Nestworthy ("we," "us," or "our") operates the nestworthy.ai website and the Nestworthy platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
Information We Collect
Account Information
When you create an account, we collect your name, email address, and profile information provided through our authentication provider. You may also provide additional information such as a profile photo.
Financial Data
To provide portfolio management and tax optimization services, we collect property details, transaction records, loan information, REP hour logs, and related financial data that you enter into the platform.
Usage Data
We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, IP address, and device information.
Payment Data
When you subscribe to a paid plan, payment information is collected and processed directly by Stripe. We do not store your full credit card number on our servers.
Bank Data via Plaid
When you connect your bank account through Plaid, we access transaction history (merchant name, amount, date, category), account balances, and account metadata. We do not access or store your bank login credentials, full account numbers, or routing numbers.
Transaction data is used solely for categorization, REP activity cross-referencing, and financial reporting within your Nestworthy account. We do not sell bank transaction data. For more information on how Plaid handles your data, visit plaid.com/legal.
How We Use Your Information
- Provide, operate, and maintain the Service
- Generate portfolio analytics, advisor briefings, and tax optimization recommendations
- Process payments and manage subscriptions
- Send transactional emails, product updates, and digest notifications based on your preferences
- Monitor and improve the performance and security of the Service
- Comply with legal obligations, including tax reporting requirements
- Respond to support requests and communicate with you
AI Data Processing
Nestworthy uses artificial intelligence (powered by Anthropic Claude) to categorize transactions, analyze deals, generate reports, and provide informational insights. Your data is processed through Anthropic's API subject to their data processing terms. AI-generated outputs (categories, scores, estimates) are stored in your account.
We do not use your individual data to train AI models shared with other users. Any future anonymized data aggregation will be opt-in only.
Data Storage & Security
Your data is stored on secure servers managed by our infrastructure providers. We employ industry-standard security measures including encryption in transit (TLS) and at rest, database access controls, and regular security audits.
While we take reasonable precautions to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
Uploaded Documents
Financial documents you upload (mortgage statements, receipts, contracts) are encrypted at rest using AES-256 encryption and stored in secure cloud infrastructure. Documents are retained for the duration of your active account.
Upon account cancellation or deletion request, all uploaded documents are permanently deleted within 30 days.
Third-Party Services
We use the following third-party services to operate the platform:
- Clerk — Authentication, user management, and session handling
- Stripe — Payment processing and subscription billing
- Neon — PostgreSQL database hosting
- PostHog — Product analytics (anonymized usage data)
- Resend — Transactional email delivery
- Plaid — Bank account linking and transaction data
- Anthropic (Claude) — AI-powered transaction categorization, deal analysis, and report generation
- QuickBooks Online — Accounting data sync
- Rentcast — Market rent and property value estimates
Each third-party service processes data in accordance with its own privacy policy. We encourage you to review those policies.
Data Sharing
We do not sell your personal information. We may share your data only in the following circumstances:
- With third-party service providers as described above, strictly for operating the Service
- When required by law, regulation, or legal process
- To protect the rights, safety, or property of Nestworthy, our users, or the public
- In connection with a merger, acquisition, or sale of assets (with advance notice to users)
Financial Data Protection (GLBA)
Nestworthy collects and processes nonpublic personal financial information as defined by the Gramm-Leach-Bliley Act (GLBA). We maintain administrative, technical, and physical safeguards designed to protect this information in accordance with applicable regulations.
We do not share your financial information with non-affiliated third parties for marketing purposes.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you
- Correction — Request that we correct inaccurate data
- Deletion — Request that we delete your personal data
- Export — Export your data in a portable format (available in Settings)
- Opt-out — Unsubscribe from marketing communications at any time
To exercise any of these rights, contact us at privacy@nestworthy.ai.
California Residents (CCPA)
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Know what personal information we collect and how it is used
- Request deletion of personal information
- Opt out of the sale of personal information
Nestworthy does not sell personal information. To exercise your rights, contact privacy@nestworthy.ai.
Contractor W-9 Data
When contractors submit W-9 information through Nestworthy's portal, we store their name, business name, address, and the last 4 digits of their tax identification number. We do not store full Social Security Numbers or Employer Identification Numbers.
W-9 data is accessible only to the landlord who requested it.
Tenant Portal Data
Tenants who access the tenant portal via a secure link can submit maintenance requests, send messages, and make payments. Tenant data (name, email, messages, maintenance requests) is stored in association with the landlord's account.
Tenants can request deletion of their data by contacting the landlord or privacy@nestworthy.ai.
Data Retention
We retain your data according to the following schedule:
- Account data — retained while account is active, deleted within 30 days of account cancellation
- Transaction data — retained while account is active
- Uploaded documents — deleted within 30 days of account cancellation
- REP activity logs — retained while account is active
- AI processing logs — retained for 90 days for quality improvement, then deleted
- Payment records — retained for 7 years as required by tax regulations
When you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.
Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
Contact
If you have questions about this Privacy Policy or our data practices, contact us at: