Privacy & Cookie Policy
1. Who is responsible (Controller)
Nikolay Tonev (Einzelunternehmen)
82008 Unterhaching, Bavaria, Germany
privacy@nestbalm.app
No Data Protection Officer is appointed — this is not required for processing of this scale under Art. 37 GDPR.
2. What we collect, why, and the legal basis
This is a pre-launch page. We only collect what is needed to run the waitlist and the founding-family survey:
- Your email address — so we can tell you when Nestbalm opens and honour the 45-days-free reward. Legal basis: your consent (Art. 6(1)(a) GDPR), given when you submit the form.
- Your survey answers (if you take the survey) — to shape what we build first and administer the reward. Legal basis: your consent (Art. 6(1)(a)).
- Reward / survey status (whether you completed or skipped the survey, and your reward eligibility) — to administer the offer. Legal basis: consent and pre-contractual steps (Art. 6(1)(a)/(b)).
- Marketing source & language (e.g. a
utm_sourcelink parameter, your chosen language) — to understand where sign-ups come from. Legal basis: your consent (Art. 6(1)(a)). - Privacy-friendly usage analytics — anonymous, aggregate counts of page actions (e.g. "survey started", "joined the waitlist"). These contain no personal data, set no advertising cookies, and use no third-party trackers. They run only if you accept analytics in the cookie banner. Legal basis: your consent (Art. 6(1)(a)).
- Technical access data — our hosting provider (Google Cloud) processes your IP address transiently to deliver the page and protect against abuse (rate-limiting). We do not store your IP address in our own records. Legal basis: our legitimate interest in security and delivery (Art. 6(1)(f)).
We do not sell your data, show ads, or use it for automated decision-making or profiling (Art. 22 GDPR).
3. Cookies and local storage
The page uses the minimum necessary, all first-party:
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
wl | Cookie (strictly necessary) | Links your waitlist entry to the survey return so we can grant the reward | ~2 hours |
nb_consent | Local storage (necessary) | Remembers your cookie choice | Until you clear it |
nb_locale | Local storage (functional) | Remembers your language preference | Until you clear it |
If you accept analytics, the events are sent directly to our own server — no analytics cookies are set. You can change or withdraw your choice at any time via "Cookie settings" in the footer.
4. Where your data is stored
All data is stored in the European Union (Frankfurt, Germany) on Google Cloud (Firebase Hosting, Cloud Run, and Firestore), acting as our processor under a data-processing agreement (Art. 28 GDPR). Your data is not transferred outside the EU/EEA for storage.
5. Who we share it with
- Google Cloud — hosting and database, as our processor, in the EU.
That is all. The survey runs on our own infrastructure — we do not use Google Forms or other third-party survey tools.
6. How long we keep it
We keep your waitlist and survey data until the launch and the reward-claim window close (currently 30 days after the 18 August 2026 soft open), after which we delete or anonymise it — unless you become a Nestbalm customer, or you ask us to delete it sooner. You can withdraw consent or request deletion at any time.
7. Your rights
Under the GDPR you have the right to: access your data; have it corrected; have it deleted; restrict or object to processing; data portability; and to withdraw consent at any time (this does not affect processing already carried out). To exercise any of these, email privacy@nestbalm.app.
You also have the right to lodge a complaint with a supervisory authority. For us this is the Bavarian State Office for Data Protection Supervision (BayLDA), Ansbach, Germany.
8. Children
Nestbalm is intended for parents and adults managing family finances. This pre-launch page is not directed at children, and we do not knowingly collect data from children.
9. Changes
We may update this policy as Nestbalm develops. The date above reflects the latest version.