Nestee Ltd ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our property intelligence service at nestee.io (the "Service").

We are a limited company registered in England and Wales under company number 16322059, with our registered office at 132 Burnt Ash Road, London, England, SE12 8PU.

For any questions about this Privacy Policy or how we handle your personal data, please contact us at support@nestee.io.

We collect and process the following categories of personal data:

Account Information: When you create an account, we collect your email address and a securely hashed version of your password.

Property Information: To generate your property report, we collect the property address, postcode, UPRN (Unique Property Reference Number), and any property details you provide.

Payment Information: We process payments through Stripe. We do not store your payment card details on our servers. We store transaction details including Stripe payment intent ID, checkout session ID, currency, purchase date, and transaction amounts (total, subtotal, and any discounts applied) for record-keeping and legal compliance purposes.

We process your personal data on the following legal bases under UK GDPR:

Performance of Contract (Article 6(1)(b)):
• To create and manage your account
• To process your payment and generate your property report
• To deliver the Service you have purchased
• To communicate with you about your account and reports

Legitimate Interests (Article 6(1)(f)):
• To maintain the security and integrity of our Service
• To prevent fraud and unauthorized access
• To improve and optimize our Service
• To comply with legal obligations and respond to legal requests

Consent (Article 6(1)(a)):
• For any analytics or monitoring tools we may implement in the future, we will obtain your explicit consent before processing your data for these purposes

Provision of Personal Data:
The provision of your email address, password, and property details is necessary to enter into and perform our contract with you (to create your account and generate your property report). If you do not provide this information, we will be unable to provide the Service to you. All other data collection is either necessary for the performance of the contract or based on our legitimate interests as described above.

We share your personal data only in the following limited circumstances:

Payment Processing: We use Stripe to process payments. When you make a purchase, Stripe receives your payment card details directly (we never see or store these). Stripe processes your payment information in accordance with their privacy policy, available at https://stripe.com/privacy.

Data Sources: We collect publicly available property data from UK government sources and third-party data providers to generate your report. We share the property address and UPRN with these sources to retrieve relevant data.

Legal Obligations: We may disclose your personal data if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of others.

Your personal data is primarily stored and processed in the United Kingdom. Where we use third-party service providers that may transfer data outside the UK (such as Stripe), we ensure appropriate safeguards are in place as required by UK GDPR, including Standard Contractual Clauses or adequacy decisions.

We retain your personal data for as long as you maintain an active account with us. This allows you to access your purchased reports and account information at any time.

Account Deletion: If you delete your account, we immediately and permanently delete the following personal data:
• Your account information (email address and password)
• All generated property reports
• Your session data
• Any other personal information associated with your account

Financial Records Retention: We are legally required to retain anonymized transaction records for tax and financial compliance purposes. When you delete your account, we retain the following transaction data in anonymized form (with all direct identifiers removed) for 7 years:
• Transaction amounts (total, subtotal, discounts)
• Purchase date and currency
• Stripe payment intent ID and checkout session ID
• Property details from your purchase

These anonymized records cannot be linked back to you and are retained solely for legal and regulatory compliance under UK tax law.

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Secure password hashing using industry-standard algorithms
• Encrypted connections (HTTPS/TLS) for all data transmission
• Secure session management and authentication
• Regular security assessments and updates
• Restricted access to personal data on a need-to-know basis

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to following industry best practices.

You have the following rights regarding your personal data:

Right of Access: You can request a copy of the personal data we hold about you.

Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure: You can delete your account and request deletion of your personal data through your account settings, or by contacting us at support@nestee.io.

Right to Restriction: You can ask us to restrict processing of your personal data in certain circumstances.

Right to Object: You can object to processing based on legitimate interests. If you object, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format.

Right to Withdraw Consent: Where we process your data based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at https://ico.org.uk/make-a-complaint/ or by calling 0303 123 1113.

To exercise any of these rights, please contact us at support@nestee.io. We will respond to your request within one month.

We use cookies and similar technologies on our Service. Cookies are small text files stored on your device that help us provide and improve our Service.

Strictly Necessary Cookies: We use session cookies that are essential for the operation of our Service, including authentication and security. These cookies are necessary to provide the Service and do not require your consent under UK law.

Analytics Cookies: With your consent, we use analytics cookies to understand how visitors use our Service and to improve site performance and user experience. These cookies collect information about how you interact with our Service. Analytics data is processed by a third-party provider in accordance with GDPR requirements and stored in the EU region.

Your Cookie Choices: When you first visit our Service, we will ask for your consent to use analytics cookies. You can accept or reject these cookies—rejecting them will not affect your ability to use our Service. We store your preference so we don't ask again on future visits. You can withdraw consent or change your preferences at any time by clicking here to reset your cookie preferences.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will update the "Last Updated" date at the top of this policy and notify you through the Service or by email.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@nestee.io
Address: Nestee Ltd, 132 Burnt Ash Road, London, England, SE12 8PU

We are committed to working with you to obtain a fair resolution of any privacy concerns.