Privacy Policy

Last updated: 18 March 2026

1. Introduction

Leaving The Nest ("we", "our", "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices you have when you use our website and the Leaving The Nest mobile app.

We aim to explain things in plain English first. Where needed, we also use more precise legal wording so the policy stays accurate as our services develop.

2. What the app does

Leaving The Nest is a mobile app designed to help users with budgeting, financial planning, to-do management, notes, education tracking, job and housing support, helpful links, document viewing, and AI-assisted life planning guidance.

Users can create an account, sign in, save their own information and content, view built-in guidance documents, and in some parts of the app open external links or news content.

3. Information we may collect or store

We only aim to collect information that is relevant to providing, securing, and improving the service.

Account and profile information

• Name, email address, and sign-in credentials handled through Supabase authentication.
• Phone number, date of birth, address details, postcode, and living situation when provided or needed for account use.
• Ethnicity, job status, and premium or subscription status when a user chooses to provide them or when needed for service features.

User-generated content

• Budgeting and finance entries such as transactions and planning information.
• To-do items, notes, education grades, and job application records.
• Chatbot conversations and feedback submissions.
• Documents or other content a user chooses to view or store through the app, where applicable.

Service, device, and delivery information

• Technical and log information needed to run the app, protect accounts, troubleshoot issues, and deliver content.
• Notification-related data, such as push notification tokens or delivery status, if notifications are enabled.
• Approximate location or postcode-related information for selected support or helpful-link flows where location context is needed.
• Advertising-related information where Google Mobile Ads is used, subject to device settings, consent flows, and applicable law.

4. Why we process each category of information

• To create and manage accounts: to register users, authenticate sign-in, maintain profile records, and support account recovery and security.
• To provide app features: to save and display budgeting data, plans, tasks, notes, education tracking, job and housing support information, documents, and other user content.
• To provide AI-assisted guidance: to process prompts and responses for chatbot features and improve response quality, safety, and reliability where permitted.
• To provide notifications: to send reminders, service messages, or other app-related notifications a user has enabled.
• To support selected location-based flows: to use approximate location or postcode information when helping users find relevant links, resources, or support options.
• To operate, secure, and improve the service: to monitor performance, detect misuse, fix bugs, and maintain service stability.
• To communicate with users: to respond to feedback, support requests, and important service updates.
• To comply with law: to meet legal, regulatory, reporting, or enforcement requirements.

Where privacy law requires a legal basis, we generally rely on one or more of these: performance of a contract with you, your consent, our legitimate interests in operating and improving the service, and compliance with legal obligations.

5. Authentication and account management

Users can create an account and sign in using Supabase authentication. We use authentication and account records to verify identity, keep accounts available across sessions, help users access their saved content, and support account security.

Users can delete their own account from inside the app. The deletion flow is intended to remove the account data associated with that user and the related Supabase authentication record, although limited information may be retained where reasonably necessary for legal, security, fraud-prevention, dispute-handling, or backup recovery purposes.

6. Chatbot and AI processing

The app may include AI-assisted guidance and chatbot features powered by OpenAI. When users interact with those features, prompts, messages, and related context may be processed to generate responses, maintain the feature, investigate misuse, and improve safety and reliability where permitted by contract and law.

Users should avoid entering sensitive personal information into chatbot fields unless it is clearly needed for the feature they are using.

7. Notifications

If notifications are enabled on a device, we may process the technical data needed to send reminders, updates, or other app-related notices. Users can usually manage notification permissions in their device settings.

8. Location and postcode use for selected flows

Some app flows may use approximate location information or postcode assistance to help show relevant resources, links, or support options. We do not describe this as precise tracking, and we aim to limit location-related processing to the parts of the service where it is genuinely useful.

9. Third-party providers and processors

We do not sell personal information. We may share information with service providers and processors that help us run the app and website, subject to contractual, technical, and organisational safeguards that are appropriate in context.

• Supabase: used for authentication and related backend data storage and account services.
• OpenAI: used for AI-assisted chatbot and guidance features where those features are available.
• Google Mobile Ads: may be used to provide in-app advertising where applicable.
• Other infrastructure or delivery providers: may assist with hosting, content delivery, notifications, support, security, or diagnostics as the service evolves.

We may also disclose information where required by law, to respond to lawful requests, to protect rights and safety, or as part of a business reorganisation, merger, financing, acquisition, or asset transfer.

10. Documents, content, and external links

The app can provide built-in guidance documents and may display external helpful links or news content. Content viewed inside the app may be stored or cached where technically needed for delivery, performance, continuity, or user convenience.

When users open external links or third-party content, those services may process information under their own privacy notices and terms.

11. Data retention

We keep personal data and user-generated content only for as long as reasonably necessary for the purposes described in this policy, including providing the service, maintaining user accounts, resolving disputes, enforcing agreements, meeting legal obligations, and keeping appropriate security and backup records.

Retention periods may vary depending on the type of data, the feature involved, whether the user keeps an account, and whether we need the information for legal, compliance, tax, accounting, fraud-prevention, or operational reasons. When data is no longer needed, we aim to delete it, anonymise it, or securely isolate it.

12. International transfers

Our website, app, and service providers may operate in different countries. This means personal data may be transferred to, stored in, or accessed from countries other than the one where the user is located. Where relevant, we aim to use appropriate safeguards required by applicable law for international data transfers.

13. Security

We use technical and organisational measures intended to protect personal data and user content. However, no system is perfectly secure, and we cannot guarantee absolute security. Users are also responsible for keeping account credentials secure and using the app responsibly.

14. Children and age-appropriateness

The service is intended for users who are old enough to use it lawfully in their location. It is not knowingly directed to children below the minimum age required by applicable law to consent to data processing without parental or guardian involvement.

If you believe a child has provided personal information in a way that should not have happened, please contact us so we can review and take appropriate action.

15. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal data, and in some cases to request a copy of your data or withdraw consent where processing relies on consent.

Users can delete their account inside the app. If you need help with deletion, access, or another privacy request, please contact us using the details below.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect service changes, legal requirements, or operational updates. When we make material changes, we will update the "Last updated" date and may provide additional notice where appropriate.

17. Contact

For privacy questions, support with account deletion, or other data rights requests, email: privacy@leavingthenest.example

If you also use the website contact form, you can reach us through the contact details on the Contact Us page.