Privacy Policy
Last updated: October 1, 2025Privacy Policy
1. Introduction
Robert Michalak, conducting business as nestd.ai ("we", "us", or "our"), located in Izabelin C, Poland, operates the nestd.aiplatform at nestd.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
We are committed to protecting your privacy and complying with
applicable data protection laws, including the General Data Protection
Regulation (GDPR) and other relevant regulations.
By using the Service, you consent to the collection and use of your
information as described in this Privacy Policy.
2. Data Controller
For the purposes of GDPR and other data protection laws, the data controller is:
3. Information We Collect
3.1 Information You Provide Directly
Account information:
- Name
- Payment information (processed by Stripe; we do not store full payment card details)
- Property images you upload
- Property location and address details
- Property descriptions and details provided in forms
- Any other information you choose to provide
3.2 Automatically Collected Information
Usage Data:
- IP address
- Browser type and version
- Device information
- Pages visited and time spent on the Service
- Referral source
- Service interactions and feature usage
- Essential cookies for Service functionality
- Analytics cookies (Google Analytics) to understand usage patterns
- Performance cookies to improve Service quality
You can control cookie preferences through your browser settings,
though disabling certain cookies may limit Service functionality.
3.3 Information from Third Parties
Authentication Data: If you use third-party authentication (via Clerk), we receive basic profile information as permitted by that service.Payment Data: Stripe processes your payment information. We receive transaction confirmations but not full payment card details.
4. How We Use Your Information
We use your information for the following purposes:
4.1 Service Provision
- Creating and managing your account
- Processing property images and generating descriptions
- Delivering Generated Content to you
- Processing payments and maintaining billing records
- Providing customer support
4.2 Service Improvement
- Analyzing usage patterns to improve features
- Training and refining AI models
- Developing new functionalities
- Testing and troubleshooting
4.3 Communication
- Sending service-related notifications
- Responding to your inquiries
- Providing updates about the Service
- Marketing communications (with your consent, which you may withdraw)
4.4 Legal and Security
- Complying with legal obligations
- Enforcing our Terms of Service
- Protecting against fraud and abuse
- Ensuring Service security
4.5 Marketing and Analytics
- Displaying your Generated Content as examples (with appropriate licensing rights)
- Understanding user demographics and preferences
- Improving marketing effectiveness
5. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide the Service you requested
- Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
- Consent: Marketing communications, non-essential cookies, and using content for promotional purposes
- Legal Obligation: Complying with tax, accounting, and legal requirements
6. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
6.1 Service Providers
We share data with third-party service providers who help us operate the Service:
AI Processing:- OpenAI (and potentially other AI providers): We send property images and text to generate descriptions. OpenAI may process this data in the United States. We rely on Standard Contractual Clauses and OpenAI's GDPR-compliant data processing terms.
- Clerk: Handles user authentication and account management.
- Stripe: Processes payments securely. Stripe's privacy policy governs their data handling.
- Google Analytics: Tracks usage patterns to help us improve the Service.
- Amazon Web Services (AWS): Hosts our Service and stores data primarily in the EU (Frankfurt region), though data may be transferred to other regions for processing.
6.2 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or if necessary to:
- Enforce our Terms of Service
- Protect our rights, property, or safety
- Prevent fraud or abuse
- Protect the rights or safety of others
6.3 Business Transfers
If nestd.ai is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
6.4 With Your Consent
We may share information for other purposes with your explicit consent.
7. International Data Transfers
Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our AI service providers operate.
We ensure such transfers comply with GDPR requirements through:
- Standard Contractual Clauses approved by the European Commission
- Service providers' GDPR compliance frameworks
- Other legally approved transfer mechanisms
By using the Service, you consent to these international data transfers.
If you object to international data transfers, please contact us at legal@nestd.ai. Note that opting out of international transfers may limit Service functionality, as some of our AI processing capabilities require third-party services located outside the EEA.8. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:
- Account Data: Retained while your account is active and for up to 12 months after deletion (for backup and legal purposes)
- Property Images and Generated Content: Retained indefinitely unless you request deletion
- Usage and Analytics Data: Retained for up to 24 months
- Payment Records: Retained for 7 years to comply with tax and accounting regulations
You may request deletion of your data at any time, subject to legal retention requirements.
9. Your Rights (GDPR)
If you are located in the EEA, UK, or other regions with similar data protection laws, you have the following rights:
9.1 Access
Request a copy of the personal data we hold about you.
9.2 Rectification
Request correction of inaccurate or incomplete data.
9.3 Erasure (Right to be Forgotten)
Request deletion of your personal data, subject to legal retention requirements.
9.4 Restriction of Processing
Request that we limit how we use your data in certain circumstances.
9.5 Data Portability
Request a copy of your data in a structured, machine-readable format.
9.6 Object to Processing
Object to processing based on legitimate interests or for direct marketing purposes.
9.7 Withdraw Consent
Withdraw consent for processing based on consent (does not affect lawfulness of prior processing).
9.8 Lodge a Complaint
File a complaint with your local data protection authority if you believe we have violated your rights.
To exercise these rights, contact us at legal@nestd.ai. We will respond within 30 days.10. Security
We implement reasonable technical and organizational measures to protect your information, including:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest
- Access controls and authentication
- Regular security assessments
- Secure cloud infrastructure (AWS)
However, no method of transmission or storage is completely secure. We cannot guarantee absolute security.
11. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
12. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
13. Cookies and Tracking Technologies
13.1 Types of Cookies We Use
Essential Cookies: Required for Service functionality (authentication, security).Analytics Cookies: Google Analytics tracks usage to help us improve the Service.Performance Cookies: Monitor Service performance and identify issues.
13.2 Managing Cookies
You can control cookies through your browser settings. Disabling cookies may affect Service functionality. To opt out of Google Analytics, visit: https://tools.google.com/dlpage/gaoptout
13.3 Do Not Track
We do not currently respond to "Do Not Track" browser signals, as there is no uniform standard for such signals.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email notification
- Displaying a notice in the Service
Your continued use of the Service after changes constitutes acceptance. The "Last Updated" date at the top indicates the most recent revision.
15. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information
- Right to opt out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising your rights
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For data protection inquiries specifically, you may also contact us at the email address above with "Data Protection Request" in the subject line.
By using nestd.ai, you acknowledge that you have read and understood this Privacy Policy.