Privacy Policy

Effective Date: November 29, 2024

Last Updated On Date: November 04, 2025

At Nesta Sites Inc. (“we,” “us,” “our”), your privacy is of utmost importance. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, nestasites.com (the “Site”), or use our services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Site.

1. Introduction

Nesta Sites Inc. (“Nesta Sites,” “we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Services, including:

  • Agency and Web Services at nestasites.com (website design, SEO, marketing)
  • Nesta App at getnesta.com (SEO software platform)
  • Any related websites, applications, and services

By using our Services, you agree to this Privacy Policy. If you don’t agree, please don’t use our Services.

2. Who We Are

Nesta Sites Inc.
73 Hillcrest Ave. Winnipeg, Manitoba, Canada

Contact:
Email: privacy@nestasites.com
Support: support@nestasites.com
Website: nestasites.com and getnesta.com

Nesta Sites Inc. is the data controller for the personal information described in this policy.

3. Information We Collect

We collect three types of information:

3.1 Information You Provide

Information you give us directly when you use our Services:

  • Account information: Name, email, password, phone number, business name, role, industry
  • Payment information: Billing details, payment method (processed by Stripe – we only store tokenized references)
  • Business information: Business profiles, locations, services, website content, marketing materials, project requirements
  • Communications: Support requests, emails, chat messages, feedback, survey responses
  • Connected accounts: When you authorize integrations with Google Business Profile, Search Console, Analytics, or other services

3.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Usage data: Features used, pages viewed, actions taken, time spent, preferences
  • Device information: IP address, browser type and version, operating system, device identifiers
  • Log data: Access times, referring URLs, clicks, errors
  • Cookies and tracking technologies: See Section 5 below

3.3 Information From Third Parties

  • Integrated services: Data from services you connect (Google Business Profile, Search Console, Analytics)
  • Publicly available information: Business listings, reviews, website content, search rankings
  • Marketing and analytics partners: Campaign performance data, advertising engagement

What We Don’t Collect

We do NOT intentionally collect:

  • Sensitive personal information (health data, biometric data, financial account details beyond payment processing)
  • Social security numbers or government IDs (except tax IDs voluntarily provided for invoicing)
  • Information from children under 16

4. How We Collect Information

We collect information:

  • Directly from you: When you create an account, submit forms, upload content, or communicate with us
  • Automatically: Through cookies, pixels, and analytics when you use our Services
  • From third parties: When you authorize integrations or when we access publicly available information
  • Through integrations: When you connect third-party accounts like Google Business Profile

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our Services, remember your preferences, analyze usage, and deliver relevant advertising.

Types of cookies we use:

  • Essential cookies: Required for basic functionality and security
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Help us understand how you use our Services
  • Advertising cookies: Deliver relevant ads and measure campaign effectiveness

Your choices:

  • Adjust cookie settings in your browser
  • Opt out of interest-based advertising at aboutads.info/choices
  • Note: Disabling cookies may affect functionality

We do not currently respond to Do Not Track signals.

6. How We Use Your Information

We use your information to:

Provide Services:

  • Deliver agency services and operate the Nesta App
  • Create and manage your account
  • Process payments and subscriptions
  • Provide customer support
  • Perform SEO analysis, keyword tracking, and competitive research
  • Sync data from connected integrations

Improve and Personalize:

  • Analyze usage and improve our Services
  • Develop new features and functionality
  • Personalize your experience
  • Conduct research and testing

Communicate:

  • Send transactional emails (account updates, receipts, service notifications)
  • Send marketing communications (you can opt out)
  • Respond to your inquiries
  • Provide onboarding and training

Marketing and Analytics:

  • Deliver targeted advertising
  • Measure marketing effectiveness
  • Create aggregate analytics and reports

Security and Compliance:

  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our rights and property

For EEA/UK residents: We process your information based on consent, contract performance, legitimate interests, or legal obligations as required by GDPR.

7. How We Share Your Information

We do NOT sell your personal information for money.

