Privacy Policy

NestMatcher LLC ("NestMatcher," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we protect it, and what rights you have regarding your personal information when you use the NestMatcher platform and Services.

Please read this Privacy Policy carefully. By using the Services you agree to the collection and use of your information as described in this Policy.

NestMatcher's Services are currently offered only to residents of New York, New Jersey, and Florida. The Services are not directed to residents of the European Union or European Economic Area. If you are accessing the Services from outside the United States, you do so at your own risk and acknowledge that your information will be processed and stored in the United States.

2.1 Information You Provide Directly

Account information: When you create an account we collect your full name, email address, password, and state of residence. If you register via a supported third-party login service such as Google, we receive your name and email from that service subject to your privacy settings there.

Seller criteria: Property address or general area, asking price, property type, bedrooms, bathrooms, square footage, condition, features, timing, community criteria, and any additional notes you choose to provide.

Property photos: Sellers may optionally upload photos of their property. These photos are stored securely and shared only with verified buyers who receive a match notification for that listing. Property photos are never displayed publicly and are deleted when a listing is permanently deleted.

Buyer criteria: Target location, price range, property type, bedroom and bathroom requirements, desired features, financing type, timeline, community criteria, and any additional notes you choose to provide.

Payment information: When you pay the $100 seller listing fee, payment is processed by Stripe. NestMatcher does not store your full credit card number, expiration date, or CVV. Stripe retains payment information in accordance with their own privacy policy.

Identity verification data: When you complete identity verification through Stripe Identity, you submit a government-issued photo identification document. This process may involve biometric data processing. See Section 5 for full details on biometric data handling.

Communications: Any messages you send to NestMatcher support or through the contact form.

2.2 Information We Collect Automatically

Usage data: When you use the Services we automatically collect information about how you interact with the platform, including pages visited, features used, time spent, and actions taken.

Device and technical data: We collect your IP address, browser type, operating system, device type, and referring URL.

Cookies and similar technologies: We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze platform usage. You can control cookies through your browser settings but disabling cookies may affect your ability to use certain features of the Services.

We use the information we collect to:

• Create and maintain your account
• Match your criteria against other users' criteria and deliver match notifications by email
• Process your $100 seller listing payment
• Verify your identity before unlocking match contact details
• Send system emails including match notifications, welcome emails, activity check emails, and account-related communications
• Provide customer support
• Improve and optimize the platform
• Enforce these Terms of Service and our policies
• Comply with applicable laws and legal obligations
• Detect and prevent fraud, abuse, and unauthorized access

We do not use your criteria data for any purpose other than operating the matching system and improving the Services.

4.1 With Matched Users

When a match is generated and both parties complete identity verification, we share each party's name and email address with the other party. We do not share your full address, phone number, financial information, or any other personal data with matched users. We share only the information contained in your match notification and your name and email upon contact unlock. Property photos are shared only with verified buyers who match your listing and only after both parties have completed identity verification.

4.2 With Service Providers

We share information with third-party service providers who help us operate the platform, including:

• Supabase — database and authentication infrastructure
• Stripe — payment processing and identity verification through Stripe Identity
• Resend — transactional email delivery
• Google — social authentication, subject to your use of that login option

These providers are contractually obligated to use your information only to provide services to NestMatcher and not for their own purposes.

4.3 With Optional Service Directory Providers

We do not share your personal information with providers listed in the Professional Directory Directory. If you choose to contact a listed provider directly, that interaction is between you and the provider.

4.4 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of NestMatcher, our users, or the public.

4.5 Business Transfer

If NestMatcher is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you by email or prominent notice on the platform before your information is transferred and becomes subject to a different privacy policy.

4.6 We Do Not Sell Your Data

NestMatcher does not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes. This applies to all personal data including biometric data.

4.7 Financial Data Safety

NestMatcher does not transmit, hold, or direct any funds in connection with any transaction between users. All payment processing is handled by Stripe. NestMatcher will never send you wire transfer instructions by email or any other communication channel. If you receive any communication purporting to be from NestMatcher directing you to wire funds to any account, do not comply and contact us immediately at hello@nestmatcher.com.

5.1 What We Collect

When you complete identity verification through Stripe Identity, that process may involve the collection and processing of biometric identifiers including facial geometry derived from your government-issued photo ID and a real-time facial scan. This biometric data is processed by Stripe Identity, not stored by NestMatcher directly.

5.2 Purpose

Biometric data is collected solely for the purpose of verifying your identity before your contact details are shared with a match. It is not used for any other purpose.

