Privacy & Trust

Last Updated: November 5, 2025

At Nesthood, we recognize that our customers’ data is their most critical asset. This document outlines our unwavering commitment to data protection. For a Founder, managing risk is paramount; we view ourselves as partners in safeguarding your financial data’s integrity, confidentiality, and availability, ensuring our platform is a cornerstone of your company’s operational resilience and strong governance posture.

Data Governance & Control

Customer as Data Controller

You, the Customer, are the ultimate owner and controller of your data. We act solely as a Data Processor, operating under the strict instructions defined in our contractual agreement. We have a fiduciary responsibility to protect your data as if it were our own.

Role-Based Access Control (RBAC)

The Nesthood platform supports customer-configurable access controls, enabling you to enforce the principle of least privilege within your own teams and align with your internal security policies.

Data Residency & Sovereignty

We provide options for regional data residency, allowing you to store your Customer Data in specific geographic locations (e.g., North America or the European Union) to meet your corporate or regulatory data sovereignty requirements.

Compliance & Auditability

Immutable Audit Trails

The Service generates comprehensive, immutable audit logs for all significant events, including data access, user actions, and configuration changes. These logs are exportable to support your internal reviews and external audits.

Third-Party Attestations

We maintain independent, third-party attestations for our security controls. Our compliance with standards like SOC 2 Type II and ISO 27001 provides verified assurance of our operational integrity, reducing your vendor risk assessment burden.

Support for Your Regulatory Needs

Our platform’s built-in controls are designed to help you meet your own regulatory obligations, such as data integrity requirements for Sarbanes-Oxley (SOX) compliance and data protection principles under GDPR.

Security & Business Continuity

  • Encryption: All Customer Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Business Continuity (BCDR): We maintain a robust Business Continuity and Disaster Recovery plan to ensure service availability for your mission-critical treasury operations.
  • Data Portability: We believe your data should never be held hostage. Upon contract termination, you can export your data in a structured, machine-readable format, eliminating the risk of vendor lock-in.

AI Model Integrity

Your competitive advantage is sacrosanct. Customer Data is used to train AI models for the exclusive benefit of that specific Customer within their segregated environment. No Customer’s data is ever used to train models for another Customer. We may use fully anonymized and aggregated data, which cannot be reverse-engineered, to improve our global core algorithms.

Commitment to the Founders

  • Risk Mitigation: Secure, compliant platform to reduce operational and vendor risk.
  • Data Integrity: Controls to ensure the accuracy and reliability of financial data.
  • Efficiency: Compliance certifications streamline your vendor due diligence.
  • Partnership: Leverage AI while maintaining rigorous governance and control.

Third-Party Risk Management

We conduct rigorous security and financial due diligence on all sub-processors (e.g., cloud hosting providers). These vendors are bound by the same stringent data protection obligations we uphold. A list of major sub-processors is available on request.

Contact Our Team

For questions about security, compliance, or data practices, contact our Data Protection Officer.

privacy@nesthood.com