We share information only in these circumstances:

7.1 Service Providers

We use third-party service providers who process information on our behalf for:

  • Cloud hosting and infrastructure – To host applications and store data
  • Payment processing – We use Stripe to process payments. Stripe stores payment card information; we only store tokenized references
  • Email and communications – To send emails, manage marketing campaigns, and provide customer support
  • Analytics and monitoring – To understand usage and improve performance
  • AI and automation – To provide AI-powered features and recommendations
  • SEO data services – To provide rankings, metrics, and competitive intelligence
  • Security services – To protect against fraud and abuse

All service providers are contractually required to protect your data and use it only for authorized purposes.

Service provider information is available upon request at privacy@nestasites.com.

7.2 Integrated Services

When you connect third-party accounts (Google Business Profile, Search Console, Analytics), we access data according to your authorization. You can revoke access anytime through your account settings.

7.3 Advertising Partners

We may share limited information (hashed email addresses, device identifiers, browsing data) with advertising platforms for targeted advertising and campaign measurement. This may constitute “sharing” or “sale” under certain state privacy laws. See Section 14 for opt-out rights.

7.4 Business Transfers

If we’re involved in a merger, acquisition, financing, or sale of assets, your information may be transferred. We’ll notify you before your information becomes subject to a different privacy policy.

7.5 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service
  • Protect our rights, property, or safety, or that of others
  • Investigate fraud or security issues

7.6 With Your Consent

We may share information with third parties when you direct us to or provide consent.

7.7 Aggregate Data

We may share anonymized, aggregated data that cannot identify you with third parties for research, analytics, or other purposes.

8. AI and Automated Processing

8.1 How We Use AI

We use artificial intelligence to enhance our Services, including:

  • Generating SEO recommendations and insights
  • Creating content suggestions and drafts
  • Analyzing competitor strategies
  • Automating routine tasks
  • Providing conversational assistance

8.2 AI Providers and Data Usage

We use third-party AI services to power these features. Under our agreements with AI providers:

  • Your data is NOT used to train their general-purpose models
  • Your business information remains confidential
  • AI providers cannot use your data for their own purposes

8.3 What Data Goes to AI

AI providers may receive:

  • Prompts and questions you enter into AI features
  • Business information you provide (business name, services, goals)
  • Context you explicitly provide for AI assistance

AI providers do NOT receive:

  • Data accessed via Google APIs (Google Business Profile, Search Console, Analytics)
  • Your connected account credentials
  • Data from other users
  • Historical data without your authorization

8.4 Your AI Controls

You can:

  • Opt out of AI features by contacting support@nestasites.com
  • Review all AI-generated content before using it
  • Disable specific AI features in account settings (where available)

Important: AI-generated content is not guaranteed to be accurate. You’re responsible for reviewing and verifying AI outputs before use.

8.5 Automated Decisions

We do NOT make decisions based solely on automated processing that significantly affect you, except for:

  • Fraud detection and account security
  • Spam filtering
  • Subscription plan limit enforcement

You have the right to request human review of automated decisions.

9. Google API Limited Use Requirements

We use Google APIs to provide integrations with Google Business Profile, Google Search Console, and Google Analytics (when you authorize these connections).

Our commitment to Google API Services User Data Policy:

Nesta Sites’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use Google API data only to provide features you requested
  • We do NOT use Google API data to develop, improve, or train AI or machine learning models
  • We do NOT allow humans to read Google API data except when necessary for security purposes, legal compliance, or with your explicit consent
  • Data accessed via Google APIs is used only for the specific purpose authorized by you

Your Google Data Controls:

10. International Data Transfers

Nesta Sites operates from Canada and uses service providers located in Canada, the United States, and other countries. Your information may be transferred to, stored, and processed in these jurisdictions.

By using our Services, you consent to these international transfers.

For transfers from the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions (Canada has adequacy status)
  • Appropriate safeguards to protect your data

EEA/UK users can request information about our transfer mechanisms by contacting privacy@nestasites.com.

11. Data Retention

We retain your information as long as necessary to:

  • Provide our Services
  • Comply with legal obligations (tax, accounting, regulatory requirements)
  • Resolve disputes and enforce agreements
  • Maintain business records

General principles:

  • Active accounts: Retained while you use our Services
  • Closed accounts: Retained for a reasonable period for legal and business purposes
  • Financial records: Retained as required by law (typically 7-10 years)
  • Marketing data: Retained until you opt out

When information is no longer needed, we delete or anonymize it. You can request deletion anytime (see Section 13), subject to legal retention requirements.

