Privacy Policy

NestLedger ("we," "our," or "us") operates a cloud-based property management platform for independent landlords and property managers, available at thenestledger.com and through the NestLedger mobile application (collectively, the "Service").

This Privacy Policy explains how we collect, use, share, and protect information about users of our Service, including landlords, property managers, and tenants.

Information you provide directly:

• Account registration: name, email address, password
• Property and unit details: addresses, unit numbers, photos, amenities
• Tenant information: name, email address, phone number, move-in/move-out dates
• Lease information: rental amounts, lease terms, security deposits
• Financial records: expense categories, vendor information, payment records
• Maintenance requests: descriptions, photos, status updates
• Documents: lease agreements, notices, and other uploaded files
• Communications: messages sent through the platform or to our support team

Information collected automatically:

• Log data: IP address, browser type, pages visited, time stamps
• Device information: device type, operating system, app version
• Usage data: features used, session duration, error logs
• Cookies and similar tracking technologies (see Section 8)

Payment information: We use Stripe to process payments. We do not store full payment card numbers, bank account numbers, or CVV codes. Stripe collects and handles all sensitive payment data under their own privacy policy.

We use the information we collect to:

• Create and manage your account
• Provide, operate, and maintain the Service
• Process rent payments and calculate platform transaction fees
• Send transactional notifications: rent reminders, lease expiry alerts, maintenance updates, payment confirmations
• Send FCRA-required adverse action notices when a landlord denies a tenancy
• Respond to support requests and communicate with you about your account
• Monitor and improve the security of the Service
• Analyze usage patterns to improve and develop new features
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising targeting.

Between landlords and tenants: When a landlord adds a tenant to the platform and invites them to a tenant portal, the tenant's information is visible to the landlord and relevant property managers within the same organization. Tenants can see their own lease, payment history, and maintenance requests.

Service providers: We share data with third-party vendors who assist us in operating the Service:

• Supabase — database, authentication, and file storage (hosted on AWS)
• Stripe — payment processing and landlord payout accounts
• Resend — transactional email delivery
• Vercel — web application hosting and infrastructure
• Expo / Apple / Google — mobile app distribution and push notifications

Each provider is bound by data processing agreements and their own privacy policies.

Legal requirements: We may disclose information if required by law, court order, or government authority, or to protect the rights, safety, or property of NestLedger, its users, or the public.

Business transfers: If NestLedger is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you via email or prominent notice before any such transfer.

Landlords use NestLedger to store and manage tenant personal information. In this context, NestLedger acts as a data processor on behalf of the landlord (the data controller). Landlords are responsible for:

• Having a lawful basis for collecting and storing tenant personal data
• Complying with all applicable privacy laws when handling tenant information
• Complying with the FCRA when using any tenant screening information
• Obtaining appropriate tenant consents where required

Tenants who have questions about their personal data stored by a landlord should contact the landlord directly. NestLedger will cooperate with deletion or access requests to the extent technically feasible.

We retain your account data for as long as your account is active. Financial and payment records may be retained for up to 7 years to comply with tax and accounting requirements. After account deletion, personal data is permanently removed within 30 days, except where retention is required by law.

We implement industry-standard security measures including:

• TLS encryption for all data in transit
• Encryption at rest for all stored data
• Row-level security (RLS) policies ensuring each organization can only access its own data
• Multi-factor authentication support
• Regular security monitoring and access logging

No method of transmission or storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

We use essential cookies and browser storage to maintain your session and preferences. We do not use advertising or third-party tracking cookies. You can disable cookies in your browser settings, but this may affect the functionality of the Service.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and personal data
• Portability: Request an export of your data in a machine-readable format
• Objection: Object to certain processing of your personal data
• Opt-out of sale: We do not sell personal data; this right applies but there is nothing to opt out of

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to non-discrimination for exercising privacy rights.

To exercise any of these rights, contact us at support@thenestledger.com. We will respond within 30 days.

NestLedger is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a child under 18 has provided us with personal information, we will delete that information promptly.

NestLedger is operated in the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Service, you consent to this transfer.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 14 days before they take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

See also our Terms of Service.