Privacy Policy

Last updated: July 17, 2025

1. Introduction

NestSync ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at nestsync.org and related services (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect your email address and an encrypted password. We do not store your password in plain text.

Household Data

You may voluntarily enter household information such as inventory items, meal plans, shopping lists, bills, expenses, calendar events, budgets, and savings goals. This data is stored securely and associated with your user account.

Payment Information

If you subscribe to a Premium plan, payment processing is handled entirely by Stripe, Inc. We do not store your credit card number, CVC, or full billing details on our servers. We receive only a Stripe customer identifier and your subscription status.

Automatically Collected Information

We may collect standard web server logs including your IP address, browser type, referring URL, and pages visited. This information is used for security, troubleshooting, and aggregate analytics only.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To manage your account and subscription
  • To process transactions through our payment processor (Stripe)
  • To send you essential service communications (e.g., password resets, billing alerts)
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. AI-Powered Features

NestSync offers optional AI meal planning. When you use this feature, we send relevant household data (such as dietary preferences and inventory items) to a third-party AI provider (Groq) to generate meal suggestions. This data is processed in real time and is not stored by the AI provider beyond the duration of the request, per their data processing agreements.

5. Data Storage & Security

Your data is stored in a Supabase-managed PostgreSQL database with Row-Level Security (RLS) enabled, meaning each user can only access their own data. All data is transmitted over HTTPS/TLS encryption.

We implement industry-standard security measures including:

  • CSRF protection on all form submissions
  • Rate limiting on authentication endpoints
  • Content Security Policy (CSP) headers
  • Secure, HTTP-only session cookies
  • Input sanitization to prevent injection attacks

6. Third-Party Services

We use the following third-party services:

  • Supabase — Authentication and database hosting
  • Stripe — Payment processing
  • Groq — AI meal plan generation (optional feature)
  • Let's Encrypt — SSL/TLS certificates

Each of these providers has their own privacy policies governing their use of data.

7. Cookies

NestSync uses essential session cookies to keep you logged in and maintain your preferences (such as dark mode). We do not use third-party tracking cookies or advertising pixels.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

9. Your Rights

You have the right to:

  • Access your personal data via your account dashboard
  • Export your data using the CSV export feature
  • Correct any inaccurate data through the dashboard
  • Delete your account by contacting us at support@nestsync.org

10. Children's Privacy

NestSync is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: support@nestsync.org
Website: nestsync.org