Note: Information may persist in backup systems for up to 90 days after deletion from active systems.

12. Security

We implement technical, administrative, and physical security measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments
  • Employee training and confidentiality obligations
  • Monitoring for unauthorized access

However, no system is 100% secure. We cannot guarantee absolute security of your information.

Your responsibility:

  • Use strong, unique passwords
  • Enable multi-factor authentication when available
  • Keep your account credentials confidential
  • Notify us immediately of any unauthorized access

Data breach notification: If a breach affects your personal information, we’ll notify you as required by law.

13. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal information
  • Correction: Correct inaccurate or incomplete information
  • Deletion: Request deletion of your information (subject to legal exceptions)
  • Portability: Receive your information in a portable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing
  • Opt-out: Opt out of marketing communications
  • Withdraw consent: Withdraw consent where processing is based on consent

How to exercise your rights:

Email privacy@nestasites.com with:

  • Subject line: “Privacy Rights Request”
  • Your name, email, and description of your request
  • We may need to verify your identity before fulfilling requests

Response time: We’ll respond within 30-45 days as required by applicable law.

No fees: We don’t charge for most requests, except for excessive or repetitive requests.

Authorized agents: You may designate someone to make requests on your behalf (we require written authorization).

Account deletion: To close your account, email privacy@nestasites.com or use account settings. We’ll delete your information within 30-60 days, subject to legal retention requirements.

14. U.S. State Privacy Rights

14.1 California Residents (CCPA/CPRA)

If you’re a California resident, you have additional rights under the California Consumer Privacy Act:

Your Rights:

  • Right to Know: What personal information we collect, use, disclose, sell, or share
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Correct inaccurate information
  • Right to Opt-Out: Opt out of “sale” or “sharing” for targeted advertising
  • Right to Non-Discrimination: We won’t discriminate against you for exercising your rights

Categories of Personal Information We Collect:

  • Identifiers (name, email, IP address, device IDs)
  • Commercial information (subscription status, purchase history)
  • Internet activity (usage data, browsing behavior)
  • Geolocation data (approximate location from IP)
  • Professional information (business name, industry)
  • Inferences (preferences, predicted interests)

“Sale” and “Sharing” of Information:

We do not sell personal information for money. However, under California’s broad definition, sharing data with advertising partners for targeted advertising may be considered a “sale” or “sharing.”

In the past 12 months, we may have “sold” or “shared” the following for advertising:

  • Identifiers (email addresses in hashed form, device IDs, IP addresses)
  • Internet activity (browsing behavior, pages viewed)
  • Inferences (predicted interests)

We do not sell or share personal information of minors under 16.

Opt Out of Sale/Sharing:

[Do Not Sell or Share My Personal Information]

You can opt out by:

  • Visiting our opt-out page: [nestasites.com/privacy/do-not-sell]
  • Emailing: privacy@nestasites.com with “CCPA Opt-Out”
  • Adjusting cookie settings

How to Exercise California Rights:

Email privacy@nestasites.com with “CCPA Request” in the subject line. We may verify your identity before fulfilling requests. Response time: 45 days (may extend to 90 days with notice).

Right to Appeal: If we deny your request, you may appeal by emailing privacy@nestasites.com with “CCPA Appeal.”

14.2 Virginia, Colorado, Connecticut, Utah Residents

If you’re a resident of Virginia, Colorado, Connecticut, or Utah, you have similar privacy rights under your state’s privacy law:

  • Access your personal information
  • Correct inaccurate information
  • Delete your personal information
  • Data portability (receive a copy in a portable format)
  • Opt out of:
    • Sale of personal information
    • Targeted advertising
    • Profiling for certain decisions

How to Exercise Rights:

Email privacy@nestasites.com with “[Your State] Privacy Rights Request” in the subject line.

Right to Appeal: If we deny your request, you may appeal within a reasonable time. If your appeal is denied, you may contact your state’s Attorney General.

14.3 Nevada Residents

Nevada residents may opt out of the sale of personally identifiable information. We do not currently sell personal information as defined by Nevada law. If you wish to opt out, email privacy@nestasites.com with “Nevada Opt-Out.”

14.4 Other States

If your state has enacted a comprehensive privacy law, you may have similar rights. Contact privacy@nestasites.com to exercise your rights.

