Nestloop
FeaturesMeet the Founders
Privacy & Safety

NestLoop Privacy Policy

Last updated: 19th August 2025
We care about your privacy. If anything is unclear, please contact us.

1. Introduction

NestLoop ("we," "our," "us") is a UK-based platform designed to help families, carers, and support providers coordinate care, connect with trusted services, and manage their child’s developmental and everyday needs.

We take your privacy very seriously and are committed to protecting personal data in accordance with the UK GDPR, the Data Protection Act 2018, and the Children’s Code (Age-Appropriate Design Code).

This policy explains what personal information we collect, how we use it, who we share it with, and your rights.

2. Data We Collect

We may collect the following categories of personal data:

(a) Account & Profile Information

  • Name, email, phone number.
  • Family details (parent/guardian, child, carer roles).
  • Login details (username, password – securely hashed).

(b) Child & Care-Related Information (Special Category Data)

  • Age, date of birth, educational stage.
  • Health and care needs (e.g., allergies, dietary restrictions, accessibility requirements).
  • Support plans, schedules, and care preferences.
  • Communications between families and carers within the app.

(c) Usage & Technical Data

  • Device type, browser, operating system.
  • IP address and log-in metadata.
  • In-app activity (e.g., messages sent, features used).

(d) Optional Data

  • Feedback, surveys, and participation in beta testing.
  • Uploaded documents (care notes, reports, school information).

3. How We Use Your Data

  • Provide and personalise our services.
  • Enable secure communication between parents, carers, and trusted professionals.
  • Support safeguarding obligations (e.g., flagging inappropriate use or safety risks).
  • Improve app functionality, user experience, and accessibility.
  • Send service updates, notifications, or (with consent) marketing messages.
  • Comply with legal obligations (e.g., child safeguarding, data protection laws).

4. Legal Basis for Processing

  • Consent – when parents/guardians provide information about their child or agree to optional communications.
  • Contract – to deliver NestLoop’s core services to registered users.
  • Legal obligation – where safeguarding or regulatory reporting is required.
  • Legitimate interests – for analytics, app security, and service improvements (balanced against user rights).
  • Special Category Data (Health & Care) – processed only with explicit consent or where strictly necessary for safeguarding.

5. Children’s Data

  • NestLoop is designed for use by adults (parents/guardians and carers).
  • Children under 16 should not register independently.
  • All child data must be provided and managed by a parent/guardian.
  • We apply the Children’s Code principles (transparency, data minimisation, security, and parental control).
  • If we become aware of unauthorised accounts created by a child, we will delete them.

6. Sharing Your Data

We only share personal data with:

  • Service providers (hosting, analytics, customer support), bound by strict confidentiality agreements.
  • Schools, carers, or local services, but only where you explicitly connect and consent to sharing.
  • Legal authorities if required by law or safeguarding concerns.
  • Successors in the event of a merger, acquisition, or restructuring.

We will never sell your data to third parties.

7. Data Transfers Outside the UK

If data is transferred outside the UK, we ensure equivalent protection using:

  • Adequacy decisions (countries recognised by the UK government as providing adequate protection), or
  • Standard Contractual Clauses (SCCs).

8. Data Retention

  • Account information: kept for as long as you maintain an account.
  • Care notes and child data: retained only while necessary for the purpose collected.
  • Deleted accounts: securely erased within 90 days, unless retention is required by law.

9. Security Measures

  • End-to-end encryption of communications.
  • Secure UK/EU-based servers.
  • Regular penetration testing and monitoring.
  • Access controls limiting who can view sensitive data.
  • Mandatory data protection training for staff.

10. Your Rights

Under UK GDPR, you have the right to:

  • Access a copy of your data.
  • Correct inaccurate or incomplete information.
  • Request deletion ("right to be forgotten").
  • Restrict processing in certain cases.
  • Receive your data in a portable format.
  • Object to certain types of processing (e.g., marketing).
  • Withdraw consent at any time.

To exercise your rights, contact:

support@nestloop.org.uk

You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk.

11. Cookies & Tracking

  • We use cookies to support log-in sessions, security, and analytics.
  • Non-essential cookies (e.g., for analytics) are only used with your consent.
  • You can manage preferences via your browser or in-app settings

12. Changes to this Policy

We may update this policy from time to time. Updates will be posted in-app and on our website with a revised “last updated” date. Significant changes will be notified directly to users.

We care about your privacy. If anything is unclear, please contact us.