5.3 Retention and Deletion

Biometric data processed through Stripe Identity is deleted within 90 days of collection or upon account deletion, whichever is earlier. NestMatcher does not independently store biometric data on its own servers. All biometric data is held and processed exclusively by Stripe Identity in accordance with Stripe's privacy policy and data retention practices. For Stripe Identity's specific retention practices please refer to Stripe's Privacy Policy at stripe.com/privacy.

5.4 No Sale or Monetization

NestMatcher does not sell, lease, trade, profit from, or otherwise monetize biometric data under any circumstances.

5.5 Illinois Residents — BIPA Compliance

If you are a resident of Illinois, your biometric data is subject to the Illinois Biometric Information Privacy Act (BIPA). By consenting to identity verification you acknowledge that you have received this disclosure, that you understand your biometric data will be collected and processed for identity verification purposes, and that you consent to such collection and processing. You may withdraw consent at any time by contacting hello@nestmatcher.com, which will result in deactivation of your account as verification is required to use the matching features of the platform.

We retain your personal information for as long as your account is active or as needed to provide you with the Services. Specifically:

• Account information is retained for the life of your account and for a reasonable period after deletion to comply with legal obligations
• Seller listing criteria is retained while your listing is active and for 12 months after it is marked as sold or deactivated
• Property photos are retained while your listing is active and are permanently deleted within 30 days of a listing being permanently deleted
• Buyer profile criteria is retained while your profile is active and for 12 months after it is marked as no longer active
• Payment records are retained for 7 years as required for tax and accounting purposes
• Match records are retained for 24 months
• Biometric data is deleted within 90 days of collection or upon account deletion, whichever is earlier, as described in Section 5.3

You may request deletion of your account and associated data at any time by contacting hello@nestmatcher.com. We will process deletion requests within 30 days subject to any legal obligations that require us to retain certain information.

We implement industry-standard technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include encrypted data transmission (HTTPS), secure database infrastructure through Supabase, access controls limiting who within NestMatcher can access personal data, and regular security monitoring.

However no security system is impenetrable. While we work hard to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information we will notify you as required by applicable law.

New York SHIELD Act: NestMatcher complies with the New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act). In the event of a security breach affecting New York residents' private information, we will provide notification as required by applicable law, including notification to affected users and to the New York Attorney General where required.

New Jersey and Florida Breach Notification: NestMatcher also complies with New Jersey's data breach notification requirements under N.J.S.A. 56:8-163 and Florida's data breach notification requirements under Section 501.171, Florida Statutes. Users in those states will be notified of any breach affecting their personal information in accordance with applicable state law.

California Residents — CCPA/CPRA Rights

If you are a California resident you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• The right to know what personal information we collect, use, share, or sell
• The right to delete your personal information subject to certain exceptions
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information (NestMatcher does not sell personal information)
• The right to limit the use of sensitive personal information
• The right to non-discrimination for exercising your privacy rights

To exercise any of these rights contact us at hello@nestmatcher.com. We will respond within 45 days.

All Users

Regardless of your state of residence you have the right to:

• Access the personal information we hold about you
• Correct inaccurate information in your account
• Delete your account and associated data
• Update or withdraw your criteria submissions at any time through your dashboard
• Opt out of non-essential communications

To exercise any of these rights contact hello@nestmatcher.com.

We use essential cookies to operate the platform including session management and authentication. We may also use analytics cookies to understand how users interact with the platform. You can control cookie preferences through your browser settings. Disabling essential cookies will prevent you from logging in or using the Services.

9.1 Do Not Track

NestMatcher's platform does not currently respond to browser Do Not Track signals. We use only essential session cookies and basic analytics cookies as described above. We do not use tracking cookies for advertising purposes and do not share cookie data with advertising networks.

The Services may contain links to third-party websites or services including listed providers in the Professional Directory. NestMatcher is not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party service you engage with before providing any personal information to that service.

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor we will delete it promptly and terminate the associated account. If you believe a minor has created an account on the platform, please contact us immediately at hello@nestmatcher.com.

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by posting a prominent notice on the platform. Your continued use of the Services after the effective date of any update constitutes your acceptance of the updated Policy.

The current version number and effective date of this Policy are always displayed at the top of this page. Previous versions are available upon request by contacting hello@nestmatcher.com.

For any privacy-related questions, requests, concerns, or to exercise any of your rights under this Policy, contact:

NestMatcher LLC
hello@nestmatcher.com

We will respond to all privacy-related inquiries within 30 days.