Privacy Policy
This Privacy Policy explains how NestingCenter collects, uses, stores, and protects personal data and customer production content. We aim to be direct and specific rather than vague.
1. Who we are
NestingCenter is a cloud-based nesting optimization service for CNC, sheet material, laser/router, and manufacturing workflows. The service is operated by [Legal company name], registered at [Registered address], [Country].
For questions about this policy, contact us at privacy@nestingcenter.io.
2. What data we collect
Account data
When you create an account we collect your name, email address, and a hashed password. If you register via a third-party provider we receive only what that provider shares with us under your authorization.
Project and production data
When you use NestingCenter you may upload DXF/SVG files, define parts and materials, configure nesting jobs, and generate export reports such as SVGs and PDFs. We refer to this collectively as Customer Content.
Your uploaded files, project data, material definitions, part lists, and nesting results remain your content. We do not claim ownership of your production data.
Technical and usage data
We collect standard server logs including IP addresses, browser type, referring URLs, pages visited, and timestamps. We use this data to operate, maintain, and improve the service.
Payment data
The Free plan does not require payment card details. If you subscribe to a paid plan, payment processing may be handled by a third-party payment provider. We do not store full payment card numbers on our servers.
Depending on the payment provider and billing setup, we may receive and store limited billing information such as your billing name, billing email, billing address, tax details, selected plan, invoice status, transaction identifiers, payment status, card brand, last four digits of the card, and card expiry month/year.
Support and communication data
If you contact us via the contact form or email, we retain your messages, name, and email address to respond and maintain a support history.
3. How we use data
| Purpose | Data used |
|---|---|
| Provide and operate the service | Account data, Customer Content, technical data |
| Authentication and security | Account data, IP address, session tokens |
| Billing and subscription management | Account data, payment records |
| Customer support | Support communication data |
| Service improvement and debugging | Technical logs, aggregated usage patterns |
| Sending transactional emails | Email address |
| Legal compliance | As required by applicable law |
We do not use your production files, uploaded drawings, project data, or nesting results for advertising.
4. Legal basis for processing
Where applicable under GDPR or equivalent legislation, we process personal data on the following bases:
- Contract performance — processing necessary to provide the service you subscribed to.
- Legitimate interests — security monitoring, fraud prevention, and service improvement, where these interests are not overridden by your rights.
- Legal obligation — where we are required to retain or disclose data by applicable law.
- Consent — for optional communications, where required.
5. Customer Content and uploaded files
Customer Content includes DXF/SVG files, part geometry, material specifications, nesting job configurations, and output reports you create or upload within NestingCenter.
We do not use Customer Content to train public AI models.
We do not share your Customer Content with other customers.
We access Customer Content only to the extent necessary to provide the service — for example, to process a nesting job, render a preview, or generate an export. Authorized employees may access content to provide support when you request it, or to investigate security incidents.
We treat uploaded production files as confidential and apply reasonable technical and organizational controls to protect them.
6. Cookies and similar technologies
We use cookies and similar mechanisms for the following purposes:
- Authentication — HttpOnly cookies to maintain your logged-in session securely.
- Security — CSRF protection and abuse prevention.
- Preferences — storing UI settings you configure.
We do not currently use third-party advertising cookies. If we introduce analytics or tracking beyond server-side logs, we will update this policy and, where required, request your consent.
7. Data sharing and subprocessors
We do not sell personal data. We share data with third parties only where necessary to operate the service:
| Subprocessor | Purpose | Location |
|---|---|---|
| Cloud infrastructure provider | Hosting, storage, compute | EU / US |
| Email delivery provider | Transactional email | US |
| Payment processor | Billing and subscription | US / EU |
We may disclose personal data if required by law, court order, or to protect the rights, property, or safety of our users or the public. We will notify affected users where legally permitted to do so.
8. International data transfers
Some of our subprocessors are located outside the European Economic Area. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under applicable law.
9. Data retention
We retain personal data and Customer Content for as long as your account is active or as needed to provide the service. Specifically:
- Account data is retained until you delete your account or request deletion.
- Customer Content is retained while you have an active subscription and for a short grace period after cancellation to allow for recovery. After that period, content is deleted from production systems.
- Server logs and technical data are retained for a limited period for security and operational purposes.
- Billing records may be retained longer where required by tax or accounting obligations.
10. Security
We apply technical and organizational measures designed to protect personal data and Customer Content against unauthorized access, loss, or disclosure. These include encrypted connections (HTTPS), access controls, authentication requirements, and monitoring for abnormal activity.
No system can guarantee absolute security. If you believe a security incident has occurred, contact us at privacy@nestingcenter.io.
11. Your rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your personal data, subject to legal retention requirements.
- Portability — receive your data in a structured, machine-readable format where technically feasible.
- Restriction — request that we limit processing in certain circumstances.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@nestingcenter.io. We will respond within 30 days. If you are in the EU/EEA and believe we are handling your data unlawfully, you have the right to lodge a complaint with your local data protection authority.
12. Business customers and team accounts
If you access NestingCenter through an account managed by your employer or organization, your organization is the data controller for data processed within that account. Your organization's privacy policy and the terms of your organization's agreement with us govern that data. Individual users within a team account should direct privacy inquiries to their organization administrator.
13. Children
NestingCenter is a professional B2B service and is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it.
14. Changes to this Privacy Policy
We may update this policy from time to time. When we make material changes, we will notify registered users via email or an in-product notice before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.
Continued use of NestingCenter after changes take effect constitutes acceptance of the revised policy. This Privacy Policy should be read together with our Terms of Service.
15. Contact
For privacy-related questions or requests, contact: