1. Introduction
NestWise ('we', 'us', or 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (collectively, the 'Service'). Please read this policy carefully to understand our practices regarding your personal data.
Scope
This Privacy Policy applies to all information collected through our Service, including our website, web application, MCP server infrastructure, and any related services. It does not apply to information collected offline or through third-party services that you access through our Service.
Consent
By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.
Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the 'Last Updated' date, and providing additional notice via email or in-app notification when feasible. Continued use of the Service after changes constitutes acceptance of the updated policy.
2. Information We Collect
We collect information that you provide directly to us, information collected automatically when you use our Service, and information from third-party sources.
Account and Profile Information
When you create an account (individual or organizational), we collect: (1) name and email address; (2) profile information such as username, bio, and profile picture; (3) authentication credentials (encrypted passwords managed by Supabase); (4) account preferences and settings; (5) organizational information if you are using the Service on behalf of a business; (6) team member information and access permissions; and (7) information you provide when applying to become an expert.
Payment and Billing Information
For subscription payments: (1) payment method information (processed securely by Stripe—we do not store full credit card numbers); (2) billing address; (3) transaction history and receipts; (4) subscription status and billing cycles; and (5) tax information for expert payouts. Stripe handles sensitive payment data directly, and we only receive transaction identifiers and billing metadata.
Expert Content and Contributions
If you are an expert, we collect: (1) Expert Tools (workflows, steps, prompts, templates); (2) documentation and resources; (3) expert profile information (specialty, experience, pricing); (4) images and media uploaded for tools; and (5) any other content you publish through the Service.
Usage and Activity Information
We automatically collect: (1) pages visited and features used; (2) tool execution data (which tools are used, when, how often); (3) workflow and step usage analytics; (4) MCP server access logs; (5) AI agent type information (Cursor, Claude Code, etc.); (6) execution duration and performance metrics; (7) interaction patterns with expert content; (8) team usage patterns and organizational analytics; and (9) business workflow adoption metrics.
Device and Technical Information
We collect: (1) IP address and approximate location (city/region level); (2) browser type and version; (3) device type and operating system; (4) device identifiers; (5) log data and error reports; (6) referral URLs; and (7) connection information and timestamps.
Communication Data
We collect: (1) emails you send to us; (2) support requests and tickets; (3) feedback and survey responses; (4) communication between experts and customers (when facilitated through our platform); and (5) marketing preferences and opt-in/opt-out status.
Cookies and Tracking Technologies
We use cookies and similar technologies to: (1) authenticate users and maintain sessions; (2) remember your preferences and settings; (3) analyze usage patterns and improve the Service; and (4) provide security features. Most cookies are essential for the Service to function. You can control cookies through your browser settings, though disabling certain cookies may limit functionality.
3. How We Use Your Information
We use the information we collect for various purposes to provide, maintain, and improve our Service, as described below.
Provide, operate, and maintain the NestWise platform and Expert Marketplace
Authenticate users, manage accounts (including organizational accounts), and ensure security
Process payments, subscriptions, and expert payouts
Deliver Expert Tools via MCP server infrastructure to the AI agents on your team
Track and analyze tool usage, workflows, and step executions for analytics and business insights
Personalize your experience and recommend relevant experts or tools for your business needs
Facilitate team collaboration and organizational access management
Communicate with you about the Service, including updates, security alerts, and billing
Respond to your inquiries, support requests, and feedback
Detect, prevent, and address fraud, abuse, or security issues
Comply with legal obligations and enforce our Terms of Service
Conduct research and analytics to improve our Service and provide enterprise-grade features
Send marketing communications (with your consent, which you can withdraw at any time)
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal bases:
Performance of Contract
We process your data to fulfill our contractual obligations to provide the Service, process payments, and deliver Expert Tools.
Legitimate Interests
We process data for our legitimate business interests, such as improving the Service, ensuring security, preventing fraud, and conducting analytics. We balance these interests against your privacy rights.
Consent
We process certain data based on your consent, such as marketing communications. You can withdraw consent at any time.
Legal Obligations
We process data to comply with legal obligations, such as tax reporting, fraud prevention, and responding to legal requests.
