Privacy Policy
Last updated: January 2026
1. Data Controller
Responsible for data processing in accordance with GDPR:
Email: nestplan.sup@gmail.com
2. Types of Use and Data Storage
The app offers two usage types with different data processing:
Guest Mode (without registration)
In guest mode, all data is stored exclusively locally on your device:
- No data transmission to servers
- All data is encrypted with AES-256 and stored on the device
- The encryption key is securely stored in SecureStore/Keychain
- No synchronization between devices possible
- Data will be lost if the app is uninstalled or the device is lost
Registered Mode (with account)
With a user account, data is stored encrypted in the cloud:
- Synchronization between devices possible
- Sharing with family members possible
- Health data is encrypted before transmission
3. Data We Collect
We process the following personal data:
- Email address and password (only with registration)
- Name (optional)
- Family data (members, roles)
- Child data (name, date of birth, health information)
- Tasks and appointments
- Documents and photos
- Child development data (observations, skills)
4. Legal Basis
Data processing is based on:
- Art. 6(1)(b) GDPR (contract performance)
- Art. 6(1)(a) GDPR (consent for push notifications)
- Art. 9(2)(a) GDPR (consent for health data)
5. Data Storage (for registered accounts)
For registered accounts, your data is stored as follows:
- Servers: Supabase (EU servers)
- Transfer encryption: TLS/SSL
- Local data: On your device (SecureStore for sensitive data)
- Sensitive health data is encrypted before transmission
6. Your Rights (GDPR)
- Access (Art. 15): You can request information about your data at any time
- Rectification (Art. 16): Incorrect data can be corrected
- Erasure (Art. 17): You can request deletion of your data
- Restriction (Art. 18): You can restrict processing
- Data portability (Art. 20): Export your data in JSON format
- Objection (Art. 21): You can object to processing
- Withdrawal (Art. 7): Consent can be withdrawn at any time
Note: In guest mode, all data is stored locally on your device only. You have full control over this data at all times.
7. Data Sharing
Your data is only shared with:
- Supabase (hosting provider, EU) - only for registered accounts
- RevenueCat (subscription management, with EU Standard Contractual Clauses)
- Apple/Google (payment processing for in-app purchases)
- No sharing with third parties for advertising purposes
8. Cookies & Tracking
The app uses:
- No cookies
- No tracking for advertising purposes
- Optional anonymous crash reports
9. Data Security
We protect your data through:
- AES-256 encryption (locally in guest mode)
- Row Level Security (RLS) in the database (for registered accounts)
- SSL/TLS encryption for data transmission
- Secure authentication (JWT)
- Regular security updates
10. Protection of Minors
The app is designed for families and intended for persons aged 16 years and older. Children's data is only processed with the consent of parents or legal guardians.
11. Contact & Complaints
For privacy questions:
Email: nestplan.sup@gmail.com
You have the right to lodge a complaint with a data protection supervisory authority.