Privacy Policy

Last updated: April 9, 2026

1. Data controller

The data controller within the meaning of the GDPR (EU Regulation 2016/679) is:

[FIRST LAST NAME] — self-employed individual, Reg. no.: [REG. NO.]

E-mail: support@nesthuddle.cz

Address: [ADDRESS — to be added before launch]

2. What personal data we process

As part of operating the NestHuddle application, we process the following categories of personal data:

  • Identification data: Name and email address.
  • Authentication data: Hashed password (we never process it in readable form) or an authentication token from Google OAuth.
  • User content: Properties, comments, attachments, notes, and other data you enter into the application.
  • Technical data: IP address, browser type, device information, and access logs.
  • Payment data: Payment details are not stored on our servers. Payments are processed by LemonSqueezy as Merchant of Record.

3. Purpose and legal basis of processing

Providing the service (Art. 6(1)(b) GDPR — contract performance)

Managing the account, workspaces, and properties in the application.

Payment processing (Art. 6(1)(b) GDPR)

Passing the necessary data to the payment service provider LemonSqueezy to bill the subscription.

Security and fraud prevention (Art. 6(1)(f) GDPR — legitimate interest)

We keep access logs and technical data for the period necessary to detect and prevent abuse.

4. Recipients of personal data

We share your personal data only with the following trusted third parties, and only to the extent necessary to operate the service:

  • Supabase Inc.: Database and authentication infrastructure provider. Servers in the EU region (Frankfurt). DPA available at supabase.com.
  • LemonSqueezy (Lemon Squeezy LLC): Payment processor and Merchant of Record. Handles VAT collection and remittance in accordance with the laws of your country.
  • Vercel Inc.: Hosting provider. The application is deployed in the EU region.

We do not sell personal data or provide it to third parties for marketing purposes.

5. Data retention period

We retain personal data for the duration of your account and for 30 days after it is closed, in case of restoration. After this period, the data is anonymized or deleted. Access logs are retained for a maximum of 90 days.

6. Your rights (GDPR)

As a data subject, you have the following rights:

  • Right of access: Request a copy of the personal data we process about you.
  • Right to rectification: Incorrect data can be corrected at any time in account settings.
  • Right to erasure: After deleting the account, we will remove all your data within 30 days.
  • Right to portability: Upon request, we will provide your data in a machine-readable format (JSON/CSV).
  • Right to object: You may object to processing based on legitimate interest.
  • Right to lodge a complaint: A complaint can be filed with the competent supervisory authority for personal data protection in your country.

To exercise your rights, contact us at support@nesthuddle.cz. We will respond to your request within 30 days.

7. Cookies

NestHuddle uses only technically necessary cookies for login and session management (Supabase session cookie). We do not use analytics or third-party marketing cookies. Therefore, no cookie banner is needed.

8. Security

All communication is encrypted using TLS. Passwords are stored only in hashed form. Database access is restricted via Row Level Security (Supabase RLS) — each user only accesses their own data. Optional two-factor authentication (TOTP) is available in account settings.

9. Changes to this policy

We will inform you of material changes by email or in-app notification. The last update date is always shown in the document header.

10. Contact

Email: support@nesthuddle.cz

Web: nesthuddle.app