5. How We Share Your Information
We share your information only in the circumstances described below. We do not sell your personal information to third parties.
Service Providers
We share information with trusted service providers who assist us in operating the Service: (1) Supabase (hosting, database, authentication, file storage); (2) Stripe (payment processing); (3) FastMCP (MCP server hosting); (4) email service providers; and (5) analytics and monitoring tools. These providers are contractually bound to protect your data and use it only for specified purposes.
AI Infrastructure Partners
When you use Expert Tools that leverage AI models, we may transmit relevant prompts, files, and metadata to AI model providers (such as OpenAI, Anthropic) to fulfill your requests. We only share the minimum content necessary and work with providers that have appropriate data protection measures. We apply safeguards to limit data retention where providers support it.
Expert-Customer Interactions
When you or your organization engage with an expert, we share information necessary to facilitate the interaction: (1) your name and contact information; (2) organizational information if applicable; (3) project details or files you intentionally upload; (4) usage data relevant to the expert's tools; (5) team usage patterns and business context; and (6) feedback or communications. Experts are independent contractors and are responsible for their own data practices.
Business Transfers
If NestWise is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
Legal Requirements
We may disclose information if required by law, regulation, legal process, court order, or government request. We may also disclose information to: (1) enforce our Terms of Service; (2) protect our rights, property, or safety; (3) protect the rights, property, or safety of our users or others; (4) investigate fraud or security issues; or (5) comply with legal obligations.
With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
6. Data Retention
We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account Data
We retain your account information (including organizational account data) for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required for legal, accounting, or security purposes. For organizational accounts, data may be retained longer to comply with business record-keeping requirements.
Usage and Analytics Data
We retain usage tracking and analytics data (including organizational usage patterns) for up to 2 years to improve the Service and provide insights to experts and business customers. Aggregated, anonymized data may be retained indefinitely for statistical purposes and business intelligence.
Payment Records
We retain payment and billing records as required by law (typically 7 years for tax and accounting purposes) and as necessary for fraud prevention and dispute resolution.
Expert Content
Expert Tools and content remain accessible to existing subscribers even after an expert closes their account, until subscriptions expire. We may retain expert content for longer periods if required by law or for historical record-keeping.
Legal Requirements
We may retain certain information longer if required by law, regulation, or legal process, or if necessary to resolve disputes, enforce agreements, or protect our rights.
7. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal data. We are committed to honoring these rights.
Access and Portability
You have the right to access your personal data (and organizational data if you are an authorized representative) and receive a copy in a structured, machine-readable format. You can view much of your data through your account dashboard, or request a complete copy by contacting privacy@nestwise.com. For organizational accounts, authorized administrators may request data exports on behalf of their organization.
Correction and Update
You can update most of your personal information directly through your account settings. For information you cannot update yourself, contact us to request corrections.
Deletion
You may request deletion of your personal data by deleting your account or contacting us. We will delete your data within 30 days, subject to legal retention requirements. Note that some information may remain in backup systems for a limited time.
Restriction and Objection
You may request that we restrict processing of your data or object to certain processing activities. We will honor valid requests, subject to legal and operational requirements.
Opt-Out of Marketing
You can opt out of marketing communications at any time by: (1) clicking the unsubscribe link in marketing emails; (2) adjusting your notification preferences in account settings; or (3) contacting us at privacy@nestwise.com.
Cookie Preferences
You can control cookies through your browser settings. Note that disabling essential cookies may limit Service functionality. We do not currently use third-party advertising cookies or tracking pixels.
California Privacy Rights (CCPA)
If you are a California resident, you have the right to: (1) know what personal information we collect, use, and disclose; (2) request deletion of your personal information; (3) opt out of the sale of personal information (we do not sell personal information); and (4) non-discrimination for exercising your privacy rights.
European Privacy Rights (GDPR)
If you are located in the EEA or UK, you have the rights described above, plus the right to: (1) withdraw consent at any time; (2) lodge a complaint with your local data protection authority; and (3) data portability. We will respond to GDPR requests within one month.
