Back to Home

Privacy Policy

Last updated: December 6, 2025

1. Introduction

Welcome to HomeNest. This Privacy Policy explains how Anna Bradshaw Consulting Services ("Company", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our HomeNest mobile application and website (collectively, the "Service").

We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller:

Anna Bradshaw Consulting Services

Kiepury 8A

96-313 Budy-Grzybek

Poland

VAT: PL5291813181

Email: support@gethomenest.com

Please read this Privacy Policy carefully. By using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

  • Create an Account: Email address, password (securely hashed)
  • Complete Your Profile: First name, last name, phone number, profile photo
  • Create Projects: Project name, property address, budget information, start and end dates
  • Add Stages: Stage names, descriptions, categories, planned dates, estimated costs
  • Record Expenses: Amounts, dates, descriptions, categories, payment methods, receipt images
  • Manage Tasks: Task titles, descriptions, priorities, due dates, assignments
  • Add Suppliers: Contact names, company names, phone numbers, email addresses, physical addresses, specialties, contract values, ratings
  • Upload Documents: Permits, contracts, invoices, plans, photos, warranties, and other files
  • Invite Team Members: Email addresses of people you invite to collaborate
  • Contact Support: Information you provide when requesting help

2.2 Information Collected Automatically

When you use our Service, we may automatically collect:

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Features used, actions taken, timestamps
  • Log Data: IP address, browser type, access times
  • Location Data: General location based on IP address (we do not collect precise GPS location)

2.3 Information from Third Parties

We may receive information about you from:

  • Team members who invite you to a project
  • Authentication providers if you use social login (future feature)

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

PurposeLegal Basis
Providing the ServicePerformance of contract (Article 6(1)(b))
Account managementPerformance of contract (Article 6(1)(b))
Service communicationsPerformance of contract (Article 6(1)(b))
Marketing communicationsConsent (Article 6(1)(a))
Service improvementLegitimate interest (Article 6(1)(f))
Legal complianceLegal obligation (Article 6(1)(c))
Fraud preventionLegitimate interest (Article 6(1)(f))

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process and complete transactions
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Enable collaboration features between team members
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations
  • Send marketing communications (only with your consent)

5. How We Share Your Information

5.1 With Your Consent

We share your information when you explicitly direct us to, such as when you invite team members to your project.

5.2 With Team Members

When you collaborate on projects, team members with appropriate permissions can view:

  • Your name and profile photo
  • Project data you contribute (stages, tasks, expenses, documents)
  • Your assigned tasks and activities

5.3 With Service Providers

We engage trusted third-party service providers to perform functions on our behalf:

  • Supabase: Database hosting, authentication, and file storage
  • Email Services: For sending transactional emails (password resets, invitations)
  • Cloud Infrastructure: Hosting and computing services

These providers are contractually bound to protect your data and use it only for the purposes we specify.

5.4 For Legal Reasons

We may disclose your information if required by law or if we believe disclosure is necessary to:

  • Comply with legal process or government requests
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Protect against fraud or security issues

5.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Specifically:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • Project Data: Retained while the project exists or until the project owner deletes it
  • Documents and Files: Retained until manually deleted by users
  • Backup Data: May be retained for up to 90 days for disaster recovery purposes

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in Transit: All data transmitted between your device and our servers uses TLS/HTTPS encryption
  • Encryption at Rest: Stored data is encrypted using industry-standard encryption
  • Access Controls: Strict access controls and authentication for all systems
  • Secure Authentication: Passwords are hashed using secure algorithms; we never store plain-text passwords
  • Regular Security Audits: Periodic security assessments and vulnerability testing
  • Row-Level Security: Database-level security ensuring users can only access their own data

Important: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Right of Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can update or correct inaccurate personal data through your account settings or by contacting us.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. You can delete your account through the app settings, which will remove your personal data within 30 days.

8.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

8.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO): https://uodo.gov.pl

To exercise any of these rights, please contact us at support@gethomenest.com. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to, and processed in, countries other than Poland. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

10. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. Cookies and Tracking Technologies

Our web services may use cookies and similar tracking technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns to improve the Service

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

13. Mobile App Permissions

Our mobile app may request the following permissions:

  • Camera: To capture photos of receipts and project progress
  • Photo Library: To upload existing photos and documents
  • Storage: To save and access documents locally
  • Notifications: To send you task reminders and updates

You can manage these permissions through your device settings at any time.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website and app
  • Updating the "Last updated" date
  • Sending you an email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Anna Bradshaw Consulting Services

Kiepury 8A

96-313 Budy-Grzybek

Poland

VAT: PL5291813181

Email: support@gethomenest.com

We aim to respond to all inquiries within 30 days.