Protecting your personal data is important to us. Below we explain how your data is processed when you
visit nestwarm.com, nestwarm.io, nestwarm.ai (including all sub-pages) and when you use the Nestwarm WhatsApp companion.
Nestwarm UG (haftungsbeschränkt)
Heimat 79a, 14165 Berlin, Germany
E-mail: privacy@nestwarm.com
Managing Director: Fabian Louis
Data Protection Officer: Doro Luik
a) When you visit the website
Your browser automatically sends the following information to our server: IP address, date and time, page or file requested, referrer URL, browser/OS and, if applicable, the name of your access provider. We store this data in log files to ensure a stable, secure connection and to evaluate system security. The legal basis is Art. 6 (1) f GDPR (legitimate interest).
We also use Google Analytics 4 after you accept our cookie banner. Analytics works with anonymised IP addresses and helps us understand how visitors use the site. Legal basis: Art. 6 (1) a GDPR (consent).
b) When you send a phone number or message via our contact form
We store your phone number in Webflow’s EU database to contact you on WhatsApp and answer your request. Legal basis: Art. 6 (1) b GDPR (pre-contractual measures).
c) When you chat with Nestwarm on WhatsApp
Your phone number and all message content are transported via WhatsApp Business (Meta Ireland) and stored encrypted in our Supabase database (EU). We decrypt each message only in memory to forward it to OpenAI’s EU API endpoint; the response is then re-encrypted and saved. Messages are processed solely to provide the service. Legal basis: Art. 6 (1) b GDPR.
If our safety filter flags content that suggests self-harm, violence or criminal activity, the message is decrypted and forwarded to a trained staff member who may alert the authorities. Legal basis: Art. 6 (1) c and f GDPR.
d) When you e-mail us
Your e-mail and any attachments are stored in Google Workspace (EU) to process your enquiry and for invoicing. Legal basis: Art. 6 (1) b GDPR.
We work with Google Cloud (EU regions), Supabase (EU West), WhatsApp Business, (Meta) OpenAI (API) and Google Analytics. All traffic is encrypted with TLS 1.3; data at rest is encrypted with AES-256. Primary storage is inside the EEA; occasional access from outside the EEA is covered by Standard Contractual Clauses (Art. 44 ff. GDPR).
You may request information, correction, deletion, restriction, portability and lodge a complaint with your supervisory authority (Art. 15-20 GDPR). You may object to processing based on legitimate interests (Art. 21 GDPR) and withdraw consent at any time (Art. 7 GDPR).
Contact: privacy@nestwarm.com
If we process your data on the basis of Art. 6 (1) f GDPR, you may object at any time for reasons arising from your particular situation.
This privacy statement is valid as of April 2025. We may adapt it to legal requirements or service changes at any time; the current version is always available here.
Nestwarm is an AI companion that chats with you via WhatsApp. Nestwarm is not medical or psychological counselling.
You must be at least 18 years old (or the local age of consent) and agree to these terms. You may not send unlawful, harassing or hateful content.
You have a 14-day EU right of withdrawal unless you have used 50 messages or more, which constitutes full performance.
By using Nestwarm you consent to the processing steps described in the Privacy Policy, including the transmission of your messages to OpenAI’s API.
If messages indicate imminent harm or criminal activity, we may review the content and pass it to emergency services.
The service is provided “as is”. We are liable only for intent or gross negligence and limited to the fees you paid in the last 12 months. We are not liable for actions you take based on chatbot responses.
You may cancel at any time. We may suspend accounts for policy violations or non-payment.
These terms are governed by German law. Exclusive venue is Berlin.
Nestwarm UG, Heimat 79a, 14165 Berlin, Germany
support@nestwarm.com