NestCraft Studio

Privacy Policy

Effective date: 30 October 2025

NestCraft Innovations Pvt. Ltd. ("NestCraft", "we", "us") values your trust. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our artificial intelligence powered design services. The policy complies with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. Personal Data We Collect

1.1 Information you provide

  • Identity and contact data: name, email address, mobile number, billing address, and profile photo.
  • Content you upload: reference photos, room details, prompts, annotations, chat transcripts, and collaboration notes.
  • Payment information processed by Razorpay: card network, masked card number, and transaction metadata (we do not store full card details).
  • Support requests, survey responses, testimonials, or other communications.

1.2 Information collected automatically

  • Device and technical data: IP address, browser type, operating system, and device identifiers.
  • Usage analytics: timestamps, feature interactions, generation counts, and referral sources.
  • Cookies, local storage tokens, and similar technologies used for session management and fraud prevention.

2. Lawful Basis for Processing

We rely on the following lawful bases recognised under the DPDP Act:

  • Consent: for marketing updates, newsletters, and optional personalisation.
  • Performance of contract: to deliver the Services, maintain user accounts, and provide customer support.
  • Legal obligation: to maintain records and furnish information as required by tax authorities or regulators.
  • Legitimate interests: to improve our platform, keep services secure, and prevent misuse, balanced against your privacy rights.

3. How We Use Personal Data

  • Provide, personalise, and enhance AI design recommendations and collaboration features.
  • Authenticate logins, manage subscriptions, and facilitate payment processing.
  • Monitor usage, conduct research, and improve algorithms and UI flows.
  • Communicate critical product updates, policy changes, invoices, and security alerts.
  • Comply with applicable laws, respond to lawful requests, and enforce our Terms of Service.

4. Sharing of Personal Data

  • Service providers: Razorpay (payments), Google Cloud Platform (hosting and storage), analytics providers, customer support tools, and email infrastructure.
  • Professional advisors: auditors, accountants, and legal counsel, bound by confidentiality obligations.
  • Government authorities: to comply with lawful directions under the Code of Criminal Procedure, 1973 or other statutes.
  • Business transactions: in connection with a merger, acquisition, investment, or sale of assets, subject to appropriate safeguards.

5. Cookies & Tracking Technologies

We use strictly necessary cookies to maintain session state, analytics cookies to improve product performance, and security cookies to prevent fraudulent activity. You may control cookies through browser settings; disabling essential cookies may limit certain features.

6. Data Retention

Personal data is retained only as long as necessary to fulfil the purposes outlined here or to comply with law. Design assets associated with an account may be retained for up to 24 months after subscription expiry unless you request deletion sooner. Billing records are retained for at least eight years under GST regulations.

7. Security Practices

We implement administrative, technical, and organisational safeguards aligned with ISO/IEC 27001. These include encryption in transit and at rest, role-based access control, regular vulnerability assessments, and employee training. No system can be completely secure; please follow best practices such as strong passwords and device security.

8. Your Rights

Subject to the DPDP Act, you may:

  • Request access to, confirmation of, or correction of your personal data.
  • Withdraw consent for optional processing (without affecting prior lawful processing).
  • Request data erasure or restriction, subject to legal retention obligations.
  • Seek grievance redressal through our Data Protection Officer within the statutory timelines.

9. Cross-Border Transfers

Personal data may be processed in India or other jurisdictions where our cloud providers operate, subject to contractual safeguards ensuring an adequate level of protection as mandated by Section 16 of the DPDP Act.

10. Children’s Data

The Services are not intended for persons under 18 years of age. We do not knowingly collect personal data from children. If you believe a minor has provided information, please contact us to arrange deletion.

11. Updates to This Policy

We may revise this Policy periodically. Changes will be published here with a revised effective date and, where required, communicated via email or in-product messages. Continued use of the Services after an update constitutes acceptance of the revised Policy.

12. Contact & Grievance Redressal

Data Protection Officer
NestCraft Innovations Pvt. Ltd.
12 Residency Road, Bengaluru, Karnataka 560025, India
Email: privacy@nestcraft.studio
Phone: +91 80460 21234

If you are dissatisfied with our response, you may escalate to the Data Protection Board of India as provided under the DPDP Act.