Privacy Policy
GDPR Compliant
Last updated: January 23, 2026
1. Introduction
This Privacy Policy describes how the personal data of users of Nestful (nestful.bg) is collected, used and protected. The Website is operated by a natural person and does not represent a legal entity or company.
2. What data do we collect?
When you use Nestful, we collect the following personal data:
- Name (during registration and for guests at your events);
- Email address (for communication, sending invitations and reminders);
- Phone number (optional, for managing your guest list);
- IP address (for security and detecting suspicious activity);
- Event data (information about your events, guests, gifts, tasks, photo gallery);
- Payment information (processed securely by Stripe - we do not store card details).
3. Purposes of personal data processing
Your personal data is collected and processed only for the following purposes:
- To provide invitation creation and event management services;
- To send invitations, reminders and notifications related to your events;
- To process payments for premium features;
- To improve our services through anonymous usage analysis (only with cookie consent);
- To protect the security of the platform.
4. Legal basis for processing
The processing of personal data is carried out on the basis of: (a) your explicit consent given during registration; (b) performance of a contract to provide services; (c) our legitimate interest in protecting the security of the platform.
5. Sharing with third parties
We use the following trusted providers to deliver our services:
- Stripe - for secure payment processing;
- Brevo - for sending emails (invitations, reminders);
- Amazon Web Services - for storing images and files;
- Google Analytics - for anonymous traffic analysis (only with cookie consent).
These providers process data in accordance with their own privacy policies and GDPR.
6. Data storage and protection
Your personal data is stored on secure servers in the European Union. We implement appropriate technical and organizational measures to protect data from unauthorized access, modification or leakage, including data encryption and regular security audits.
7. Data retention period
We retain your data as long as you have an active account on Nestful. When you delete your account, all your personal data is permanently deleted. Payment information is retained as required by law for accounting purposes.
8. Your rights
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access - you can download all your data from Settings > Data Export;
- Right to erasure - you can delete your account from Settings > User;
- Right to rectification - you can edit your profile information at any time;
- Right to withdraw consent - you can withdraw your consent for marketing communications;
- Right to complain - you can file a complaint with the Commission for Personal Data Protection (CPDP).
9. Cookies
We use cookies for site functionality and analytics (only with consent). For more information, see our Cookie Policy.
10. How to contact us?
If you have questions about this Privacy Policy or wish to exercise your rights, you can contact us at: hi@nestful.bg.
11. Changes to the Privacy Policy
We may periodically update this Policy. All changes will be posted on this page with a new update date.
By using Nestful, you agree to the terms of this Privacy Policy.