SupportNest
Log inJoin free

Privacy & Security

Your data is treated like family.

Concrete, technical commitments — not marketing copy. If anything below stops being true, we'll tell you in a banner before we change it.

Encrypted in transit

Every page is served over HTTPS with HSTS max-age=63072000; includeSubDomains; preload, a strict Content-Security-Policy, and modern transport ciphers. Session cookies are HttpOnly, Secure, and SameSite=Lax.

Encrypted at rest

Anything you opt to save (uploaded files, generated reports) is sealed with AES-256-GCM. Each record gets a unique 96-bit IV and a key derived from a server master key via HKDF‑SHA256, scoped to your user ID and record ID. Tampering breaks decryption.

Minimal data, scoped access

We collect only what we need to run your account: your name, email, role, and a salted-bcrypt password hash. There is no behavioral analytics database. There is no advertising audience.

No ad tracking, no third-party pixels

SupportNest does not run ads, marketing pixels, session replay, or cross-site trackers. The only cookie we set is your session cookie. Your browsing inside the nest is private to you.

Delete anything, any time

You can delete a saved file with one click and your account in two. Deletes are propagated through our store within 24 hours and removed from encrypted backups within 30 days.

We never sell or rent your data

Period. We don’t share data with advertisers, brokers, or AI training pipelines. The only third parties involved are infrastructure providers (e.g. hosting, email-on-request) under strict data-processing agreements.

About GeneTranslate specifically

GeneTranslate is local-first. Genetic-test PDFs are processed in memory and discarded as soon as the request returns; the language model runs on your machine via Ollama; nothing about your case is sent to a cloud LLM. Read the GeneTranslate data lifecycle for the exact pipeline.

Reporting a security issue

We welcome responsible disclosure. Email security@supportnest.example with reproduction steps. We’ll acknowledge within 2 business days and credit you in our security notes if you’d like.