Privacy Policy

Effective Date: June 4, 2025

1. Introduction

NestUp (“we”, “our”, “us”) is committed to protecting the privacy of our users and maintaining transparency about how we collect, use, store, and share your personal data. This Privacy Policy explains the rights and responsibilities of all individuals who use our services, whether they are companies (“Startups”) or students (“Interns”). This policy is fully aligned with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable international privacy standards including data protection frameworks in Asia and globally.

This policy applies to all visitors, registered users, and others who access our services via our platform (“NestUp”) available at https://www.nestup.work.

2. Data We Collect

2.1 Interns

  • Full name
  • Email address
  • Country of residence
  • University, degree, and graduation year
  • Skills and languages
  • Career interests and preferred industries
  • Preferred internship type and duration
  • About Me description, portfolio links, video pitch (optional)
  • Profile picture (optional)

2.2 Startups

  • Company name and website
  • Company location and industry
  • Company size and tech stack
  • Company profile description
  • Internship listing details: role, description, responsibilities, requirements, duration, stipend (if any), location type, start date, deadline, required skills, custom questions
  • Company logo (optional)
  • Payment information (only collected from startups through secure third-party payment providers)

2.3 Automatically Collected Information

  • IP address, browser type, device information
  • Operating system and referral URLs
  • Activity logs and usage analytics (e.g., page views, clicks)
  • Cookies and similar technologies (see Section 9)

3. Purpose of Data Processing

We process personal data for the following purposes:

  • Account creation and authentication
  • Connecting startups with relevant intern profiles
  • Enabling startups to view and evaluate applications
  • Supporting text-based communication between startups and interns
  • Managing internship listings and applications
  • Processing payments from startups (interns are not charged)
  • Improving platform functionality, performance, and security
  • Complying with legal obligations and responding to lawful requests

4. Lawful Basis for Processing

We process your data under the following lawful bases:

  • Contractual Necessity: To deliver the services you sign up for (e.g., profile management, internship applications, listing postings)
  • Legitimate Interest: For analytics, fraud prevention, and platform improvements
  • Consent: For optional features like email marketing or uploading optional information (e.g., pictures, video pitch)
  • Legal Obligation: For compliance with tax, financial, and anti-abuse regulations

5. Payment Processing

We collect payment only from startups via secure third-party payment processors (e.g., Stripe, Razorpay). We do not store card details or banking information on our servers. The payment providers may collect and store such data in accordance with their own privacy policies and applicable financial regulations.

6. Data Storage and Security

  • All personal data is stored on MongoDB Atlas, located in AWS Mumbai region.
  • Uploaded images (profile pictures, company logos) are stored on AWS S3 with restricted access.
  • Passwords are securely hashed using bcrypt.
  • Access to databases and storage is limited to the platform administrator.
  • We implement technical and organizational measures to secure data including SSL encryption, firewall protection, access control, and regular audits.

7. Data Sharing and Third-Party Services

We do not sell or share personal data with third parties for advertising. We may share limited data with trusted service providers, under signed Data Processing Agreements (DPAs), including:

  • AWS (cloud storage and hosting)
  • MongoDB Atlas (database management)
  • Zoho Mail (for sending transactional and platform-related emails)
  • Payment processors (for handling transactions)

These processors act only on our instructions and under contractual confidentiality obligations.

We use Zoho Mail to send automated transactional and platform-related emails triggered by specific user actions, such as:

  • Account creation
  • Profile completion
  • Internship postings
  • Internship applications
  • Application status changes
  • Notifications about new relevant internship posts

8. Data Retention

  • Intern and startup data is stored as long as the account remains active.
  • Deleted accounts are fully purged within 30 days unless required for legal compliance.
  • Payment records and financial data (for startups) are retained for 7 years as required by law.

9. Cookies and Tracking Technologies

We use essential cookies to maintain session information and platform functionality. Optional cookies (e.g., for analytics) are used only with your consent.

  • Essential Cookies: Login, session tracking
  • Analytics: Google Analytics (with IP anonymization)
  • No marketing/advertising cookies used

Users can manage cookie preferences through browser settings or opt-out banners.

10. Your Rights (EU & Global Standards)

Depending on your location, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Withdraw consent
  • Data portability
  • Lodge complaints with a supervisory authority (e.g., DPC in Ireland)

Requests can be made via email at hello@nestup.work. Responses will be issued within 30 days.

11. International Data Transfers

As a global platform, data may be transferred across jurisdictions. Where EU or UK data is transferred to non-EU countries (e.g., India), we use:

  • Standard Contractual Clauses (SCCs)
  • DPA agreements with our subprocessors
  • Industry-standard encryption and access policies

12. Children's Privacy

Our services are intended for users aged 18 and older. We do not knowingly collect personal data from minors. If we become aware of such data, we will delete it promptly.

13. Data Deletion Requests

Users can request account deletion from their profile or by contacting us at:
Email: hello@nestup.work
Subject: Account Deletion Request

All associated data will be deleted within 30 days and cannot be recovered.

14. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with a revised effective date. Continued use of the platform implies acceptance of the updated policy.

15. Contact Information

If you have questions, requests, or complaints regarding this policy or your data:

We are committed to handling all data with integrity, transparency, and accountability.