Back to NestList

Trust center

Privacy Promise

How NestList protects private family coordination, share links, addresses, guest claims, billing, and AI-assisted features.

Last updated May 20, 2026

Effective date: May 20, 2026 Last updated: May 20, 2026 Company: Ephraim Technology ("NestList," "we," "us," or "our") Contact: hello@withnestlist.com

NestList is a household-centered wishlist service for families. A household owner or co-parent can create recipient profiles, build gift lists, share private links with guests, coordinate claims and group gifts, and draft thank-you notes. This Privacy Policy explains what information we collect, how we use it, and the choices available to account holders and guests.

We designed NestList around private family coordination. We do not sell personal information, we do not run advertising, and we do not create public searchable registries.

1. Who This Policy Covers

This policy applies to:

  • Account holders, including household owners, co-parents, and viewers.
  • Guests, such as family members or friends who receive a private share link and claim, reserve, or pledge toward gifts.
  • Recipient profiles, including children, adults, and pets whose information is added by an account holder.

Recipients do not create accounts in NestList v1. If you add information about another person, including a child, you are responsible for having the right to do so and for using NestList in a way that respects that person's privacy.

2. Information We Collect

Account And Household Information

When you create or use an account, we may collect:

  • Name, email address, avatar, authentication details, and account settings.
  • Household name, time zone, default shipping address, subscription plan, trial status, and billing identifiers.
  • Membership role, invite status, joined date, and activity within the household.
  • Notification, privacy, sharing, AI, and data export settings.

Recipient Profile Information

Account holders may add recipient information such as:

  • Name, age, recipient type, role label, photo or avatar, notes, color, and emoji.
  • Gift preferences, including interests, sizes, brands, allergies, dislikes, and avoid lists.
  • Addresses and address reveal instructions.
  • Lists, occasions, due dates, items, priorities, notes, photos, prices, store links, and item status.

Guest And Gift Coordination Information

When a guest uses a private share link, claims an item, marks an item as purchased, contributes to a group gift, or receives a related email, we may collect:

  • Guest name and email address.
  • Claim, reservation, purchase, release, pledge, and contribution records.
  • Group gift amount, payment status, payment method label, lead-buyer status, and related notes.
  • Share-link access events, including view count and last viewed time.

NestList tracks gift coordination. Money does not move through NestList for group gifts. If a household provides Venmo, PayPal, Cash App, Zelle, or similar payment handles, those handles are shown only for reimbursement coordination.

Thank-You Notes And Messages

NestList may store thank-you note drafts, edited note text, giver names, giver emails, send status, and related item or bundle information.

Product URL And Image Information

If you paste a product URL, NestList may fetch the page server-side to read product metadata such as title, image, price, currency, and store name. If a product image is available and safe to fetch, we may stage that image in private storage for your review and editing.

AI Feature Inputs And Outputs

If you use AI suggestions or thank-you drafting, we may process relevant recipient preferences, item details, budget hints, tone settings, and draft text to generate the requested output. We store AI outputs where needed to show suggestions, drafts, and edits in the product.

Billing Information

Subscriptions, trials, payment methods, invoices, plan changes, cancellations, and card details are handled by Stripe. We store Stripe customer and subscription identifiers, plan state, trial dates, and renewal dates, but we do not store full card numbers.

Technical And Usage Information

We may collect technical information needed to provide and secure the service, such as:

  • IP address, browser type, device information, approximate location derived from IP address, request logs, and timestamps.
  • Session, authentication, security, and error logs.
  • Product usage events, such as list edits, link revocations, address reveal changes, exports, and account deletion requests.

3. How We Use Information

We use information to:

  • Provide, maintain, and improve NestList.
  • Create households, recipient profiles, lists, items, share links, claims, pledges, and thank-you workflows.
  • Control household access, membership roles, privacy settings, and address reveal rules.
  • Show guests the right recipient list through private share links.
  • Send transactional emails, such as invites, claim confirmations, group gift updates, thank-you notes, reminders, and account messages.
  • Process subscriptions, trials, plan changes, and billing support.
  • Generate AI suggestions and drafts when requested.
  • Provide exports, account deletion, and support.
  • Detect, prevent, and investigate abuse, security incidents, fraud, or technical problems.
  • Comply with legal obligations and enforce our Terms of Service.

