NEST by Night Owl Privacy Policy

Privacy and Data Handling Policy

Effective Date: June 1, 2025

1. Overview

Night Owl Nanny Care and Nest by Night Owl (“we,” “our,” “us”) are committed to protecting the privacy and confidentiality of all client and family information. We collect only the data necessary to deliver our services, store it securely, and retain it only for as long as needed.

2. Information We Collect

We collect limited personal information directly from clients via secure online forms, email, and phone. This may include:

  • Parent or principal’s name and contact details (address, phone, email)

  • Infant’s first name and date of birth

  • Scheduling, travel, and household information relevant to providing care

  • Service preferences and notes provided by the family

We do not collect or store Social Security numbers or medical records.

We use a secure, PCI-compliant payment processor (Converge by Elavon, a U.S. Bank company) to collect and process payments. Nest by Night Owl does not directly collect, store, or have access to your credit card details. All payment information is encrypted and handled securely by our processor in accordance with banking and data protection standards. Our payment processor may retain limited transaction information as required to complete payments, issue refunds, or comply with financial regulations.

3. How We Use This Information

We use the information solely for:

  • Matching families with qualified care providers

  • Coordinating schedules and services

  • Maintaining internal client records

  • Communication related to ongoing or upcoming care

We never sell, rent, or share client data with third parties for marketing or unrelated purposes.

4. How We Store and Protect Data

  • Data Hosting: All digital records are stored in Google Workspace Business, which provides enterprise-grade encryption in transit and at rest, and meets SOC 2, ISO 27001, and GDPR compliance standards.

  • Access Control: Client information is stored in restricted, access-controlled folders. Only authorized staff and contractors directly involved in client coordination can view this information.

  • Passwords: All account credentials are stored in NordPass Business, protected by zero-knowledge encryption and multi-factor authentication (MFA).

  • Devices: All company devices are protected with disk encryption (FileVault or BitLocker), strong passcodes, and remote-wipe capability.

  • Email Security: We use Gmail within Google Workspace with two-factor authentication and enforced TLS encryption for all communications.

  • Form Submissions: Online forms are hosted on Jotform or Dubsado, both of which use SSL/TLS encryption for data transmission.

  • Physical Data: We do not maintain paper records containing client personal information.

5. Data Retention and Deletion

We retain client data only for as long as necessary to fulfill our contractual obligations and meet any legal or accounting requirements.
When a client relationship ends, we:

  • Archive digital records for 24 months to facilitate future services, unless requested otherwise.

  • Securely delete data upon request or after the retention period using permanent deletion protocols.

6. Third-Party Providers

We partner only with reputable technology providers who maintain high standards of data security and compliance. Our key vendors include:

  • Google Workspace (Google Cloud) – secure business email and document storage

  • Jotform / Dubsado – encrypted client intake and scheduling forms

  • NordPass – secure password and credential management
    Each of these vendors maintains compliance with major international privacy frameworks (SOC 2, ISO 27001, GDPR).

7. Client Rights

Clients may request to:

  • Review or correct personal information we hold

  • Request deletion of their information

  • Obtain a copy of our data retention procedures

Requests may be made by emailing info@nestbynightowl.com.

8. Breach Response

In the unlikely event of a data breach, we will:

  1. Immediately investigate and contain the incident

  2. Notify affected clients promptly

  3. Take corrective action to prevent recurrence

9. Contact

For any privacy-related questions or concerns, please contact info@nestbynightowl.com.