Privacy Policy

We may collect information from Agency Customers, including:

• Agency name
• Staff names
• Email addresses
• Phone numbers
• Billing and account details
• Platform settings and workflow preferences

Agency Customers may also use Nestaid to process information about caregivers, applicants, employees, clients, and other users, including:

• Name
• Contact information
• Scheduling and availability information
• Shift status, call-out, and coverage information
• Job application or onboarding details
• Licenses, certifications, and compliance-related information
• Messages, call transcripts, call recordings, voicemails, notes, forms, and uploaded documents

We may also collect technical information such as IP address, browser type, device information, pages viewed, session activity, cookies, and similar data.

We use information to:

• Provide and operate Nestaid
• Support AI receptionist, scheduling, call-out, and shift coordination workflows
• Send calls, messages, alerts, reminders, and service communications
• Configure agency workflows
• Provide customer support
• Improve platform reliability, safety, and performance
• Detect security issues, fraud, abuse, or technical problems
• Comply with legal obligations

We do not sell personal information. We do not use End User data processed on behalf of Agency Customers for unrelated marketing purposes.

Some Agency Customers may use Nestaid in connection with information that may be considered Protected Health Information (“PHI”) or electronic Protected Health Information (“ePHI”) under HIPAA.

Where HIPAA applies, Nestaid processes PHI/ePHI only as permitted by applicable law, customer instructions, and a written Business Associate Agreement where required.

Nestaid does not use PHI/ePHI processed on behalf of Agency Customers to train general AI models or for unrelated marketing purposes.

Nestaid may support voice calls, AI-assisted conversations, emails, alerts, and SMS/text messaging.

Agency Customers may use Nestaid to communicate with caregivers, applicants, employees, clients, staff, or other users. These communications may include shift updates, call-out alerts, coverage requests, reminders, onboarding messages, and other operational communications.

Message frequency may vary. Message and data rates may apply. SMS recipients may opt out at any time by replying STOP. For help, reply HELP.

We do not sell, rent, or share phone numbers, SMS consent data, or SMS opt-in records with third parties for their own marketing purposes.

Nestaid offers optional integrations with Google services that Agency Customers may enable. Connecting these services is voluntary and can be disconnected at any time from Nestaid’s integration settings.

Google Sign-In (OpenID Connect)

When an agency user chooses “Sign in with Google,” Nestaid uses the openid, https://www.googleapis.com/auth/userinfo.email, and https://www.googleapis.com/auth/userinfo.profile scopes only to identify the user, link their Google account to their Nestaid agency user record, and complete authentication. We collect and store the user’s Google account email, basic profile name, and Google account identifier solely for the purpose of authentication and account linkage. This data is not used for advertising, marketing, or any unrelated purpose.

Google Calendar Integration (AI Receptionist Appointment Booking)

Nestaid uses the https://www.googleapis.com/auth/calendar.events scope only for its AI Receptionist appointment booking feature for home-care agencies. The scope is used to:

• Read existing events on the agency’s selected Google Calendar during business hours to calculate available appointment slots
• Create a Google Calendar event when a caller confirms an appointment (with the appointment title, start/end time, time zone, attendee email, and an internal appointment ID)
• Update the corresponding Google Calendar event when an appointment is rescheduled in Nestaid
• Delete the corresponding Google Calendar event when an appointment is cancelled in Nestaid

Nestaid does not request access to broader Google Calendar settings, calendar metadata, sharing permissions, ACLs, or user settings. We do not request the broader https://www.googleapis.com/auth/calendar scope because we only need access to event objects required for appointment booking.

Data We Store From Google

For Google Sign-In, we store the user’s Google email address, basic profile name, and Google account identifier, plus an OAuth refresh token used to maintain the integration. For Google Calendar, we store only the data needed to manage bookings: appointment title, start/end time, time zone, attendee email, internal appointment ID, and the Google event ID returned by Google. Existing calendar events read for availability checks are processed transiently and are not persisted by Nestaid.

Sharing of Google User Data

Nestaid does not sell, rent, or transfer Google user data to third parties for their own purposes. We share Google user data only with the Agency Customer that connected the account and with vetted subprocessors strictly required to operate the booking and authentication features (for example, secure cloud hosting and database providers), under contractual confidentiality and security obligations.

Retention, Deletion, and User Control

Users can disconnect Google Sign-In or Google Calendar at any time from Nestaid’s integration settings. On disconnect, Nestaid revokes and deletes the stored OAuth refresh token and removes stored Google event IDs from our database. Users can additionally revoke access at myaccount.google.com/permissions. Nestaid does not delete the underlying Google Calendar events on disconnect, since those events belong to the user’s calendar.

Limited Use Disclosure

Nestaid’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: (1) we use Google user data only to provide and improve the user-facing features described above; (2) we do not transfer Google user data to third parties except as needed to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with appropriate notice to users; (3) we do not use Google user data for serving advertisements; and (4) we do not allow humans to read Google user data unless we have obtained the user’s affirmative agreement for specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations under standard privacy protections.

We may share information:

• With Agency Customers
• With service providers that help us operate Nestaid, such as hosting, communications, storage, transcription, analytics, support, and security providers
• When required by law or legal process
• To protect the rights, safety, and security of Nestaid, our customers, users, or the public
• In connection with a merger, acquisition, financing, or sale of assets
• With consent or at the direction of the Agency Customer or individual

Where required, we use appropriate contractual safeguards with service providers that handle regulated data.

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. These may include encryption, access controls, authentication, logging, audit controls, secure cloud infrastructure, and security monitoring.

No system is completely secure, and we cannot guarantee absolute security.

We retain information as long as necessary to provide the Service, meet contractual obligations, resolve disputes, enforce agreements, and comply with legal requirements.

Information processed on behalf of Agency Customers is retained according to customer instructions, our agreements, and applicable law.

Agency Customers may access, update, or delete certain account information through the platform or by contacting us.

If you are an End User, you should contact the relevant Agency Customer to access, correct, or delete your information. If needed, you may also contact Nestaid, and we will make reasonable efforts to assist or direct your request appropriately.

We use cookies and similar technologies to operate the website and Service, remember preferences, analyze usage, and improve performance. You can control cookies through your browser settings.

Nestaid is not intended for individuals under 18. We do not knowingly collect personal information directly from children.

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and may provide additional notice where required.