Privacy Policy
Effective Date: February 17, 2026 | Last Updated: February 17, 2026
1. Introduction
This Privacy Policy describes how Nestingbird, LLC ("Nestingbird," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our website at https://nestingbird.co, our platform, and related services (collectively, the "Service"). Nestingbird is a software-as-a-service platform that provides financial management, governance, and operational tools for homeowner associations ("HOAs"). We are a technology company—not a property management company.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account registration information: name, email address, mailing address, and phone number
- HOA and building information: association name, unit details, common interest percentages, member rosters, and governance documents (bylaws, declarations, insurance certificates)
- Financial information: bank account details (provided through Plaid for read-only transaction access), payment card information (processed by Stripe), and assessment/fee amounts
- Documents you upload: bylaws, CC&Rs, insurance policies, meeting minutes, maintenance records, and other files you store on the platform
- Communications: messages you send through the platform, support requests, and feedback
2.2 Information Collected Automatically
- Device and browser information: IP address, browser type, operating system, and device identifiers
- Usage data: pages viewed, features used, timestamps, and interaction patterns
- Cookies and similar technologies: session cookies necessary for authentication and platform functionality
2.3 Information from Third Parties
- Plaid: Read-only bank transaction data (transaction descriptions, amounts, dates, and categories) when you connect your HOA bank account
- Stripe: Payment confirmation data and account verification information for connected accounts
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service, including automated accounting, budgeting, invoicing, collections, governance, and document management features
- Process payments and financial transactions through Stripe Connect, where each HOA operates as a connected account
- Categorize and reconcile bank transactions to generate financial reports and budget recommendations
- Power AI-assisted features, including document search and question-answering capabilities (see Section 5 for details on AI processing)
- Generate 22.1 disclosure packets and other compliance documents
- Send transactional communications such as invoices, payment confirmations, meeting notices, and election notifications via email (Postmark) and physical mail (DocuPost)
- Respond to support requests and communicate with you about your account
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
4. Third-Party Service Providers
We share personal information with the following categories of service providers, solely to operate the Service:
Stripe (Payment Processing)
We use Stripe Connect to process HOA assessment payments and fees. Each HOA is set up as a Stripe connected account. Stripe receives payment card details, bank account information, and transaction amounts. Stripe's privacy policy
Plaid (Bank Account Connectivity)
We use Plaid to establish read-only connections to your HOA bank accounts for automated transaction import. Plaid receives your bank login credentials (which Nestingbird never sees or stores) and returns transaction data to us. Plaid's privacy policy
OpenAI (Document Embedding)
When you upload documents to the platform, we send the extracted text to OpenAI's embedding API to generate vector representations. These vectors are stored on our own infrastructure and used to power document search and question-answering features. OpenAI does not retain your document content for training purposes under our API agreement. OpenAI's privacy policy
Anthropic (AI Features)
Certain AI-powered features may use Anthropic's API for natural language processing tasks. Anthropic's privacy policy
Postmark (Email Delivery)
We use Postmark to send transactional emails including invoices, payment receipts, meeting notices, and account notifications. Postmark receives recipient email addresses and message content.
DocuPost (Physical Mail)
We use DocuPost to send physical mail such as late payment notices and official correspondence. DocuPost receives recipient names and mailing addresses as necessary to fulfill mail delivery.
Fly.io (Infrastructure and Hosting)
All application data, databases, and vector search indexes are hosted on Fly.io infrastructure located in the United States.
5. AI Features and Data Processing
Nestingbird offers AI-powered features including document search and plain-English question answering about your uploaded documents. Here is how this works:
- When you upload a document, the text content is sent to OpenAI's embedding API, which returns a numerical vector representation.
- The original document text and the resulting vectors are stored on Nestingbird's own servers hosted on Fly.io.
- When you ask a question, the search is performed locally against the stored vectors on our infrastructure—your query is not sent to OpenAI for search purposes.
- Certain natural language features may additionally use Anthropic's API for generating responses.
- Under our API agreements with both OpenAI and Anthropic, your data is not used to train their models.
6. Data Sharing and Disclosure
We do not sell your personal information. We may disclose your information in the following circumstances:
- To service providers listed in Section 4, as necessary to operate the Service
- To comply with applicable law, regulation, legal process, or enforceable governmental request
- To enforce our Terms of Service or protect the rights, property, or safety of Nestingbird, our users, or the public
- In connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, in which case you will be notified via email or a prominent notice on the Service
- With your consent or at your direction
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law (for example, tax and financial records we may be required to maintain). HOA financial records may be retained for up to seven years to comply with applicable recordkeeping requirements.
8. Data Security
We implement commercially reasonable technical and organizational measures to protect your personal information, including encryption in transit (TLS) and at rest, access controls, and regular security assessments. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate or incomplete personal information
- Deletion: Request that we delete your personal information, subject to legal retention requirements
- Data Portability: Request your personal information in a structured, machine-readable format
- Opt-Out of Communications: Unsubscribe from non-transactional emails using the link provided in each email, or by contacting us
To exercise any of these rights, contact us at support@inbound.nestingbird.co. We will respond to verified requests within 30 days.
10. State-Specific Disclosures
10.1 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act, including the right to know what personal information we collect, the right to delete, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising), and the right to non-discrimination. To exercise these rights, contact us at support@inbound.nestingbird.co.
10.2 Illinois Residents
Nestingbird does not collect biometric information. If this changes, we will update this policy and obtain the required consent under the Illinois Biometric Information Privacy Act (BIPA).
11. Children's Privacy
The Service is not directed to individuals under the age of 13 (or 16 in jurisdictions where applicable). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at support@inbound.nestingbird.co.
12. International Data Transfers
The Service is hosted in the United States and intended for use within the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction. By using the Service, you consent to this transfer.
13. Cookies and Tracking Technologies
We use only essential cookies required for the Service to function, such as session authentication cookies. We do not use third-party analytics or advertising cookies. We do not engage in cross-site tracking or behavioral advertising.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
15. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: