Privacy Policy
Last updated: 08/03/2026
Introduction
Nest ("we", "our", "us") is operated by Nest. We are committed to protecting the personal data of our users in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR). This Privacy Policy explains what data we collect, why we collect it, and how you can exercise your rights.
Data Controller
The entity responsible for processing your personal data is:
What Data We Collect
We may collect the following types of personal data:
- Account information (name, email address)
- Billing information (processed by our payment provider — we do not store card details)
- Usage data (features used, session activity)
- Technical data (IP address, browser type, device information)
- Communications (emails and messages you send us)
How We Use Your Data
We use your personal data to:
- Provide and maintain the Nest service
- Process payments and manage your subscription
- Send service-related notifications and support responses
- Improve our product using anonymized usage insights
Legal Basis for Processing
Under the GDPR, we rely on the following legal bases to process your personal data:
- Contract performance — to deliver the service you signed up for
- Legitimate interests — to improve our service and prevent abuse
- Legal obligation — to comply with applicable laws and regulations
- Consent — for optional communications such as marketing emails
Data Storage & Security
Your data is stored on servers located within the European Economic Area (EEA) or in countries that provide an adequate level of protection as determined by the European Commission. We apply appropriate technical and organizational security measures to protect your data against unauthorized access, alteration, loss, or disclosure.
Third-Party Services
We work with third-party service providers that may process personal data on our behalf, including:
- Cloud infrastructure and file storage providers
- Payment processing (we do not store payment card data)
- Anonymized usage analytics
These providers are bound by data processing agreements and may only use your data as directed by us.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the service. After account deletion, data may be retained for up to 30 days before permanent removal, unless a longer retention period is required by law.
Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access — to request a copy of the data we hold about you
- Right to rectification — to correct inaccurate or incomplete data
- Right to erasure — to request deletion of your data
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to restrict processing — to limit how we use your data
- Right to object — to processing based on our legitimate interests
To exercise any of these rights, please contact us at the address below. You also have the right to lodge a complaint with your local supervisory authority.
Cookies & Tracking
We use essential cookies required to operate the service. Optional analytics cookies may be used with your consent. You can manage cookie preferences through your browser settings at any time.
International Data Transfers
If personal data is transferred outside the EEA, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — to protect your data.
Contact Us
For any questions about this Privacy Policy or to exercise your data protection rights, please contact us: