NestNotice← Back to home

Privacy Policy

Last updated: April 26, 2025

NestNotice (“we,” “us,” “our”) operates the NestNotice website and service at nestnotice.com. This policy explains what information we collect, why we collect it, and what we do (and don’t do) with it.

We wrote this to be readable, not to bury things in legalese. If anything is unclear, email us at marc@nestnotice.comand we’ll give you a straight answer.

What we collect

Information you give us

  • Email address — when you sign up or join the waitlist. This is how we send recall alerts and account-related messages.
  • Product names and brands — the baby products you add to your tracking list. We use these solely to match against new recalls.
  • Payment information — if you subscribe to a paid plan, payment is processed by Stripe. We never see or store your full card number.

Information collected automatically

  • Usage analytics — basic page views, feature usage, and error logs to help us improve the product. We use privacy-respecting analytics; no cross-site tracking, no advertising pixels.
  • Essential cookies — session cookies to keep you logged in. We do not use advertising or third-party tracking cookies.

How we use your data

  • Match your saved products against new CPSC, FDA, and NHTSA recalls.
  • Send you recall alerts and account notifications via email.
  • Process payments for paid plans.
  • Improve and debug the service.

That’s it. We don’t use your data for advertising, profiling, or anything else.

What we don’t do

  • We don’t sell your data. Not to advertisers, data brokers, or anyone else. Ever.
  • We don’t run ads. There are no ad networks on NestNotice.
  • We don’t build marketing profiles. Your product list exists for one purpose: matching recalls.

Third-party services

We use a small number of trusted services to run NestNotice:

  • Supabase— database and authentication. Your data is stored securely in Supabase’s infrastructure.
  • Resend — transactional email delivery for recall alerts and account emails.
  • Stripe — payment processing for paid plans. Stripe handles all card data under their own PCI-compliant systems.
  • CPSC, FDA, and NHTSA — we fetch publicly available recall data from these U.S. government agencies. No personal data is shared with them.

Data retention and deletion

Your data stays as long as you have an account. If you delete your account, we remove your personal information and product list within 30 days. Some anonymized, aggregated analytics data may persist (e.g., “X users viewed this page”), but nothing that identifies you.

You can export all your data or delete your account at any time from your dashboard settings, or by emailing marc@nestnotice.com.

Children’s privacy (COPPA)

NestNotice is a service for parents and caregivers — not for children. We do not knowingly collect information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we’ll delete it promptly.

Security

We use industry-standard practices to protect your data: encrypted connections (HTTPS), secure authentication, and access controls. No system is 100% secure, but we take reasonable measures to keep your information safe.

Changes to this policy

If we make meaningful changes, we’ll email active users and update the date at the top of this page. We won’t quietly reduce your rights.

Contact

Questions or concerns? Reach out at marc@nestnotice.com. We’re a small team and we read every email.