4. How Sharing Works In NestList

Household Members

Household members can see household data according to their role. Owners and co-parents can manage recipients, lists, items, settings, share links, and claims. Viewers may have read-only access.

Guests With Private Share Links

Guests can access only the recipient or list made available through the private share link they received. Share links are intended to be private, but anyone with a valid active link may be able to open it. Account holders should share links carefully and revoke them when needed.

Guests do not see other guests' names or emails for items they did not claim. Address details are shown to guests only according to the recipient's address reveal setting, such as after a claim is recorded.

Service Providers

We use service providers to operate NestList. These may include providers for:

  • Database, authentication, storage, and row-level access controls.
  • Hosting, infrastructure, and application delivery.
  • Transactional email.
  • Subscription billing and customer billing portals.
  • AI generation.
  • Error monitoring, security, analytics, and support tooling.

These providers may process information only as needed to provide services to us and our users.

Legal, Safety, And Business Transfers

We may disclose information if we believe it is necessary to comply with law, legal process, or government requests; protect the rights, privacy, safety, or property of NestList, users, guests, recipients, or others; investigate abuse or security issues; or support a merger, acquisition, financing, reorganization, or sale of assets.

5. Cookies And Similar Technologies

NestList uses cookies and similar technologies for authentication, session management, security, preferences, and basic product functionality. We do not use advertising cookies.

6. AI Features

AI features are optional product features that help with gift suggestions, product metadata enrichment, and thank-you note drafting. You are responsible for reviewing AI outputs before using or sending them. Avoid entering highly sensitive information into AI prompts or notes unless it is necessary for the feature.

7. Children And Recipient Profiles

NestList is intended for use by adults and is not directed to children under 13. Children do not create accounts in NestList v1.

An account holder may create a recipient profile for a child and add gift preferences, addresses, photos, or notes. By adding a child's information, you represent that you are the child's parent, guardian, or otherwise authorized to provide and manage that information.

If you believe a child's information was added without proper authorization, contact us at hello@withnestlist.com.

8. Data Retention

We keep information for as long as needed to provide NestList, maintain household records, support exports and deletion recovery, comply with legal obligations, resolve disputes, enforce agreements, and protect the service.

If an account or household is deleted, NestList may keep the data in a soft-deleted state for a limited grace period, currently intended to be 30 days, so deletion can be reversed if requested by an authorized user. After that period, we intend to delete or de-identify household-scoped data unless we need to retain certain information for legal, security, billing, or operational reasons.

9. Your Choices

Depending on your role and location, you may be able to:

  • Access and update your account information.
  • Export household data in JSON or CSV format.
  • Revoke share links or use the household share-link kill switch.
  • Change recipient address reveal settings.
  • Delete items, recipients, lists, notes, and other household content.
  • Delete your account or, if you are the household owner, request deletion of the household.
  • Contact us to request access, correction, deletion, or portability of personal information.

Guests may contact us to request access to, correction of, or deletion of claim or pledge information associated with their email address, subject to verification and household integrity requirements.

10. Security

We use administrative, technical, and organizational measures designed to protect information. These include household-scoped access controls, private storage for photos, signed URLs where appropriate, role-based permissions, revocable share links, and service-provider security features.

No online service can guarantee perfect security. You are responsible for keeping your account credentials safe and for sharing private links only with intended guests.

11. International Use

NestList is currently designed primarily for users in the United States. If you access NestList from outside the United States, your information may be processed in the United States and other locations where we or our service providers operate.

12. State Privacy Rights

Some U.S. state privacy laws give residents rights to access, delete, correct, or receive a copy of personal information, and to opt out of certain uses. NestList does not sell personal information or use it for cross-context behavioral advertising.

To exercise privacy rights, contact us at hello@withnestlist.com. We may need to verify your identity and authority before acting on a request.

13. Changes To This Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify account holders, such as by email or in-app notice. The updated policy will be effective when posted unless it says otherwise.

14. Contact

Questions or requests can be sent to:

Ephraim Technology c/o Corporation Service Company 251 Little Falls Drive Wilmington, DE 19808 hello@withnestlist.com