Privacy Policy

1. Introduction

TAMAZA ENGINEERING LLC ("NestApp", "we", "us", or "our") operates the NestApp platform at console.nestapp.cloud and nestapp.cloud. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform as a Service (PaaS).

2. Data Controller

3. Information We Collect

3.1 Authentication Information

When you sign up using Google OAuth, we collect:

• Email address
• Full name
• Profile picture

This is the only personal information we collect. We do not use analytics tools, tracking pixels, cookies for tracking purposes, or any third-party data collection services.

3.2 Service Data

When you use our platform, we store:

• Organizations, projects, and services you create
• Configuration data for your deployed applications
• Service logs and metrics necessary for platform operation

3.3 What We DON'T Collect

We explicitly do NOT collect:

• IP addresses (beyond temporary connection logs)
• Browser fingerprints
• Behavioral analytics
• Marketing or advertising data
• Third-party cookies

4. How We Use Your Information

We use your information solely for:

• Account authentication and identity verification
• Providing and operating the NestApp platform
• Managing your organizations, projects, and services
• Communicating with you about your account and services
• Billing and payment processing
• Technical support

5. Data Storage and Security

5.1 Location

All your data is stored exclusively in the European Union, specifically in Google Cloud Platform's europe-west9 region (Paris, France). Your data never leaves the EU.

5.2 Encryption

We implement industry-standard security measures:

• Data in transit: All communications use TLS/SSL encryption
• Data at rest: All stored data is encrypted using AES-256
• Sensitive configuration data receives additional application-level encryption

5.3 Access Control

We implement Role-Based Access Control (RBAC) with owner, admin, and viewer roles to ensure only authorized users can access your data.

6. Data Sharing and Third Parties

We do NOT share, sell, or disclose your personal information to third parties, except:

• Google Cloud Platform: As our infrastructure provider (Data Processing Agreement in place, GDPR-compliant)
• Google OAuth: For authentication purposes only (you explicitly authorize this during sign-up)
• Legal obligations: If required by law or to protect our legal rights

We do NOT use third-party analytics, advertising networks, or marketing platforms.

7. Your Rights Under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

To exercise any of these rights, please contact us at contact@nestapp.cloud. We will respond within 30 days.

8. Data Retention

We retain your personal data:

• Active accounts: For as long as your account remains active
• After termination: For 30 days to allow for account recovery
• After 30 days: All data is permanently deleted unless required by law

You can request immediate deletion at any time by contacting us.

9. Legal Basis for Processing

Under GDPR, we process your data based on:

• Contractual necessity: To provide the services you requested
• Legitimate interests: To operate, maintain, and improve our platform
• Consent: When you explicitly agree (e.g., Google OAuth authentication)
• Legal obligations: When required by law

10. International Data Transfers

Your data is stored exclusively in the EU (Paris, France) and is NOT transferred outside the European Economic Area (EEA). While NestApp is currently a US-based entity (Nevada LLC), we are transitioning to a French SAS structure, and all data processing occurs within the EU with GDPR-compliant infrastructure.

11. Children's Privacy

NestApp is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a notice on the platform

Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all requests within 30 days in accordance with GDPR requirements.