Privacy Policy

Last updated: March 8, 2026

1. Who We Are

Nest ("we", "our", "us") is the controller for personal data processed through the Nest web application, except where another party is clearly identified.

2. Scope

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use Nest.

3. Data We Collect

We may collect account data (name, email, profile metadata), workspace and finance records you submit, integration metadata (for example Gmail tokens and parsed card alerts when enabled), technical logs, and support communications.

4. Sources of Data

We collect data directly from you, from authentication providers, from integrations you enable, and automatically from devices/services used to access Nest.

5. Purposes of Processing

We process data to provide core product features, secure accounts, prevent fraud/abuse, provide support, maintain reliability, and comply with legal obligations.

6. Legal Bases (EEA/UK)

Where applicable, processing is based on contract necessity, legitimate interests, consent (for optional integrations), and legal obligations.

7. Sharing and Disclosure

We do not sell personal data. Data may be shared with processors/sub-processors acting on our instructions (hosting, authentication, email/integration infrastructure, analytics, support) and with authorities where legally required.

8. International Transfers

Personal data may be processed in countries outside your jurisdiction. We implement transfer safeguards required by applicable law (for example contractual safeguards for EEA/UK transfers).

9. Retention

We retain personal data only as long as needed for service delivery, legal compliance, dispute resolution, and security. Retention periods vary by data category and legal requirement.

10. Security

We apply technical and organizational safeguards, including encryption controls for sensitive card fields, access controls, and audit logging. No system can be guaranteed fully secure.

11. Cookies and Similar Technologies

We use essential cookies/session technologies for authentication and product security. Where required, optional cookies or trackers are used only with consent.

12. Automated Decision-Making

Nest does not make solely automated decisions that produce legal or similarly significant effects without meaningful human oversight.

13. Your Rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing, and to withdraw consent where processing is consent-based.

14. Children

Nest is not directed to children under the minimum age required by applicable law.

15. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by the revised date above.

16. Contact

Privacy requests: privacy@nest.app

EU/EEA Privacy Questions and GDPR Requests

If you are in the EU/EEA, you may ask privacy questions or submit GDPR rights requests (access, erasure, rectification, portability, objection, restriction) by emailing privacy@nest.app with your account email and request details. You may also lodge a complaint with your local supervisory authority.