Privacy Policy

1. Who we are

Nestori is an app operated by Andrei-Bogdan Smidu, a natural person residing in Romania ("Nestori", "we", "us").

• Country: Romania
• Privacy contact email: privacy@nestori.app
• General support: support@nestori.app

Nestori lets you save digital memories (photos, videos, voice notes, letters, milestones) about your child, to deliver to them at adulthood (18) or at earlier milestone ages you choose.

2. Data we collect

2.1. Data you provide directly

• Your account: email, password (hashed), name (optional).
• Child data: name, date of birth (or expected due date during pregnancy), gender (optional).
• Memories: text, photos, videos, audio recordings, letters, locations (optional).
• Pregnancy data: pregnancy week, "letters to the bump".
• Family: emails of invited people, their roles (grandparent, godparent, etc.).
• Payments: handled by Apple / Google / Stripe. We never store card data.

2.2. Data collected automatically

• Technical data: device type, OS, app version, language.
• Analytics: which screens you visit, buttons you tap, session length. Analytics events do not contain personally identifiable information.
• Errors: anonymous stack traces sent to Sentry to fix bugs.
• Photo EXIF: date, location (if present and you granted permission), phone model. You can disable any time.

2.3. iOS permissions we request

• Camera — to take photos/videos from within the app.
• Microphone — for voice messages.
• Photo Library — to pick existing photos.
• Location — optional, to attach the place of a memory.
• Face ID / Touch ID — optional, to lock the app.
• Notifications — to remind you to save memories, for birthdays, and for weekly prompts.

You can deny any permission at install time or revoke it later from iOS Settings. The app still works with reduced functionality.

3. Why we collect this data (GDPR legal basis)

• Performance of a contract (Art. 6(1)(b) GDPR) — to deliver the service you subscribed to.
• Consent (Art. 6(1)(a)) — for notifications, analytics, and optional features.
• Legitimate interest (Art. 6(1)(f)) — to detect fraud, abuse, and improve the app.
• Legal obligations (Art. 6(1)(c)) — for billing and tax records.

4. Data about children

Nestori is designed for parents (or legal guardians) to save memories about their children. The account is owned by an adult, and all data about the child is entered and controlled exclusively by that adult.

• You, the parent, are the legal controller of the child data you enter.
• The child does not have access to the app until you deliver the data at age 18 (or the age you chose).
• We do not collect data directly from children under 16. The app is not intended for direct use by minors.
• If we learn that a minor created an account without parental consent, we delete the account immediately. Report such cases to privacy@nestori.app.

We comply with GDPR-K (Art. 8 — protection of children's data) and, in non-EU markets, equivalent standards (COPPA in the US).

5. Who we share data with

We do not sell personal data. We do not use it for targeted advertising. We only share it with providers required to operate the service:

All have data processing agreements (DPAs). Transfers to the US rely on Standard Contractual Clauses or the Data Privacy Framework.

6. How long we retain data

• While your account is active: data is kept in full.
• After you delete your account: memories and personal data are deleted within 30 days (a "recovery window"). After 30 days, irreversible deletion.
• Billing data: kept 10 years per Romanian tax law.
• 18-year capsule: if your subscription lapses, we notify you 30 days in advance. If you don't renew, we export your memories as a ZIP and email it to you, then delete data from servers after another 30 days.

7. Your rights

Under GDPR, you have the following rights:

• Access — receive a copy of all your data.
• Rectification — correct inaccurate data.
• Erasure — delete your account and all data.
• Restriction — ask us to pause processing temporarily.
• Portability — receive data in a portable format.
• Objection — object to processing for certain purposes.
• Withdraw consent — at any time.

To exercise any right, email privacy@nestori.app. We respond within 30 days.

You have the right to lodge a complaint with your local data-protection authority (in Romania: ANSPDCP — www.dataprotection.ro).

8. Security and durability

• Passwords are hashed with bcrypt.
• All communications use TLS 1.3.
• Media (photos, videos, audio) are encrypted at rest on AWS S3 (eu-central-1, Frankfurt) with 99.999999999% durability ("eleven nines").
• API keys and secrets are stored in deployment secrets, not in code.
• Face ID / biometrics optionally available to lock the app on-device.
• Backups: the database is snapshotted by our provider with point-in-time recovery for the last 7 days, plus an independent off-provider encrypted backup taken daily and retained for 90 days. Media files have S3 Versioning enabled, so a deletion or overwrite leaves the previous version recoverable.
• Why backups stay encrypted off-site: in the rare case our main provider account is lost (compromise, billing dispute, provider shutdown), we can still rebuild from the independent backup without losing your memories.

No system is fully secure. We commit to following best practices and to notifying you within 72 hours of detecting a breach that affects your data (per Art. 33 GDPR).

9. Cookies and trackers

The mobile app does not use cookies.

If you visit nestori.app from a web browser, we use:

• Essential cookies (authentication) — cannot be disabled.
• Analytics cookies (PostHog) — opt-out from the cookie banner.

10. Changes to this policy

We may update this policy periodically. We'll notify you via email and in-app at least 30 days before any material change.

For questions: privacy@nestori.app.