Privacy Policy
Nestaid Inc. (“Nestaid,” “we,” “us,” or “our”) provides AI-powered software tools for home care agencies, including AI receptionist, scheduling coordination, call-out handling, shift recovery, communications, and related operational workflows. This Privacy Policy explains how we collect, use, share, and protect personal information through our website, platform, and related services.
Last updated: June 23, 2026
1. Our Role
Nestaid works with home care agencies and related organizations (“Agency Customers”). In most cases, Nestaid acts as a service provider and processes information on behalf of Agency Customers.
If you are a caregiver, employee, applicant, client, staff member, or other person interacting with an Agency Customer through Nestaid, the Agency Customer generally controls your information. Questions about your information should usually be directed to that Agency Customer first.
2. Information We Collect
We may collect information from Agency Customers, including:
- Agency name
- Staff names
- Email addresses
- Phone numbers
- Billing and account details
- Platform settings and workflow preferences
Agency Customers may also use Nestaid to process information about caregivers, applicants, employees, clients, and other users, including:
- Name
- Contact information
- Scheduling and availability information
- Shift status, call-out, and coverage information
- Job application or onboarding details
- Licenses, certifications, and compliance-related information
- Messages, call transcripts, call recordings, voicemails, notes, forms, and uploaded documents
We may also collect technical information such as IP address, browser type, device information, pages viewed, session activity, cookies, and similar data.
3. How We Use Information
We use information to:
- Provide and operate Nestaid
- Support AI receptionist, scheduling, call-out, and shift coordination workflows
- Send calls, messages, alerts, reminders, and service communications
- Configure agency workflows
- Provide customer support
- Improve platform reliability, safety, and performance
- Detect security issues, fraud, abuse, or technical problems
- Comply with legal obligations
We do not sell personal information. We do not use End User data processed on behalf of Agency Customers for unrelated marketing purposes.
4. HIPAA-Regulated Data
Some Agency Customers may use Nestaid in connection with information that may be considered Protected Health Information (“PHI”) or electronic Protected Health Information (“ePHI”) under HIPAA.
Where HIPAA applies, Nestaid processes PHI/ePHI only as permitted by applicable law, customer instructions, and a written Business Associate Agreement where required.
Nestaid does not use PHI/ePHI processed on behalf of Agency Customers to train general AI models or for unrelated marketing purposes.
5. Calls, AI Communications, and SMS
Nestaid may support voice calls, AI-assisted conversations, emails, alerts, and SMS/text messaging.
SMS / Text Messaging
Nestaid sends operational and transactional text messages only to users who have opted in. During onboarding, a user enters their mobile number and checks a separate SMS consent checkbox that is unchecked by default, optional, and not required to create or use a Nestaid account. Pilot participants confirm consent before being added to SMS testing. Nestaid does not purchase, rent, scrape, or import phone numbers from third parties.
These messages may include open-shift coverage requests, schedule updates, shift confirmations, visit reminders, EVV clock-in reminders, weekly shift summaries, onboarding and testing updates, and replies to scheduling or coordination questions. They are operational messages — not marketing, promotional, or advertising messages.
To protect privacy, text messages contain only the minimum necessary operational information. Client names, health details, care-plan details, addresses, and other sensitive information are not included in text messages; users are directed to the secure Nestaid app to view full details.
Message frequency varies. Message and data rates may apply. You can opt out at any time by replying STOP, and you can get help at any time by replying HELP. Opt-out requests are honored before any further messages are sent.
No mobile information, phone numbers, SMS consent, or opt-in data is sold or shared with third parties or affiliates for their own marketing or promotional purposes. This information may be shared only with subcontractors and service providers that support the messaging program (such as our SMS and telephony provider), and only to deliver these messages.
6. Google Services, OAuth, and Calendar Integration
Nestaid offers optional Google integrations that Agency Customers may enable and disconnect at any time from integration settings.
Google Sign-In
We use the openid, userinfo.email, and userinfo.profilescopes only to authenticate the user and link their Google account to their Nestaid record. We store the user’s email, profile name, and Google account ID. Not used for advertising or marketing.
Google Calendar
We use the calendar.events scope solely for AI Receptionist appointment booking to: read events during business hours to find availability, and create, update, or delete events as appointments are booked, rescheduled, or cancelled in Nestaid. We do not request the broader calendar scope or access calendar settings, metadata, ACLs, or sharing permissions.
Data We Store
Sign-In: email, profile name, Google account ID, and OAuth refresh token. Calendar: appointment title, start/end time, time zone, attendee email, internal appointment ID, and Google event ID. Events read for availability checks are processed transiently and not persisted.
Sharing
We do not sell or transfer Google user data. We share it only with the connecting Agency Customer and vetted subprocessors (e.g., hosting and database providers) under confidentiality and security obligations.
Retention & Revocation
On disconnect, Nestaid revokes and deletes the stored OAuth refresh token and Google event IDs. Users can also revoke access at myaccount.google.com/permissions. Existing calendar events remain in the user’s Google Calendar.
Limited Use
Nestaid’s use and transfer of information from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google data for advertising, do not transfer it except as needed to operate these features or comply with law, and do not allow humans to read it except with the user’s consent, for security/abuse investigation, legal compliance, or in aggregated form.
8. Data Security
We use reasonable administrative, technical, and physical safeguards designed to protect personal information. These may include encryption, access controls, authentication, logging, audit controls, secure cloud infrastructure, and security monitoring.
No system is completely secure, and we cannot guarantee absolute security.
9. Data Retention
We retain information as long as necessary to provide the Service, meet contractual obligations, resolve disputes, enforce agreements, and comply with legal requirements.
Information processed on behalf of Agency Customers is retained according to customer instructions, our agreements, and applicable law.
10. Your Rights
Agency Customers may access, update, or delete certain account information through the platform or by contacting us.
If you are an End User, you should contact the relevant Agency Customer to access, correct, or delete your information. If needed, you may also contact Nestaid, and we will make reasonable efforts to assist or direct your request appropriately.
12. Children’s Privacy
Nestaid is not intended for individuals under 18. We do not knowingly collect personal information directly from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and may provide additional notice where required.