Privacy Policy

Effective date: May 25, 2025

Nest (“Nest,” “we,” “us,” or “our”) operates the Nest platform, an all-in-one CRM, AI writing assistant, license tracker, document vault, and scheduling tool built for licensed insurance agents and IMOs (independent marketing organizations). This policy explains what personal information we collect, how we use it, and your rights.

1. Information we collect

Information you give us directly

  • Account information:name, email address, and password when you sign up. Authentication is handled by Clerk; we do not store passwords.
  • Agency and license information:home state, agency name, NPN (National Producer Number), resident and non-resident license data you enter or sync via NIPR.
  • Client and contact data:names, phone numbers, email addresses, and notes you add to your contacts and leads inside Nest.
  • Documents and voice memos:files you upload to the document vault and voice recordings you create in the app. Files are stored on Vercel Blob; voice memos are transcribed by OpenAI Whisper and then deleted from temporary storage.
  • Payment information:billing is handled by Stripe. We receive a confirmation and customer ID from Stripe; we do not store your card number or bank details.

Information from third-party services you connect

  • Google Calendar:if you connect Google Calendar, we request read/write access to your calendar events to enable two-way sync. We store your OAuth access and refresh tokens, encrypted at rest (AES-256-GCM). We do not read, store, or share the content of calendar events beyond what is necessary to display and sync them inside Nest. You can disconnect Google at any time in Settings → Integrations.
  • LinkedIn:if you connect LinkedIn, we request the following permissions:
    • r_liteprofile:your first name, last name, and profile photo, used to display your identity inside Nest and to attribute posts.
    • r_emailaddress:your LinkedIn email address, used to link your LinkedIn account to your Nest account.
    • w_member_social:the ability to publish posts to LinkedIn on your behalf, used only when you explicitly click “Publish” inside the Nest social scheduling tool.
    We store your LinkedIn OAuth tokens encrypted at rest. We never read your LinkedIn feed, messages, connections, or any data beyond the profile fields above. You can disconnect LinkedIn at any time in Settings → Integrations, which revokes our access and deletes your stored tokens.
  • NIPR:if you enable license sync, we query the National Insurance Producer Registry using your NPN to retrieve your public license and appointment records. We cache this data in your account to power the Licensing dashboard.

Information collected automatically

  • Usage data:page views and feature interactions, collected via Vercel Web Analytics. No third-party cookies; no cross-site tracking.
  • Server logs:IP address, user agent, and request timestamps for security monitoring. Retained for 30 days.

2. How we use your information

  • To provide, maintain, and improve the Nest platform.
  • To publish content to LinkedIn, Google Calendar, or other connected services when you explicitly request it.
  • To send transactional emails (email verification, billing receipts, cert renewal reminders). We use Resend for delivery; we do not send marketing emails without your consent.
  • To enforce our Terms of Service and prevent fraud or abuse.
  • To comply with legal obligations (e.g., state insurance regulations, IRS).

We do not sell your personal information. We do not use your data to train AI models.

3. How we share your information

We share your information only with the sub-processors necessary to operate Nest:

  • Clerk:identity and authentication.
  • Neon:PostgreSQL database hosting.
  • Vercel:application hosting, Blob storage, and analytics.
  • Stripe:payment processing.
  • Resend:transactional email delivery.
  • OpenAI:voice transcription (Whisper). Audio is sent to OpenAI for transcription and not retained by OpenAI per their zero data retention API agreement.
  • LinkedIn:when you publish a post, the post content is transmitted to LinkedIn via their API.

Each sub-processor is bound by a data processing agreement. We do not share your data with insurance carriers, lead vendors, or advertising networks.

4. Data retention

We retain your account data for as long as your account is active. If you close your account, we delete your personal information within 30 days, except where we are required to retain records for legal or regulatory compliance (e.g., commission audit trails). Voice memo transcripts are deleted from temporary storage immediately after transcription.

5. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your account and associated data.
  • Disconnect any third-party integration (Google, LinkedIn) at any time.
  • Opt out of analytics collection by enabling “Do Not Track” in your browser.

To exercise any of these rights, email hello@nest.examplewith the subject line “Privacy Request.” We respond within 30 days.

6. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). OAuth tokens for connected integrations are encrypted at the application layer before storage. We conduct regular security reviews and follow responsible disclosure practices.

7. Children

Nest is intended for licensed insurance professionals. We do not knowingly collect information from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.

8. Changes to this policy

We will post any changes to this page and update the effective date above. For material changes, we will notify you by email at least 14 days before they take effect.

9. Contact

Questions about this policy or your data:
hello@nest.example
Nest. Nest is the all-in-one platform for individual licensed insurance agents and IMOs.