1. Who We Are

Nestora ("we", "us", "our") operates the Nestora mobile application and website (nestora.one). Nestora is a platform that facilitates introductions between individuals seeking sperm donors, recipients, or co-parenting arrangements.

For privacy inquiries, contact us at: privacy@nestora.one

2. Information We Collect

2.1 Information You Provide

Data	Purpose	Required
Phone number	Account verification, anti-spam	Yes
Email address	Account recovery, verification badge	Optional
Display name	Profile identification (not your real name)	Yes
Age range	Age verification (18+), matching	Yes
Role (donor/recipient/co-parent)	Matching, feature access	Yes
Country, state, city	Legal compliance, matching, region features	Yes
Physical attributes (height, eye/hair colour, ethnicity)	Profile display, matching preferences	Optional
Health information	Profile display (self-reported, unverified)	Optional
Bio, occupation, education	Profile display	Optional
Preferences (donation method, travel, etc.)	Matching	Optional
Messages	Communication between matched users	N/A

2.2 Information Collected Automatically

• Approximate location — City-level only, derived from your device location (with your permission) or manual entry. We never collect precise GPS coordinates.
• Last active timestamp — When you last used the app.
• Device information — Device type and operating system version for compatibility.
• Usage data — Feature interactions for improving the service (not linked to your identity).

2.3 Information We Do NOT Collect

• Real/legal name (we use display names only)
• Government-issued ID
• Precise GPS coordinates
• Contacts or address book
• Photos or images (text-only platform)
• Financial information or payment details
• Browsing history outside our platform

3. How We Use Your Information

• To provide the core service: matching users based on preferences, role, and location
• To verify accounts and prevent fraud/spam (phone verification)
• To enforce community safety (content moderation, blocking, reporting)
• To comply with regional legal requirements regarding assisted reproduction
• To communicate service updates and safety notices
• To improve and maintain the platform

We do NOT use your information for:

• Advertising or ad targeting
• Selling to third parties
• Automated decision-making that produces legal effects
• Profiling for purposes unrelated to the service

4. Legal Bases for Processing (GDPR)

Processing Activity	Legal Basis
Account creation and profile	Contract performance (providing the service you signed up for)
Phone/email verification	Legitimate interest (platform safety)
Content moderation	Legitimate interest (user safety)
Regional legal compliance	Legal obligation
Health information display	Explicit consent (you choose to provide it)
Service communications	Legitimate interest

5. Data Sharing

We share your information only in these limited circumstances:

• With other users: Your profile information (excluding email, phone, and health details) is visible to authenticated users on the platform, subject to your privacy settings and blocking.
• Service providers: We use AWS (hosting, database), Twilio (phone verification). These providers process data on our behalf under contractual obligations.
• Law enforcement: We will disclose information if legally required by a valid court order, subpoena, or statutory requirement. We will notify you unless prohibited by law.
• Safety emergencies: If we believe there is an imminent risk of serious harm to a person, we may disclose relevant information to appropriate authorities.

We do NOT:

• Sell personal data to anyone
• Share data with advertisers
• Provide data to data brokers
• Transfer data for marketing purposes

6. Data Storage and Security

• Data is stored on Amazon Web Services (AWS) infrastructure in the United States.
• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access to production systems is restricted to authorized personnel only.
• We do not store passwords — authentication is handled by AWS Cognito.
• Phone numbers used for verification are stored separately from profile data.

7. Data Retention

Data Type	Retention Period	Reason
Active account data	For the life of the account	Service provision
Messages	For the life of both participants' accounts	Communication record
Deleted account — profile	Deleted immediately	N/A
Deleted account — phone/email	90 days after deletion	Ban enforcement, fraud prevention
Reports and safety flags	2 years	Platform safety, legal compliance
Server logs	30 days	Security monitoring

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — Request a copy of your personal data
• Correction — Update inaccurate information (via the app's Edit Profile)
• Deletion — Delete your account and data (via the app or by contacting us)
• Portability — Receive your data in a machine-readable format
• Restriction — Request we limit processing of your data
• Objection — Object to processing based on legitimate interest
• Withdraw consent — Where processing is based on consent

To exercise these rights, contact privacy@nestora.one. We will respond within 30 days.

9. International Data Transfers

Your data is stored in the United States (AWS us-east-1 region). If you are located outside the US, your data will be transferred internationally. We rely on:

• AWS's compliance with international data transfer frameworks
• Standard contractual clauses where applicable
• Your consent to this transfer when you create an account

10. Children's Privacy

Nestora is strictly for users aged 18 and over. We do not knowingly collect information from anyone under 18. If we discover that a user is under 18, we will immediately delete their account and all associated data.

11. Health Information Disclaimer

Any health information shared on the platform is self-reported and unverified. Nestora does not independently verify any health claims, genetic information, or medical histories shared by users. Users should:

• Not rely on self-reported health information for medical decisions
• Seek independent medical advice before entering any reproductive arrangement
• Consider professional health screening regardless of information shared on the platform

12. Cookies and Tracking

The Nestora mobile app does not use cookies. The website (nestora.one) uses only essential cookies required for the admin portal to function. We do not use analytics trackers, advertising pixels, or third-party tracking scripts on our website.

13. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via the app or email at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

14. Jurisdiction-Specific Provisions

Australia (Privacy Act 1988)

Australian users have rights under the Australian Privacy Principles (APPs). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

European Union (GDPR)

EU/EEA users have the rights described in Section 8. You may lodge a complaint with your local Data Protection Authority.

California (CCPA/CPRA)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

United Kingdom (UK GDPR)

UK users have equivalent rights to EU GDPR. You may lodge a complaint with the Information Commissioner's Office (ICO).

15. Contact

For any privacy-related questions or requests:

• Email: privacy@nestora.one
• Response time: Within 30 days