Privacy Policy
This policy explains how Nest collects and uses personal data on this pre-launch website (the "Site"). It is written to comply with the EU/EEA General Data Protection Regulation (GDPR) and Norwegian data-protection law.
1. Who we are
Nest is currently operated as an unregistered project by [FILL IN: founder name(s)], based in Hamar, Norway. The founder(s) act as the data controller until a legal entity is formed. A registered organisation number will be added here once the entity is formally established. You can reach us at team@nest.dating.
2. What we collect
When you sign up for the waitlist, we store:
- Your email address — so we can contact you when your city goes live.
- Your selected city (e.g. "oslo") — so we can sort signups by location.
- A one-way hash of your IP address — used only to rate-limit signup attempts and prevent abuse. The raw IP is never stored, and the hash is salted with a server-side secret you cannot reverse-engineer.
- The timestamp of your signup — so we know when you joined the list.
We do not use tracking pixels, browser fingerprinting, advertising identifiers, or behavioural advertising. We do not collect your name, phone number, address, or any other identifier beyond what is listed above. We do use privacy-friendly aggregate analytics — see Section 8 below.
3. Why we collect it
- To notify you when Nest launches in your city.
- To prioritise early signups when launching ("first in, first matched").
- To prevent automated abuse of the signup form.
- To send one confirmation email immediately after signup, so we can verify you actually own the address — see "Double opt-in" below.
Double opt-in
When you submit your email, we send a single confirmation email with a unique link. You are not counted on the public waitlist tracker, and we will not contact you again, until you click that link.
Unconfirmed signups are automatically deleted after 7 days. This protects people from being added to our list by someone else, and keeps our list clean.
4. Legal basis (GDPR Art. 6)
- Consent (Art. 6(1)(a)) — you actively submit your email, knowing it will be used to contact you about Nest's launch.
- Legitimate interest (Art. 6(1)(f)) — for the hashed IP rate-limit. Our interest is keeping the service available and free of spam; the impact on your privacy is minimal because the IP is hashed and auto-purged.
You can withdraw your consent at any time by emailing team@nest.dating; we will delete your record without delay.
5. How long we keep it
- Email + city + signup timestamp: kept until Nest launches in your city plus 90 days, then deleted unless you have become a registered user of the app.
- Hashed IP entries: automatically deleted one hour after they are created (the rate-limit window expires).
6. Who else processes the data
We use the following sub-processors:
- Supabase — database and backend hosting. Data is stored in Supabase's EU region eu-central-1 (Frankfurt, Germany).
- Vercel — website hosting, edge delivery, and privacy-friendly analytics (Vercel Web Analytics + Speed Insights, see Section 8). Vercel processes minimal request metadata (IP, user agent) for security and routing; this is governed by Vercel's privacy policy.
- Resend — transactional email delivery. When we send your launch notification, your email address is shared with Resend solely to deliver that one message. Resend is GDPR-compliant and stores delivery metadata for a limited period; see Resend's privacy policy.
We do not sell or share your email with any third party for marketing.
7. Your rights
Under GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data (e.g. correct your email).
- Erase your data ("right to be forgotten").
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
- Receive a copy of your data in a portable format.
- Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) — see datatilsynet.no.
To exercise any of these rights, email team@nest.dating. We respond within 30 days.
One-click unsubscribe: every email we send to you contains a one-click unsubscribe link in the footer (and in the standard List-Unsubscribe header). Clicking it immediately removes your email from our send list — no login or reply required.
8. Cookies and analytics
Cookies: this Site does not set any cookies. We do not use local storage, session storage, or browser fingerprinting for tracking.
Analytics: we use Vercel Web Analytics and Vercel Speed Insights to understand aggregate traffic and page performance. These services are designed to be privacy-friendly:
- They do not set cookies.
- They do not collect persistent identifiers, IP addresses, names, email addresses, or any other personal data that identifies you.
- They collect anonymous aggregate signals only: page URL, anonymised country, browser family, device type, referrer, and page-load timing metrics (Core Web Vitals).
- Data is processed by Vercel Inc. and retained for a limited period (up to 90 days).
Because no cookies or personal identifiers are involved, no consent banner is required under GDPR for this analytics. If we ever introduce analytics that use cookies or personal data, we will update this policy and ask for your consent before any such cookie is set. See Vercel's analytics privacy documentation for more detail.
9. Security
Data is transmitted over HTTPS and stored in an encrypted database. Access to the production database is restricted to a limited number of authorised people.
10. Children
The Nest service is intended for users 18 and older. We do not knowingly collect data from children under 18. If you believe we have, please contact us so we can delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top, and — where required — by notifying you by email.
12. Contact
Questions, requests, or complaints: team@nest.dating.