Privacy Policy

Effective date: March 15, 2026

Nudg ("we", "our", or "us") operates the Nudg mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App. Please read this policy carefully. By using the App, you consent to the practices described in this policy.

1. Information We Collect

"Collect" means transmitting data off your device in a way that allows us or our service providers to access it for longer than what is necessary to service a real-time request. We collect the following categories of data:

Information you provide:

• Name — Your first or last name, if you sign in with Apple. If you use the App anonymously, no name is collected.
• Email address — Your email address or Apple private relay address, if you sign in with Apple.
• User content — The goals you create, daily check-in messages, mood selections, coaching style preferences, and any other content you submit through the App.
• Customer support data — Any information you provide when contacting us for support, such as your email address and message content.

Information collected automatically:

• User ID — A unique account identifier assigned to you when you first use the App. This is used to associate your data with your account.
• Device identifiers — Push notification tokens used solely for delivering notifications you have opted into. We do not collect advertising identifiers (IDFA).
• Usage data — Anonymous, aggregated analytics such as app launches, screen views, taps, and feature usage. These are not linked to your identity.
• Diagnostics — Anonymous crash logs and performance data to help us identify and fix bugs and improve app performance.
• Subscription status — Your subscription tier is managed by Apple and our subscription management provider. We do not collect or store your payment information, payment card number, or bank account number.

Information we do NOT collect:

• Precise or coarse location data
• Contacts, phone numbers, or physical addresses
• Photos, videos, or audio recordings
• Health or fitness data
• Financial information (payment info, credit info)
• Browsing history or search history outside the App
• Advertising identifiers (IDFA)

2. How We Use Your Information

We use the data we collect for the following purposes:

• App Functionality — To authenticate your account, provide personalized AI coaching responses, track your goals and streaks, deliver push notifications, enable features, prevent fraud, and perform customer support.
• Product Personalization — To customize your experience, such as tailoring coaching responses to your selected style and goals.
• Analytics — To understand how the App is used, evaluate the effectiveness of features, plan improvements, and measure audience size. Analytics data is anonymous and not linked to your identity.

We do not use your data for:

• Third-party advertising
• Our own advertising or marketing purposes
• Tracking you across other apps or websites

3. How Your Data Is Processed by AI

When you check in, your messages are sent to OpenAI (via their API) to generate personalized coaching responses. Specifically:

• Your messages are sent through OpenAI's API and are not used to train or improve OpenAI's models (per OpenAI's API data usage policy).
• Data sent to OpenAI may be retained by OpenAI for a limited period (up to 30 days) for abuse and misuse monitoring, then deleted.
• We send only the minimum context necessary to generate a relevant response (your recent check-in, active goals, and coaching style).
• OpenAI's privacy practices are governed by OpenAI's Privacy Policy.

All AI-generated responses are produced by artificial intelligence and should be understood as general motivational content, not professional advice. We clearly disclose throughout the App that responses are AI-generated.

4. Third-Party Services and SDKs

The App integrates third-party software development kits (SDKs) and services to provide core functionality. We are responsible for disclosing the data collection practices of these third-party partners as they operate within our App. These providers fall into the following categories:

• Cloud infrastructure — Authentication, database, analytics, and push notification delivery.
• AI technology — AI-powered coaching response generation.
• Subscription management — In-app purchase and subscription processing.

We carefully vet our service providers and only share the minimum data necessary for them to perform their function. None of our third-party partners use data collected from the App to track users or display targeted advertising. You may contact us for more information about the specific providers we use.

5. Data Sharing

We do not sell, rent, or trade your personal information. However, we may share your data with trusted third-party service providers as necessary to operate, maintain, and improve the App. We may also share information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account through the App's Settings, all associated data — including your profile, goals, check-ins, conversations, and any generated insights — is permanently deleted from our servers within 30 days.

7. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate personal data.
• Deletion — Request deletion of your personal data. You can also delete your account directly in the App's Settings.
• Portability — Request your data in a portable format.
• Objection — Object to processing of your personal data.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

9. New Jersey Residents (NJDPA)

If you are a New Jersey resident, you may have additional rights under the New Jersey Data Privacy Act (N.J.S.A. 56:8-166 et seq., effective January 15, 2025):

• The right to confirm whether we are processing your personal data and to access that data.
• The right to correct inaccuracies in your personal data.
• The right to delete your personal data.
• The right to obtain a portable copy of your personal data.
• The right to opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not sell your personal data, use it for targeted advertising, or engage in profiling.
• The right to non-discrimination for exercising your privacy rights.

Sensitive data: The NJDPA classifies data revealing mental or physical health conditions as "sensitive data" requiring opt-in consent. Mood selections and emotional state data you provide during check-ins may qualify as sensitive data under the NJDPA. By voluntarily submitting mood data through the App, you provide your affirmative consent to our processing of that data for the purpose of delivering personalized coaching responses. You may withdraw this consent at any time by discontinuing use of the mood tracking feature or deleting your account.

Universal opt-out signals: We honor browser-based universal opt-out preference signals (such as the Global Privacy Control) as a valid opt-out request, as required by the NJDPA.

To exercise any of these rights, contact us at [email protected]. We will respond within fifteen (15) days, as required by New Jersey law.

9a. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• The right to know what personal information is collected, used, and shared.
• The right to delete personal information.
• The right to opt out of the sale or sharing of personal information. We do not sell or share your personal information.
• The right to non-discrimination for exercising your privacy rights.

10. International Users

If you access the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and third-party service providers are located. By using the App, you consent to such transfer and processing.

11. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will promptly delete it. If we discover that we have collected personal information from a child under 13, we will delete it immediately.

12. Tracking

We do not track you. As defined by Apple, "tracking" means linking data collected from the App about you or your device with data collected from other companies' apps, websites, or offline properties for targeted advertising or advertising measurement purposes, or sharing such data with data brokers. We do not engage in any of these practices.

We do not collect or use Apple's advertising identifier (IDFA). We do not share your data with advertising networks, data brokers, or any third party for the purpose of tracking.

13. Data Linked to Your Identity

Some data we collect is linked to your identity (via your account), while other data is not:

• Linked to you: Name, email address, user ID, user content (goals, check-ins, mood), device identifiers (push notification tokens). This data is associated with your account to provide the App's services.
• Not linked to you: Usage data (app launches, screen views, feature usage), diagnostics (crash logs, performance data). This data is collected anonymously and cannot be tied back to your identity.

14. Do Not Track

Some web browsers transmit "Do Not Track" (DNT) signals. The App does not currently respond to DNT signals, as there is no industry-accepted standard for how to interpret and respond to these signals.

15. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of becoming aware of the breach, or as otherwise required by applicable law. Notification will be provided via the email address associated with your account (if available) or through a prominent notice in the App. We will also notify the appropriate regulatory authorities as required by law.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App or on our website with a revised effective date. Your continued use of the App after any changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, please contact us at [email protected].