to the newsletter, we use your email only to send you the newsletter and occasional related updates. We never share it, sell it, or use it for any other purpose. You can unsubscribe at any time using the link at the bottom of any email. Once you unsubscribe, your address is removed from our active list.
6. Data retention
- Newsletter emails: retained until you unsubscribe or until the newsletter ends. After unsubscribe, your address is removed within 7 days.
- Aggregate vote counts: retained indefinitely as anonymous numeric counters — there is no link to you to delete.
- Analytics data: retained as defined by Cloudflare, typically up to 6 months for the free tier.
- Email correspondence: retained for up to 12 months after the resolution of your query to provide ongoing support, after which it is archived or deleted. You can request earlier deletion at any time (see Section 7).
7. Your rights
You have the following rights with respect to any personal data we hold about you:
- Right to access / know — find out what personal data we have about you. Just email us.
- Right to rectification / correction — fix incorrect or out-of-date data we hold (for example, update your subscribed email address). This satisfies CPRA §1798.106 (California) and equivalent rights in other state laws.
- Right to erasure / deletion — ask us to permanently delete your data. We will remove your address from any list within 7 days of a verified request.
- Right to limit use and disclosure of sensitive personal information — under CPRA §1798.121, California residents may direct controllers to use sensitive personal information only for purposes strictly necessary to provide the service. We do not collect sensitive personal information from you on this Site, but if you ever provide any via email correspondence we will only use it to respond to you.
- Right to object or restrict processing — tell us to stop or limit how we use your data.
- Right to unsubscribe at any time using the link at the bottom of every newsletter email — one-click, no questions asked.
- Right to data portability — request an export of your data in a common format.
- Right to lodge a complaint with your local data-protection authority if you believe we have mishandled your data.
If you're in the European Union or United Kingdom, the General Data Protection Regulation (GDPR / UK GDPR) gives you these rights. If you're in California, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) gives you similar rights — including the right to know what data we have, request deletion, opt out of the sale or sharing of personal information, and not be discriminated against for exercising these rights. Because personalized advertising via Google AdSense may count as "sharing"/"sale" under CCPA/CPRA, you can opt out by enabling Global Privacy Control (GPC) (which we honor), declining consent where we show a consent prompt, or adjusting Google Ad Settings — any of which switches you to non-personalized ads.
If you're in Tennessee (where this site is operated), the Tennessee Information Protection Act (TIPA) took effect July 1, 2025. TIPA's controller obligations apply only to businesses processing personal data of 175,000+ Tennessee consumers or 25,000+ consumers where the controller derives over 50% of gross revenue from selling that data — thresholds NRI Outpost is well below. We voluntarily honor TIPA's data-subject rights for our Tennessee visitors regardless.
If you're in other US states with consumer privacy laws (Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, New Hampshire, Indiana, Kentucky, Minnesota, Rhode Island, Maryland, and others as they come into force) — we honor the equivalent rights regardless of any applicability threshold.
To exercise any right, email privacy@nrioutpost.com. We respond within 30 days. We honor these rights regardless of where you live.
8. Children
NRI Outpost is not directed at children under 13. We don't knowingly collect information from anyone under 13. If you believe a child has provided us with personal information, please email us and we'll delete it.
9. Security
We take reasonable steps to protect the small amount of data we collect — including using HTTPS for all traffic, hosting on reputable providers, and not collecting data we don't need. No internet transmission is 100% secure, so we can't promise absolute security, but the surface area we expose is intentionally minimal.
10. Changes to this policy
We may update this policy occasionally. The "Last updated" date at the top reflects the most recent revision. Material changes — meaning anything that meaningfully changes what we collect, how we use it, or who we share it with — will be highlighted on the homepage for at least 30 days and explained in plain English at the top of this page.
If you are an active newsletter subscriber, we will also send you an email notification before any material change to how your data is handled takes effect, giving you the opportunity to unsubscribe or request deletion before the change applies.
11. Contact
For any privacy question or to exercise any of the rights above, email privacy@nrioutpost.com. For everything else, hello@nrioutpost.com reaches us too.
← Back to NRI Outpost