1. Introduction
NestMatch, operated by GrowYourSB (“we”, “us”, or “our”), is committed to protecting the privacy of individuals who use our platform at www.nestmatch.app (the “Platform”) and related services (collectively, the “Services”). This Privacy Policy explains what personal information we collect, how we use and share it, and your rights under Canadian privacy law.
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. By using NestMatch, you consent to the practices described in this Privacy Policy.
2. Information We Collect
We collect information that you provide directly, information generated through your use of the Services, and information from third-party sources.
2.1 Information You Provide
- Account Information: Name, email address, phone number, date of birth, and password when you create an account.
- Profile Information: Photos, bio, lifestyle preferences (sleep schedule, cleanliness habits, pet tolerance, smoking preferences, noise tolerance, and similar), location preferences, and budget range.
- Listing Information: Property details, photos, address, rent, amenities, and availability dates for housing listings you create.
- Verification Information: Government-issued identification documents, personal details required for background and credit checks submitted through our verification partner CERTN.
- Payment Information: Payment card details and billing address, processed and stored by our payment provider Stripe. We do not store full card numbers on our servers.
- Communications: Messages sent through the Platform, as well as any correspondence you send to us (e.g., support requests).
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, search queries, interactions with listings and profiles, and timestamps.
- Device Information: Browser type, operating system, device identifiers, screen resolution, and language preferences.
- Location Data: Approximate location derived from your IP address or, with your permission, more precise location from your device.
- Cookies and Similar Technologies: See Section 7 below.
2.3 Information from Third Parties
- CERTN (CertnCentric): Verification results, including identity verification status, background check results, and credit check summaries.
- Stripe: Transaction confirmations and payment status.
- Authentication Providers: If you sign in using a third-party service (e.g., Google), we receive basic profile information as permitted by your settings with that provider.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Services, including roommate matching, listing search, and expense sharing.
- Process verification checks through CERTN and display verification badges on your profile.
- Process payments and manage billing through Stripe.
- Send transactional communications such as account confirmations, verification updates, and payment receipts.
- Send promotional communications about new features, tips, or offers (you can opt out at any time).
- Verify your phone number via SMS through our provider Twilio.
- Display relevant locations and maps through Google Maps integration.
- Detect and prevent fraud, abuse, and security threats to the Platform.
- Analyse usage patterns and trends to improve the user experience and develop new features.
- Comply with legal obligations and respond to lawful requests from authorities.
4. How We Share Your Information
We do not sell your personal information. We share your data only in the following circumstances:
4.1 With Other Users
Your profile information, lifestyle preferences, verification badges, and listing details are visible to other NestMatch users as part of the matching and search functionality. Messages you send are visible to their recipients.
4.2 With Third-Party Service Providers
We share information with trusted third parties who perform services on our behalf:
- Supabase: Database hosting and authentication services. Your account data and platform content are stored on Supabase infrastructure.
- Stripe: Payment processing. Stripe receives your payment details to process transactions securely. See Stripe’s Privacy Policy.
- CERTN (CertnCentric): Verification services. CERTN receives personal details and identification documents necessary to perform identity, background, and credit checks. See CERTN’s Privacy Policy.
- Twilio: SMS delivery for phone number verification. Your phone number is shared with Twilio to send verification codes. See Twilio’s Privacy Policy.
- Google Maps: Map and location services. Your location queries and listing addresses may be processed by Google. See Google’s Privacy Policy.
4.3 For Legal Reasons
We may disclose your information if required by law, regulation, legal process, or government request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of NestMatch, our users, or the public.
4.4 Business Transfers
If GrowYourSB is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you the Services. After account deletion, we may retain certain information for a reasonable period to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes such as fraud prevention.
Specific retention periods include:
- Account data: Retained for the duration of your account plus up to 30 days following deletion to allow for account recovery.
- Verification results: Retained for the duration of your account. CERTN may retain data independently in accordance with their own privacy policy.
- Payment records: Retained for 7 years as required by Canadian tax and financial regulations.
- Messages and communications: Retained for the duration of your account. Deleted upon account deletion, except where required for legal or safety purposes.
- Usage logs: Anonymised or deleted after 24 months.
6. Your Rights Under PIPEDA
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights regarding your personal information:
- Right of Access: You may request access to the personal information we hold about you.
- Right to Correction: You may request that we correct inaccurate or incomplete personal information.
- Right to Withdraw Consent: You may withdraw your consent for the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Withdrawal of consent may limit your ability to use certain features of the Services.
- Right to Complain: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.
To exercise any of these rights, please contact us at privacy@nestmatch.app. We will respond to your request within 30 days.
7. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience on the Platform. These include:
- Essential Cookies: Required for the Platform to function properly, including authentication session cookies and security tokens. These cannot be disabled.
- Functional Cookies: Remember your preferences (e.g., search filters, language settings) to improve your experience.
- Analytics Cookies: Help us understand how users interact with the Platform so we can improve it. These collect anonymised usage data.
You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- Encryption of data in transit using TLS/SSL and at rest where applicable.
- Secure authentication mechanisms, including row-level security policies on our database.
- Payment information processed exclusively through PCI-DSS-compliant Stripe infrastructure.
- Regular security assessments and monitoring for unauthorized access attempts.
- Access controls limiting employee and contractor access to personal information on a need-to-know basis.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Children’s Privacy
NestMatch is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us at privacy@nestmatch.app.
10. International Data Transfers
Your information may be stored and processed in countries outside of Canada where our service providers maintain infrastructure (including the United States). When your data is transferred outside of Canada, we ensure that appropriate safeguards are in place to protect your information in accordance with PIPEDA and applicable law.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on the Platform and updating the “Last updated” date. We encourage you to review this policy periodically.
Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:
You may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca if you have concerns about how your personal information is being handled.