What we read. What we don’t do with it.
Nestory reads your family’s messages. That’s a meaningful thing to trust us with. Here’s exactly what that means — plain language first, full legal text below.
Effective 14 August 2025 · Last updated 23 April 2026
Only what you connect.
Per channel, here's the exact data we read. Nothing beyond this list.
- Only the groups and direct chats you explicitly select
- Message text, sender display names, and timestamps
- No contact lists, no phonebook, no media unless you attach it to an event
- Subject lines and message bodies in the accounts you connect
- PDF attachments (permission slips, invoices, event flyers)
- No drafts, no sent folder, no archived mail, no contacts
- Event titles, dates, times, and descriptions
- No attendee contact details beyond what's on the event itself
A short list we mean.
- We never sell, rent, license, or syndicate your data to anyone
- We never train AI models on your messages or household data
- We never share your data with third parties beyond the infrastructure processors listed in Section 7 below
- We never access channels you didn't explicitly connect
- We never store raw message text beyond 30 days
- We never run third-party analytics, session replay, or marketing cookies — none
- We never read your drafts, sent mail, contacts, or anything outside the channel scope above
How long we keep things.
How the plumbing works.
- All connections over TLS 1.2+ — encrypted in transit at all times
- Gmail and Outlook access via OAuth 2.0 — we never see your password
- IMAP passwords AES-256 encrypted at rest before storage
- Messaging session credentials stored in isolated, encrypted storage
- Production servers hosted in Germany, EU (Hetzner Online GmbH)
- Continuous encrypted database backup to Cloudflare R2
- No third-party analytics, session replay, marketing cookies, or ad trackers
- Access to production data limited to essential personnel only
You're in charge.
Privacy or security question?
Email us directly — a real person, usually the same day.
support@nestory.liveThe plain-language summary above covers the essentials. The sections below are the complete, legally-binding Privacy Policy for Nestory. Effective 14 August 2025. Last updated 23 April 2026. Governed by the Israeli Protection of Privacy Law 5741-1981 (as amended by Amendment 13, effective 14 August 2025) and, where applicable, the EU General Data Protection Regulation (GDPR) 2016/679.
1. Mandatory Disclosure Notice (Israeli PPL Amendment 13, Section 11)
The following disclosures are required by Section 11 of Israel’s Protection of Privacy Law 5741-1981, as amended by Amendment 13 (effective 14 August 2025).
2. Data Controller
The Nestory application (available at nestory.live and as a mobile app on iOS and Android) is developed and operated by Wiseard Ltd., a company incorporated in Israel (“Wiseard,” “we,” “us”).
Wiseard Ltd. is the data controller for all personal data processed through the Service. For privacy inquiries, the exercise of data subject rights, or to contact our Privacy Protection Officer:
3. Definitions
4. Data We Collect
4.1 Account and Profile Data
Name, email address, profile photo (optional), language preference, timezone, household role. Collected when you register or update your profile.
Waitlist: If you submit your email address via the Nestory waitlist before registering, we collect that email address solely to notify you when access opens. Waitlist emails are not used for marketing, not shared with third parties, and are deleted within 30 days of your account creation or upon your request.
4.2 Household Member Data
Names, dates of birth (optional), and roles of household members you add. If a household member is a minor (under 18), you as the household administrator provide consent for their inclusion.
4.3 Communication Channel Content
Message text, sender names, and timestamps from messaging groups and chats you authorize. Email subject lines and bodies from Gmail or Outlook accounts you connect. Google Calendar event titles, dates, times, and descriptions. We read only the scope described in the plain-language section above.
4.4 AI-Learned Household Facts
Nestory’s AI learns contextual facts about your household from message patterns (e.g., “Tuesday is soccer practice day”). These facts are stored to improve AI accuracy and are accessible and deletable from Settings.
4.5 Device and Technical Data
Push notification device tokens (iOS APNs / Android FCM). Basic platform information (iOS/Android/web) required for notification routing. We do not collect device IMEI, precise geolocation, contacts, or camera/microphone access.
Biometric lock (Face ID / fingerprint): The optional biometric lock feature uses Apple’s Face ID or Touch ID (iOS) and the equivalent Android biometric APIs entirely on your device. Nestory never receives, stores, transmits, or has any access to your biometric data. Authentication is handled exclusively by the operating system; we only receive a pass/fail result.
4.6 Billing Data
Subscription tier, payment status, and transaction records. Payment card data is processed by our payment processor and is never stored on Wiseard servers.
4.7 Cookies and Tracking
We use session cookies (strictly necessary for authentication) and local storage only. We do not use third-party analytics cookies, ad cookies, or session replay tools. The mobile app does not use cookies. No data is shared with advertising networks.
5. How We Use Your Data
We do not use your data for any purpose not listed here without obtaining fresh consent.
6. Artificial Intelligence Processing
This disclosure is required by Apple App Store Guideline 5.1.2(i) (third-party AI data sharing), Israeli PPL Amendment 13 (Section 11 — automated processing disclosure), and GDPR Article 13 (for EU users).
Who performs AI processing: Anthropic PBC, a US company, through its Claude AI model. Anthropic is our named Sub-processor for all AI features. Anthropic’s privacy policy: anthropic.com/privacy.
What is sent to Anthropic: When a new message arrives, we send Anthropic: (i) up to 2,000 characters of message text and (ii) contextual household information (member first names, timezone, language, household type, and AI-learned facts). We do not send your email address, phone number, OAuth tokens, or account credentials to Anthropic.
What Anthropic does with it: Under our Data Processing Agreement, Anthropic processes Customer Data solely to return an inference response. Anthropic does not use your data to train AI models and does not retain request content after the API call completes (zero-retention option enabled). EU Standard Contractual Clauses (SCCs) are in place for EU data.
