Privacy Policy

NestSafe is designed so that we cannot see your data. All documents, passwords, and notes are encrypted on your device with AES-256 before they touch storage. We never see plaintext.

• Waitlist email: if you sign up for our launch waitlist, we store the email you enter. Nothing else.
• Crash reports (opt-out): when the app crashes, a stack trace is sent to Firebase Crashlytics to help us fix bugs. Never includes your vault contents.
• Anonymous usage analytics (opt-out): we measure which screens are used and funnel drop-offs. Never includes vault contents or personal identifiers.

• Your documents, passwords, or notes
• Your biometric data (that lives in your device keystore)
• Your PIN (stored as a salted hash, never plaintext)
• Your contacts, location, or photo library outside of images you explicitly pick
• Any third-party advertising or tracking SDKs

By default, entirely on your device. Free-tier users never have data leave the device. Family-tier users who enable cloud backup sync an already encrypted blob to Firebase Firestore in the asia-south1 (Mumbai) region. We cannot decrypt it.

• Access / portability: export your entire vault from Settings → Backup & Export.
• Deletion: uninstalling the app deletes all data. Cloud backups (if enabled) can be deleted from Settings.
• Contact: privacy@nestsafe.app

For users in India, we comply with the Digital Personal Data Protection Act, 2023. NestSafe acts as a Data Fiduciary only for the waitlist email address — everything else is processed on your device where we have no access.

For users in the EU and UK, we are compliant with GDPR Articles 13–22. You have the right to access, rectify, erase, and port your data. Contact privacy@nestsafe.app to exercise these rights.

We may update this policy. The top of this page will show the new "Last updated" date. Material changes will be surfaced in the app with a re-consent prompt.