15. Marketing Communications

15.1 Types of Communications

Transactional (cannot opt out):

  • Account notifications, password resets, security alerts
  • Order confirmations, receipts, billing notifications
  • Service updates and important policy changes
  • Responses to your inquiries

Marketing (can opt out):

  • Newsletters and product updates
  • Promotional offers
  • Educational content
  • Event invitations
  • Surveys

15.2 Email Marketing (CAN-SPAM Compliance)

Our marketing emails include:

  • Clear identification as marketing messages
  • Our physical mailing address: [YOUR ADDRESS – MUST ADD]
  • Unsubscribe link (processed within 10 business days)

15.3 SMS/Text Messages (TCPA Compliance)

If you opt in to receive text messages:

  • Message frequency varies
  • Message and data rates may apply
  • Text STOP to opt out (immediate)
  • Text HELP for assistance
  • We comply with the Telephone Consumer Protection Act (TCPA)

15.4 How to Opt Out

Email:

  • Click “Unsubscribe” in any marketing email
  • Email privacy@nestasites.com with “Unsubscribe”
  • Adjust preferences in account settings

Text messages:

  • Reply “STOP” to any message

Note: Even if you opt out of marketing, we’ll still send transactional messages necessary for your account.

16. Children’s Privacy

Our Services are not intended for anyone under 16 years of age. We do not knowingly collect personal information from children.

If we learn we’ve collected information from a child without parental consent, we’ll delete it immediately.

Parents: If you believe we’ve collected information from your child, contact us at privacy@nestasites.com with “Child Privacy” in the subject line.

17. Third-Party Websites and Services

Our Services may link to third-party websites or integrate with third-party services (such as Google, social media platforms, or payment processors).

We are not responsible for the privacy practices of these third parties. Their privacy policies and terms govern their data collection and use.

Before providing information to third parties, please review their privacy policies.

18. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • New features or services
  • Legal or regulatory requirements
  • User feedback

How we notify you:

  • Update the “Last Updated” date at the top
  • Email notification for material changes
  • Prominent notice on our Services

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

If you don’t agree to changes, you may stop using our Services and request account deletion.

19. Contact Us

For privacy questions or to exercise your rights:

Nesta Sites Inc.
73 Hillcrest Ave. Winnipeg, Manitoba, Canada

Email: privacy@nestasites.com
Support: support@nestasites.com
Website: nestasites.com

Response time: We aim to respond to privacy inquiries within 30-45 days as required by law.

For GDPR inquiries: privacy@nestasites.com

For California CCPA requests: Include “CCPA Request” in subject line

Complaints: If you’re unsatisfied with our response, you may lodge a complaint with your local data protection authority:

  • Canada: Office of the Privacy Commissioner (priv.gc.ca)
  • EU/EEA: Your local supervisory authority
  • UK: Information Commissioner’s Office (ico.org.uk)
  • U.S.: Federal Trade Commission (ftc.gov) or your state Attorney General

Additional Information

Nature of Data We Process

The majority of data we process consists of publicly available business information, including:

  • Public business listings and profiles
  • Public website content
  • Public reviews and ratings
  • Search rankings and public search results
  • Website performance metrics

This public business information generally does not constitute personal information under most privacy laws.

Personal information we collect is primarily limited to:

  • Our users’ account information (name, email, payment details)
  • Usage data about how our users interact with our Services
  • Cookies and tracking data from visitors to our websites

We do NOT collect personal information about end consumers or website visitors beyond aggregated analytics.

WordPress Integration

We connect to WordPress websites via REST API endpoints to:

  • Read and update meta titles and descriptions
  • Access publicly available content
  • Pull website performance metrics

We do NOT:

  • Store or access WordPress login credentials
  • Access WordPress admin panels directly
  • View private or draft content
  • Access databases or personal information of website visitors

Client Work and Portfolio Use

For Agency Services clients:

We may feature completed work in our portfolio, case studies, and marketing materials, including:

  • Websites we’ve designed
  • Screenshots and project descriptions
  • Client logos and testimonials (with permission)
  • Performance results

To opt out: Email privacy@nestasites.com at the start of your project or anytime thereafter. We’ll remove your work from our portfolio within 30 days.

Note: Websites we build are publicly accessible and may be indexed by search engines.