Your right to object: You can disable AI event extraction from any connected channel in Settings. Disabling AI processing means Nestory will no longer automatically extract events from that channel.
AI output accuracy: AI Outputs may be inaccurate, incomplete, or biased. You are responsible for reviewing and confirming any AI-extracted event. Do not rely on AI Outputs for critical decisions without independent verification.
Full AI terms, including training prohibition, output disclaimers, and prohibited reliance, are in our AI Terms.
7. Messaging Integration — Privacy Disclosure
Nestory’s messaging integration uses Evolution API, an open-source third-party gateway. This integration is not affiliated with, authorized by, or endorsed by Meta Platforms, Inc. or its messaging services.
How we handle message data: Raw message text is stored for a maximum of 30 days and then automatically and permanently purged. We process only the conversations you explicitly authorize. The Evolution API gateway runs on our own servers — your message data does not leave our infrastructure (except to Anthropic for AI processing, as described in Section 6).
Messages from third parties: When other people send messages to group chats you have connected, those messages are processed by Nestory. Those senders have not consented to Nestory processing. You are responsible for ensuring that your use of the messaging integration complies with applicable privacy laws governing the processing of data about others.
8. Third-Party Processors
We share Customer Data with the following Sub-processors, each of which processes data on our behalf under a data processing agreement (or equivalent legal mechanism). We do not sell your data. We will notify you at least 15 days in advance of adding a new Sub-processor that processes Customer Data.
9. Data Retention
After account deletion, all personal data (including events, household facts, and message data) is purged within 30 days. Billing records are retained 7 years under Israeli tax law. Anonymized aggregate usage statistics (no personal data) may be retained indefinitely.
10. International Data Transfers
Our production servers are located in Germany (EU). Some Sub-processors are located in the United States (Anthropic, Google, Microsoft, Apple, Cloudflare).
Israel → EU: Israel holds an EU adequacy decision. Data flows freely between Israel and the EU without additional safeguards.
EU → USA (Sub-processors): For transfers of EU personal data to US Sub-processors, we rely on Standard Contractual Clauses (SCCs) (EU Commission Decision 2021/914) and, where available, the EU–US Data Privacy Framework. Anthropic’s DPA includes applicable EU SCCs.
Israel → USA: For Israeli data transferred to US processors, we apply equivalent safeguards as required by the Israeli Privacy Protection Regulations (Transfer of Data to Databases Abroad) 5761-2001.
11. Your Rights
Under Israeli PPL Amendment 13 and, where applicable, the EU GDPR, you have the following rights. You can exercise most of them directly within the app. We will respond to written requests within 30 days.
12. Children’s Data and Age Requirements
Minimum age: You must be at least 13 years old to create a Nestory account. Users aged 13–17 must have express parental or guardian consent before creating an account.
Under-13 prohibition: Nestory does not knowingly collect personal data from children under 13. If we learn that a person under 13 has created an account, we will delete it promptly. If you believe this has occurred, contact us immediately at support@nestory.live.
Minor household members:Adult household administrators (parents or guardians) may add minor children as household members. The adult’s consent covers the child’s inclusion. The child’s name and date of birth are processed to personalize household events and reminders.
COPPA 2025:Effective April 22, 2026, the US Children’s Online Privacy Protection Act 2025 amendments expand coverage to biometric data and AI training consent for users under 13. We do not collect biometric data and do not train AI models on any user data. This applies to all users, not only minors.
13. Data Security
Under Israel’s Data Security Regulations 5777-2017, Nestory is classified as an Intermediate-tier database (communications data, personal data processed for a service). We implement the technical and organizational measures required for this tier, including:
- Access control with role-based permissions
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- Logging and monitoring of access to personal data
- Regular security assessments
- Employee training on data security and privacy
- Vendor security review before onboarding new Sub-processors
- Incident response procedures with defined notification timelines
No method of transmission or storage is 100% secure. We continuously work to improve our security posture.
14. Security Incidents
In the event of a Security Incident involving your personal data, Wiseard will:
- Notify the Israeli Privacy Protection Authority (PPA) within 72 hours of discovery, as required by the Data Security Regulations (2017) and PPL Amendment 13
- Notify EU supervisory authorities within 72 hours where required by GDPR Article 33
- Notify affected users without undue delay if the incident poses a high risk to their rights and freedoms
- Provide information on the nature, scope, and remediation steps taken
If you suspect unauthorized access to your Nestory account, contact us immediately at support@nestory.live (subject: “Security Incident”).
15. Data Protection Impact Assessment (DPIA)
Nestory has conducted a Data Protection Impact Assessment (DPIA) in accordance with GDPR Article 35. The DPIA assessed the following high-risk factors identified for the Service:
- Processing of family communications data at scale (systematic monitoring)
- Processing involving AI and automated decision-making
- Possible incidental processing of Special Category Data in family messages
- Processing of data relating to minor household members
- Use of novel technology (third-party messaging integration)
The DPIA concluded that the risks are mitigated by the technical and organizational measures described in this Policy, including the 30-day message retention limit, the AI training prohibition with Anthropic, and granular user controls for disconnecting channels.
16. Changes to This Policy
We will notify you of material changes to this Policy via:
- An in-app notification at least 14 days before the change takes effect
- An email to your registered address
The “last updated” date at the top of this page will always reflect the current version. Continued use of the Service after notice of a material change constitutes acceptance of the revised Policy. If you do not accept the revised Policy, you may delete your account.
Non-material changes (e.g., adding a new Sub-processor with 15-day advance notice, correcting typographical errors) will be reflected by updating the “last updated” date only.