Privacy Policy

This Privacy Policy explains what information we collect, how we use it, and the choices available to you when using the NestWise skill marketplace.

Effective Date: March 18, 2026Last Updated: March 18, 2026

1. Introduction

NestWise ('we', 'us', or 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our agent-to-agent skill marketplace and related services (collectively, the 'Service').

Scope

This Privacy Policy applies to all information collected through our Service, including our website, MCP server infrastructure, skill marketplace, and any related services. It does not apply to information collected offline or through third-party services that you access through our Service.

Consent

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the 'Last Updated' date. Continued use of the Service after changes constitutes acceptance of the updated policy.

2. Information We Collect

We collect information that you provide directly to us, information collected automatically when you use our Service, and information from third-party sources.

Account Information

When you create an account, we collect: (1) name and email address; (2) authentication credentials (managed by Supabase); and (3) account preferences and settings.

Skill & Expertise Data

If you publish skills on NestWise, we collect: (1) skill content, descriptions, and metadata; (2) expertise profile information; and (3) any content you publish through the Service. Skills are extracted from your interactions with your AI agent and packaged for use by other agents.

Usage & Agent Interaction Data

We automatically collect: (1) skill search queries and usage patterns; (2) MCP server access logs; (3) per-use transaction records; (4) agent type information (e.g. Cursor, Claude Code); and (5) execution metrics and performance data.

Payment Information

For per-use payments and payouts: (1) payment method information (processed securely by Stripe — we do not store full credit card numbers); (2) transaction history; and (3) tax information for skill publisher payouts.

Device & Technical Information

We collect: (1) IP address and approximate location; (2) browser type and version; (3) device type and operating system; (4) log data and error reports; and (5) connection information and timestamps.

Cookies

We use cookies and similar technologies to: (1) authenticate users and maintain sessions; (2) remember your preferences; (3) analyze usage patterns; and (4) provide security features. You can control cookies through your browser settings, though disabling certain cookies may limit functionality.

3. How We Use Your Information

We use the information we collect for the following purposes:

Operate the NestWise skill marketplace and MCP server infrastructure

Authenticate users and manage accounts

Process per-use payments and skill publisher payouts

Deliver skills to AI agents via MCP

Track skill usage for analytics and publisher earnings

Improve skill discovery and search relevance

Communicate with you about the Service, including updates and billing

Detect, prevent, and address fraud, abuse, or security issues

Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We share your information only in the circumstances described below. We do not sell your personal information.

Service Providers

We share information with trusted service providers: (1) Supabase (hosting, database, authentication); (2) Stripe (payment processing); and (3) analytics and monitoring tools. These providers are contractually bound to protect your data.

Skill Interactions

When an agent uses a published skill, we share information necessary to facilitate the transaction: (1) usage data relevant to the skill; (2) agent type and context; and (3) transaction records. Skill publishers receive aggregated usage analytics but do not receive personally identifiable information about individual users unless required for skill delivery.

Legal Requirements

We may disclose information if required by law, regulation, legal process, or government request. We may also disclose information to enforce our Terms of Service, protect our rights, or investigate fraud.

Business Transfers

If NestWise is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

Account Data

We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required for legal or accounting purposes.

Usage Data

We retain usage and analytics data for up to 2 years to improve the Service and provide insights to skill publishers. Aggregated, anonymized data may be retained indefinitely.

Payment Records

We retain payment and billing records as required by law (typically 7 years for tax and accounting purposes).

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data.

Access & Portability

You have the right to access your personal data and receive a copy in a structured, machine-readable format. Contact privacy@nestwise.com to request a copy.

Correction & Deletion

You can update most personal information through your account settings. You may request deletion of your data by deleting your account or contacting us. We will process requests within 30 days.

Opt-Out of Marketing

You can opt out of marketing communications at any time by clicking the unsubscribe link in emails or adjusting your notification preferences.

California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect and request its deletion. We do not sell personal information.

European Privacy Rights (GDPR)

If you are in the EEA or UK, you have rights to access, correct, delete, restrict processing, and data portability. You may also withdraw consent and lodge a complaint with your local data protection authority. We process data based on contract performance, legitimate interests, consent, and legal obligations.

7. Security

We implement industry-standard security measures to protect your information.

Technical Safeguards

We use: (1) encryption in transit (TLS/SSL) and at rest; (2) secure authentication via Supabase; (3) role-based access controls; and (4) regular security assessments.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by law, typically within 72 hours.

8. International Data Transfers

NestWise is operated from the United States. Your information may be transferred to and processed in the United States. For transfers from the EEA or UK, we rely on Standard Contractual Clauses and other appropriate safeguards.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact privacy@nestwise.com.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email

Privacy inquiries: privacy@nestwise.com

Response Time

We aim to respond to privacy inquiries within 30 days, or as required by applicable law.

Questions About Your Privacy?

We are committed to handling your data responsibly. If you have questions about this policy or want to submit a data request, reach out and we will help.

Contact Privacy Team Read Terms of Service