top of page

Nestimate Privacy Policy

Your privacy is important to us at Ultimate Dimension Ltd, the company behind Nestimate ("we", "us", "our"). This Privacy Policy explains what personal data we collect from you, how we use it, and what your rights are.

This policy applies to your use of the Nestimate software platform and any related services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

This policy should be read alongside our Terms and Conditions.

1. Our Role: Data Controller vs. Data Processor

Under the UK General Data Protection Regulation (UK GDPR), it's important to understand our role regarding your data.

  • We are the Data Controller for your account information. This includes your name, email address, company details, and billing information. We decide how and why this data is processed.

  • We are the Data Processor for your User Content. When you upload architectural drawings, tender documents, site videos, or notes ("User Content"), you are the Data Controller for any personal data contained within those files (e.g., your client's name and address). We only process this data on your behalf and according to your instructions to provide the Service.

2. What Information We Collect

We collect information to provide and improve the Service for you.

  • Account Information: When you sign up, we collect your name, email address, password, and company information. When you subscribe to a paid plan, our payment provider will collect your payment and billing details.

  • User Content: We collect the data you upload to generate an estimate. This can include architectural drawings, tender documents, site walkthrough videos or notes, photographs, measurements, and specifications. This User Content may incidentally contain personal data belonging to you or your clients (e.g., names, addresses, contact details on a drawing).

  • Technical Information: Like most online services, we may automatically collect technical data such as your IP address, browser type, operating system, and usage analytics when you interact with our website and Service.

3. How We Use Your Information (and Our Lawful Basis)

We only use your data for specific purposes and where we have a legal right to do so. The UK GDPR requires us to have a "lawful basis" for processing personal data.

Purpose of Processing

Type of Data Used

Our Lawful Basis

To Provide the Service:  To create your account, generate your estimates, and provide customer support.

Account Information, User Content

Performance of a Contract with you.

Billing and Account Management:  To process your subscription payments and manage your account.

Account Information

Performance of a Contract with you.

Service Improvement & AI Training:  To train our AI models and improve the accuracy and functionality of Nestimate for all users.

Anonymised Data (derived from User Content)

Legitimate Interests. Our interest is in improving our Service, which benefits our users. We ensure this does not override your rights by only using fully anonymised data for this purpose.

Marketing Communications: To send you information about new features or offers.

Account Information

Consent. We will only send you marketing if you have explicitly opted-in.

Security and Analytics:  To secure our platform and understand how the Service is used.

Technical Information

Legitimate Interests. Our interest is in maintaining a secure and functional service.

4. AI Model Training & Anonymised Data

A core part of our Service is using artificial intelligence. To make our platform smarter and more accurate, we need to train our models.

  1. We use the User Content you upload to do this.

  2. Crucially, before we use any of your data for training, we create an Anonymised Data copy. This is a separate, processed copy from which all personal and commercially sensitive identifiers have been permanently removed.

  3. This anonymisation process is irreversible. It is impossible to link Anonymised Data back to you, your company, or your clients.

  4. Under the UK GDPR, data that is truly anonymised is no longer considered "personal data".

  5. Therefore, we may retain and use this Anonymised Data indefinitely to improve our services. Your rights as a data subject (such as the right to erasure) do not apply to this Anonymised Data copy, as it cannot be linked to you.

5. Data Storage & Security

We take data security seriously. We implement appropriate technical and organisational measures to protect your data, leveraging the robust security infrastructure of our cloud provider, Google Cloud Platform (GCP). This includes using encryption for data in transit and at rest, and enforcing strict access controls to ensure that only authorised personnel have access to user data.

For our UK customers, all User Content and databases are stored on secure GCP servers located within the United Kingdom.

6. How Long We Keep Your Data

  • Personal Data: We will hold your Account Information and User Content for the duration of your active subscription. If you cancel your subscription and delete your account, we will permanently delete this personal data from our live systems within 90 days.

  • Anonymised Data: As explained above, data that has been fully anonymised is no longer personal data. We may retain this Anonymised Data indefinitely for research, analytics, and service improvement purposes.

7. International Data Transfers

While we store your primary data within the UK, some of our essential third-party service providers (sub-processors), such as payment gateways or analytics tools, may be based outside of the UK.

When we transfer your data to such providers, we ensure that your data is protected by appropriate legal safeguards, such as an "adequacy decision" or the use of Standard Contractual Clauses (SCCs) approved by the UK's Information Commissioner.

8. Your Data Protection Rights

Under UK GDPR, you have several rights regarding your personal data.

  • The Right of Access: You have the right to request a copy of the personal data we hold about you.

  • The Right to Rectification: You have the right to ask us to correct any information you believe is inaccurate or incomplete. You can update most of your Account Information directly in your account settings.

  • The Right to Erasure ('Right to be Forgotten'): You have the right to request that we delete your personal data. We will delete your Account Information and User Content upon request, in line with our retention policy. Please note: This right does not apply to the Anonymised Data we use for AI training, as it is no longer personal data.

  • The Right to Restrict Processing: You have the right to ask us to temporarily stop processing your personal data in certain circumstances (e.g., if you are contesting its accuracy).

  • The Right to Data Portability: You have the right to request that we provide your primary account data and user content in a common, machine-readable format (e.g., JSON or CSV).

  • The Right to Object: You have the right to object to our processing of your data where our lawful basis is "Legitimate Interests". We believe our legitimate interest in improving our Service using anonymised data is compelling and has a minimal privacy impact, but we will consider your objection.

  • Rights related to Automated Decision-Making: Our Service automates the creation of estimates, which is a form of automated decision-making. However, as stated in our Terms and Conditions, these estimates are for guidance only and require your professional review and validation. The Service is a tool to assist you, not to make final, binding decisions with legal or significant effects on individuals.

To exercise any of these rights, please contact us at contact@nestimate.ai

9. Marketing Communications

We may, in the future, wish to send you marketing communications about new features or special offers. We will only do so if you have given us your explicit consent (for example, by ticking an 'opt-in' box). You can withdraw this consent at any time through your account settings or by clicking the 'unsubscribe' link in any marketing email.

10. Cookies

Our website uses cookies to distinguish you from other users and to help our Service function. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookies Policies.

11. Your Right to Complain

You have the right to lodge a complaint if you are unhappy with how we have handled your personal data. We hope you will contact us first to resolve any issue, but you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO).

Website: https://www.ico.org.uk/make-a-complaint/

12. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, notifying you by email.

13. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

Company: Ultimate Dimension Ltd (trading as Nestimate)
Email: contact@nestimate.ai
Address: 19 Eleanor Road, Waltham Cross, England, EN8 7DW

bottom of page