Exercising Your Rights
To exercise any of these rights, contact us at privacy@nestwise.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.
8. Security
We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction.
Technical Safeguards
We use: (1) encryption in transit (TLS/SSL) for all data transmission; (2) encryption at rest for sensitive data stored in our databases; (3) secure authentication systems managed by Supabase; (4) role-based access controls; (5) regular security audits and vulnerability assessments; and (6) secure coding practices and infrastructure hardening.
Organizational Safeguards
We: (1) limit access to personal data to employees and contractors who need it; (2) require confidentiality agreements; (3) provide security training; (4) monitor access logs and audit trails; (5) maintain incident response procedures; (6) implement enterprise-grade access controls for organizational accounts; and (7) provide audit logs and compliance reporting for business customers.
Data Breach Notification
In the event of a data breach that may affect your personal information, we will notify affected users and relevant authorities as required by law, typically within 72 hours of becoming aware of the breach.
Your Role in Security
You play an important role in protecting your information: (1) use a strong, unique password; (2) enable two-factor authentication if available; (3) keep your account credentials confidential; (4) log out on shared devices; and (5) notify us immediately if you suspect unauthorized access.
9. International Data Transfers
NestWise is operated from the United States, and your information may be transferred to and processed in the United States or other countries.
Data Location
Your data is primarily stored and processed in the United States. Some service providers may process data in other jurisdictions. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as necessary.
Safeguards for International Transfers
When we transfer personal data from the EEA or UK to the United States or other countries, we rely on: (1) Standard Contractual Clauses (SCCs) approved by the European Commission; (2) adequacy decisions where applicable; (3) contractual commitments requiring data protection; and (4) industry-standard security measures.
Your Rights Regarding Transfers
If you are located in the EEA or UK and have concerns about international data transfers, you can contact us at privacy@nestwise.com to discuss your options, including data residency preferences where technically feasible.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve the Service. This section explains our cookie practices.
Types of Cookies We Use
(1) Essential Cookies: Required for the Service to function (authentication, session management); (2) Functional Cookies: Remember your preferences and settings; (3) Analytics Cookies: Help us understand how users interact with the Service; and (4) Security Cookies: Help detect and prevent fraud and security threats.
Third-Party Cookies
We do not currently use third-party advertising cookies or tracking pixels. Our service providers (Supabase, Stripe) may set their own cookies, subject to their privacy policies.
Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to: (1) view and delete cookies; (2) block all cookies; (3) block third-party cookies; or (4) receive notifications when cookies are set. Disabling essential cookies may prevent the Service from functioning properly.
11. Children's Privacy
Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18.
Age Restrictions
By using the Service, you represent that you are at least 18 years old. If you are a parent or guardian and believe your child under 18 has provided personal information to us, please contact us at privacy@nestwise.com immediately.
COPPA Compliance
Our Service is not directed to children under 13, and we do not knowingly collect information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly.
12. Third-Party Links and Services
Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to such third parties.
Third-Party Services
The Service integrates with third-party services including Stripe (payments), Supabase (hosting), and various AI model providers (OpenAI, Anthropic, etc.) that power the AI agents on your team. Your use of these services may be subject to their own privacy policies. We encourage you to review the privacy policies of third-party services you use, especially when integrating with enterprise AI agent infrastructure.
Links to Other Websites
Our Service may contain links to external websites. We are not responsible for the privacy practices or content of such websites. We encourage you to read the privacy policies of any external sites you visit.
13. Do Not Track Signals
Some browsers include 'Do Not Track' (DNT) features that send signals to websites requesting not to track the user. We do not currently respond to DNT signals because there is no industry standard for interpreting them.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email
Privacy inquiries: privacy@nestwise.com | Legal inquiries: legal@nestwise.com
Mailing Address
[TO BE FILLED IN - Company Address]
Data Protection Officer
For GDPR-related inquiries, you can contact our data protection officer at privacy@nestwise.com.
Response Time
We aim to respond to privacy inquiries within 30 days. For urgent matters or data subject requests, we will respond as required by applicable law (e.g., within one month for GDPR requests).
