1. Who we are
Nestori is an app operated by [FULL LEGAL NAME OF YOUR COMPANY / SOLE TRADER / YOU AS A NATURAL PERSON] ("Nestori", "we", "us").
- Address: [FULL ADDRESS]
- Company / tax ID: [IF APPLICABLE]
- Privacy contact email: privacy@nestori.io
- Data Protection Officer (DPO): [optional]
Nestori lets you save digital memories (photos, videos, voice notes, letters, milestones) about your child, to deliver to them at adulthood (18) or at earlier milestone ages you choose.
2. Data we collect
2.1. Data you provide directly
- Your account: email, phone number, password (hashed), name (optional).
- Child data: name, date of birth (or expected due date during pregnancy), gender (optional).
- Memories: text, photos, videos, audio recordings, letters, locations (optional), attached songs.
- Pregnancy data: symptoms, felt movements, "letters to the bump", pregnancy week.
- Family: emails of invited people, their roles (grandparent, godparent, etc.).
- Payments: handled by Apple / Google / Stripe. We never store card data.
2.2. Data collected automatically
- Technical data: device type, OS, app version, language.
- Analytics: which screens you visit, buttons you tap, session length. Analytics events do not contain personally identifiable information.
- Errors: anonymous stack traces sent to Sentry to fix bugs.
- Photo EXIF: date, location (if present and you granted permission), phone model. You can disable any time.
2.3. iOS permissions we request
- Camera โ to take photos/videos from within the app.
- Microphone โ for voice messages.
- Photo Library โ to pick existing photos.
- Location โ optional, to attach the place of a memory.
- Face ID / Touch ID โ optional, to lock the app.
- Notifications โ to remind you to save memories, for birthdays, and for weekly prompts.
You can deny any permission at install time or revoke it later from iOS Settings. The app still works with reduced functionality.
3. Why we collect this data (GDPR legal basis)
- Performance of a contract (Art. 6(1)(b) GDPR) โ to deliver the service you subscribed to.
- Consent (Art. 6(1)(a)) โ for notifications, analytics, and optional features.
- Legitimate interest (Art. 6(1)(f)) โ to detect fraud, abuse, and improve the app.
- Legal obligations (Art. 6(1)(c)) โ for billing and tax records.
4. Data about children
Nestori is designed for parents (or legal guardians) to save memories about their children. The account is owned by an adult, and all data about the child is entered and controlled exclusively by that adult.
- You, the parent, are the legal controller of the child data you enter.
- The child does not have access to the app until you deliver the data at age 18 (or the age you chose).
- We do not collect data directly from children under 16. The app is not intended for direct use by minors.
- If we learn that a minor created an account without parental consent, we delete the account immediately. Report such cases to privacy@nestori.io.
We comply with GDPR-K (Art. 8 โ protection of children's data) and, in non-EU markets, equivalent standards (COPPA in the US).
5. Who we share data with
We do not sell personal data. We do not use it for targeted advertising. We only share it with providers required to operate the service:
| Provider | Role | Country / region |
|---|---|---|
| Supabase | database + media storage | Frankfurt, EU |
| AWS (S3, Rekognition) | media storage + automatic face/label detection | Frankfurt, EU (eu-central-1) |
| Apple | auth, payments, push notifications | EU/US |
| Android payments, Android push | EU/US | |
| RevenueCat | subscription management | EU/US |
| Stripe | web payments | EU/US |
| Twilio | SMS verification | EU/US |
| Sentry | technical error monitoring (no personal data) | EU |
| PostHog | anonymous analytics | EU |
| Resend (if used) | transactional email | EU |
All have data processing agreements (DPAs). Transfers to the US rely on Standard Contractual Clauses or the Data Privacy Framework.
6. How long we retain data
- While your account is active: data is kept in full.
- After you delete your account: memories and personal data are deleted within 30 days (a "recovery window"). After 30 days, irreversible deletion.
- Billing data: kept 10 years per Romanian tax law.
- 18-year capsule: if your subscription lapses, we notify you 30 days in advance. If you don't renew, we export your memories as a ZIP and email it to you, then delete data from servers after another 30 days.
7. Your rights
Under GDPR, you have the following rights:
- Access โ receive a copy of all your data.
- Rectification โ correct inaccurate data.
- Erasure โ delete your account and all data.
- Restriction โ ask us to pause processing temporarily.
- Portability โ receive data in a portable format.
- Objection โ object to processing for certain purposes.
- Withdraw consent โ at any time.
To exercise any right, email privacy@nestori.io. We respond within 30 days.
You have the right to lodge a complaint with your local data-protection authority (in Romania: ANSPDCP โ www.dataprotection.ro).
8. Security
- Passwords are hashed with bcrypt.
- All communications use TLS 1.3.
- Media (photos, videos) are encrypted at rest on Supabase Storage.
- API keys and secrets are stored in deployment secrets, not in code.
- Face ID / biometrics optionally available to lock the app on-device.
No system is fully secure. We commit to following best practices and to notifying you within 72 hours of detecting a breach that affects your data (per Art. 33 GDPR).
9. Cookies and trackers
The mobile app does not use cookies.
If you visit nestori.io from a web browser, we use:
- Essential cookies (authentication) โ cannot be disabled.
- Analytics cookies (PostHog) โ opt-out from the cookie banner.
10. Changes to this policy
We may update this policy periodically. We'll notify you via email and in-app at least 30 days before any material change.
For questions: privacy@nestori.io.