11. Data controller
The data controller within the meaning of the GDPR (EU Regulation 2016/679) is:
E-mail: support@nesthuddle.cz
Address: [ADDRESS — to be added before launch]
22. What personal data we process
As part of operating the NestHuddle application, we process the following categories of personal data:
- Identification data: Name and email address.
- Authentication data: Hashed password (we never process it in readable form) or an authentication token from Google OAuth.
- User content: Properties, comments, attachments, notes, and other data you enter into the application.
- Technical data: IP address, browser type, device information, and access logs.
- Payment data: Payment details are not stored on our servers. Payments are processed by LemonSqueezy as Merchant of Record.
33. Purpose and legal basis of processing
- Providing the service (Art. 6(1)(b) GDPR — contract performance): Managing the account, workspaces, and properties in the application.
- Payment processing (Art. 6(1)(b) GDPR): Passing the necessary data to the payment service provider LemonSqueezy to bill the subscription.
- Security and fraud prevention (Art. 6(1)(f) GDPR — legitimate interest): We keep access logs and technical data for the period necessary to detect and prevent abuse.
55. Data retention period
We retain personal data for the duration of your account and for 30 days after it is closed, in case of restoration. After this period, the data is anonymized or deleted. Access logs are retained for a maximum of 90 days.
66. Your rights (GDPR)
As a data subject, you have the following rights:
- Right of access: Request a copy of the personal data we process about you.
- Right to rectification: Incorrect data can be corrected at any time in account settings.
- Right to erasure: After deleting the account, we will remove all your data within 30 days.
- Right to portability: Upon request, we will provide your data in a machine-readable format (JSON/CSV).
- Right to object: You may object to processing based on legitimate interest.
- Right to lodge a complaint: A complaint can be filed with the competent supervisory authority for personal data protection in your country.
To exercise your rights, contact us at support@nesthuddle.cz. We will respond to your request within 30 days.
88. Security
All communication is encrypted using TLS. Passwords are stored only in hashed form. Database access is restricted via Row Level Security (Supabase RLS) — each user only accesses their own data. Optional two-factor authentication (TOTP) is available in account settings.
99. Changes to this policy
We will inform you of material changes by email or in-app notification. The last update date is always shown in the document header.