Privacy Policy

Last updated: May 17, 2026

NestBoard ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, why we collect it, and how we use it when you use NestBoard.

1. Information We Collect

Account information: Email address and display name when you register or sign in via Google OAuth.
Google Calendar data: With your permission, we read your Google Calendar events to display them on your e-paper device. We access the minimum necessary scope (calendar.readonly).
Device data: Device identifiers, sync timestamps, battery level, firmware version, and display status from paired e-paper devices.
Configuration data: Template preferences, layout settings, location (city-level, for weather), and content preferences you configure in the admin panel.

2. How We Use Your Data

To authenticate and manage your account.
To render personalized content (calendar events, weather, custom widgets) onto your e-paper display.
To synchronize your device and deliver updated display images.
To monitor device health and diagnose issues.

We do not use your data for advertising, profiling, or sale to third parties.

3. Google API Data – Limited Use Disclosure

NestBoard's use of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.

Specifically:

Google Calendar data is used only to render calendar events on your personal e-paper display.
Calendar data is not shared with third parties, used for advertising, or stored beyond what is needed to generate the current display image.
Humans do not read your calendar data; it is processed automatically by the render engine.

4. Data Retention

Account and device configuration data is retained as long as your account exists.
Google Calendar tokens are stored securely and refreshed automatically. They are deleted when you disconnect your Google account or delete your NestBoard account.
Rendered display images are generated on demand and are not permanently stored.

5. Data Security

We store data on MongoDB Atlas with encryption at rest. API endpoints are protected with JWT authentication. Google OAuth tokens are stored encrypted. We do not log or expose raw calendar content in application logs.

6. Third-Party Services

NestBoard may use the following third-party services:

Google Calendar API – to read your calendar events.
Open-Meteo / weather API – to retrieve weather data (no personal data is shared; only a city/coordinates are sent).
MongoDB Atlas – for database hosting.

7. Your Rights

You may disconnect Google Calendar at any time via Google Account Permissions.
You may request deletion of your account and all associated data by contacting us.
You may request a copy of the data we hold about you.

8. Children's Privacy

NestBoard is not directed to children under 13. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date above.

10. Contact

For privacy-related questions or data requests, contact:
lidormalich@gmail.com