What we keep, and what we don’t.

nido holds a small, private record of the gifts and hand-me-downs around your family. We don’t sell your data. We don’t run ads. We don’t track you across the web. You can take everything with you, or delete it, any time.

nido is operated by an individual developer based in Iceland. For anything in this policy, contact einargudnig@gmail.com.

• ·Your email address, so you can sign in by magic link. We don’t store passwords because nido doesn’t use them.
• ·What you put in your nest: the nest’s name, photos you upload, item names and notes, names and notes about the people in your life. This is the content you create.
• ·Minimal technical data: your IP address, briefly, to rate-limit abusive sign-in attempts (kept under one hour). Sentry, our error-tracking service, may capture stack traces and the URL of pages where errors happen.

We don’t collect tracking pixels, advertising identifiers, third-party cookies, or browser fingerprints.

nido uses a small number of carefully chosen sub-processors. Each holds a specific slice of data and nothing more.

• ·Supabase(database + sign-in) — holds your email, your nest’s text content (item names, notes, people names), and authentication metadata. supabase.com/privacy
• ·Cloudflare R2 (photo storage) — holds the photos you upload, in compressed form. Photos are scoped per nest and accessible only via short-lived signed URLs. cloudflare.com/privacypolicy
• ·Sentry (error tracking) — receives technical error reports when something goes wrong, hosted in Germany. No photos or item content are sent. sentry.io/privacy

• ·Active nest content: as long as your nest exists. You can delete a nest at any time — see Your rights below.
• ·Items in trash: up to thirty days after deletion, then permanently removed.
• ·Sign-in throttling records: under one hour.
• ·Error reports in Sentry: up to 90 days, following Sentry’s retention defaults.

Under European data protection law (GDPR), you have the right to:

• ·Access the personal data we hold about you.
• ·Correct it, by editing items, people, and your nest from inside the app.
• ·Delete it. The owner of a nest can delete the whole nest from the Nest page at any time. To also remove your sign-in record, email us.
• ·Take it with you. Email us and we’ll prepare an export of your nest’s content. Self-serve export is on the roadmap.
• ·Complain. If you think we mishandled your data, you can file a complaint with the Icelandic Data Protection Authority.

nido isn’t designed for children. You must be at least 16 to use it. Of course, photos of your child are exactly the kind of thing nido is for — those are part of your account, kept private to your nest.

If we make material changes, we’ll update the date at the top and, when reasonable, send you an email. Day-to-day wording changes that don’t affect what we collect won’t trigger a notice.