Back to Nestly

Privacy Policy

Last updated: May 21, 2026

1. Introduction

Welcome to Nestly. This Privacy Policy explains how Gal Rattner ("we", "our", or "us") collects, uses, discloses, and safeguards your information when you use our mobile application Nestly, our website at nestly.cc, and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

Account Information: When you create an account, we collect your email address and profile information you choose to provide (display name, username, avatar image, and bio).

Content Data: Items you save to the Service, including URLs, titles, descriptions, notes, tags, and the collections you organize them into.

Photos: Profile avatar images and collection cover images that you upload.

Feedback Data: If you contact us through the in-app feedback form, we collect the content of your message along with your device model and operating system version to help us diagnose issues.

Social Data:Follow relationships, shared collections, and interactions with other users' public content that you initiate.

Web Analytics (website only): On the nestly.cc website, we use Vercel Analytics and Speed Insights, which collect anonymized, aggregated usage data (page views, performance metrics). These tools do not track individual users across websites and do not use cookies for tracking. This data is not linked to your identity.

What we do NOT collect: We do not collect device identifiers, advertising identifiers, IP addresses for tracking purposes, push notification tokens, or browsing history outside of the Service. The iOS app does not include any analytics or tracking SDKs.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide you with the Nestly service as described in our Terms of Service.
  • Legitimate Interests: Processing for our legitimate business interests, such as preventing fraud and ensuring security, where these interests are not overridden by your data protection rights.
  • Consent: Where you have given explicit consent for specific processing activities.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. How We Use Your Information

We use your information to:

  • Provide, maintain, and operate the Service
  • Process and store your saved content and collections
  • Enable social features (following, sharing, discovering public content)
  • Fetch metadata (title, description, thumbnail) from URLs you save, to display rich previews
  • Detect, investigate, and prevent fraud, abuse, spam, or security issues
  • Enforce our Terms of Service and Community Guidelines
  • Comply with legal obligations and respond to lawful requests
  • Respond to your support inquiries and feedback

We do not sell your personal information to third parties.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

Public Content:Collections and items you mark as "public" are visible to other users and may be indexed by search engines.

Shared Content: Content shared with specific users is visible to those recipients according to your sharing settings.

Service Providers: We use the following third-party services that process data on our behalf:

  • Supabase (supabase.com) — Our backend infrastructure provider. All your account data, saved content, and uploaded images are stored and processed by Supabase. Data is hosted in the EU (eu-west-1 region). Supabase handles authentication, database storage, and file storage under their privacy policy.
  • Apple Sign In — If you choose to sign in with Apple, Apple provides us with your name and email address (or a private relay address) as part of their authentication flow, governed by Apple's privacy policy.
  • Google Sign In — If you choose to sign in with Google, Google provides us with your name and email address as part of their authentication flow, governed by Google's privacy policy.
  • Vercel (vercel.com, website only) — Our web hosting provider. Vercel Analytics collects anonymized, aggregated performance data on the nestly.cc website only. This does not apply to the iOS app. See Vercel's privacy policy.
  • URL Metadata Extraction — When you save a URL, our server-side function fetches the web page at that URL to extract its title, description, and thumbnail image for display purposes. Only the URL itself is sent to our server; no other personal data is included in this request.

Legal Requirements: We may disclose information if required by law, in response to a valid subpoena, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

Business Transfers: In the event of a sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country of residence. Our primary infrastructure is hosted in the EU (eu-west-1 region) through Supabase. If you are located in the EEA, UK, or Switzerland, we ensure that transfers of personal data to countries outside these regions are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

7. Data Storage and Security

Your data is stored securely using Supabase infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+). We implement technical and organizational measures to protect your data, including access controls and secure development practices.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law. You are responsible for maintaining the security of your account credentials.

8. Cookies (Website Only)

On the nestly.cc website, we use essential cookies to maintain your authentication session. Vercel Analytics collects anonymized performance data without using tracking cookies. You can manage cookie preferences through your browser settings. The iOS app does not use cookies.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will permanently remove your personal data within 30 days, except where retention is required by law or to resolve disputes. Support communications are retained for up to 3 years after resolution for quality assurance and legal compliance.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, use the in-app settings (for deletion and data export) or contact us at privacy@nestly.cc. We will respond within 30 days.

11. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell personal information.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information Collected: Identifiers (name, email, username) and user-generated content (saved URLs, notes, collections). To submit a CCPA request, email privacy@nestly.cc with the subject line "CCPA Request."

12. Children's Privacy

The Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@nestly.cc.

13. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach (as required by GDPR). Notification will be provided via email and will include the nature of the breach, the likely consequences, and the measures taken or proposed to address it. We will also notify the relevant supervisory authority where required by law.

14. Automated Decision-Making

We use automated systems to detect spam, abuse, and content that violates our Community Guidelines. These systems may automatically flag, restrict, or remove content, or limit account functionality. We also use automated processing to extract metadata from URLs you save (detecting titles, descriptions, and thumbnails). These automated processes do not produce legal effects or similarly significant effects on you. If an automated decision significantly affects your account, you have the right to request human review by contacting support@nestly.cc.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through the app or via email at least 14 days before the changes take effect. The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at:

Gal Rattner
Privacy Inquiries: privacy@nestly.cc
General Support: support@nestly.cc
Website: https://nestly.cc

For EEA/UK residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.