TL;DR: Nudg stores only what it needs to coach you — your goals, check-ins, and account info. We never sell data. You can export or delete everything anytime.
1. Who we are
Nudg is operated by Nudg AI LLC ("Nudg", "we", "us"). We're the data controller for the personal data you give us when using the Nudg iOS app, web app, and website at nudg.gg.
2. What we collect
We collect three categories of data:
Account data
- Email address and authentication info (password hash or OAuth token)
- Display name and chosen coach personality
- Subscription status (billed through Apple In-App Purchase or Stripe; no card data touches our servers)
Usage data
- Goals you create and the milestones you set
- Check-ins: the question, your answer, your mood, the timestamp, the coach's reply
- Mood data is treated as sensitive. Mood tracking is off until you explicitly consent in-app, and you can withdraw that consent anytime in
Settings → Privacy - Voice check-ins (Pro): audio is recorded on your device and sent to our server, where it is transcribed by our AI provider and then handled exactly like a typed check-in. We do not store the audio recording — only the transcript is kept
- Streak history and notification preferences
Technical data
- Device type, OS version, app version, crash logs
- Anonymized analytics via PostHog (page views, button clicks — never your check-in content)
- IP address (truncated before storage, retained 30 days for abuse prevention)
3. Why we collect it
| Purpose | Legal basis (GDPR) |
|---|
| Running your account and showing you coaching | Contract |
| Generating AI coach replies | Contract |
| Sending notifications you've opted into | Consent |
| Preventing abuse and keeping Nudg up | Legitimate interest |
| Product analytics (anonymized) | Legitimate interest |
| Tax & legal compliance | Legal obligation |
4. Who we share it with
We share data only with processors who help us run Nudg:
- Supabase — auth, database, storage. Hosted on AWS US East, SOC 2 Type II.
- OpenAI — model provider for coach replies (gpt-4o-mini for free users, gpt-4o for Pro), goal generation (gpt-4o-mini), and voice transcription (whisper-1). We send your recent check-ins plus goal context to generate replies. OpenAI does not use API data for training under our agreement.
- Stripe — payments for web subscriptions, PCI-DSS Level 1.
- RevenueCat — subscription management for iOS purchases. Processes an anonymous app user ID, product identifiers, and transaction/entitlement data from Apple. Never sees your name, email, or check-in content.
- Resend — transactional email (password resets, receipts, weekly reports).
- PostHog — product analytics, EU-hosted, anonymized.
- Sentry — error monitoring, scrubbed of PII.
- Vercel — web hosting and edge infrastructure.
We do not sell personal data. We do not share it with advertisers.
5. AI & model training
Your check-in content is sent to an AI model to generate coach replies. Under our provider agreements, your data is not used to train their models and is retained only as long as required to deliver the service.
We may use de-identified, aggregated patterns from check-ins to improve Nudg's prompts and coaching. You can opt out of this in Settings → Privacy → Improve Nudg. Opting out has no impact on your experience.
6. Your rights
Depending on where you live (GDPR, CCPA, UK DPA), you have the right to:
- Access — get a copy of your data (request an export)
- Rectify — correct inaccurate data
- Erase — delete your account and all data
- Object & restrict — to certain processing
- Portability — receive your data in JSON, delivered as a time-limited download link (valid 7 days) emailed to your account address
- Withdraw consent — for notifications, improvement program, etc.
Email privacy@nudg.gg to exercise any right. We respond within 30 days.
7. Retention & deletion
We keep your data as long as your account is active. You can delete your account two ways: in-app (Settings → Delete account — executes immediately), or via the web form, which emails a confirmation link to your account address; nothing is deleted until you click it (the link expires after 1 hour). When deletion executes:
- Profile, goals, and check-ins are deleted within 30 days
- Anonymized analytics events are retained for product improvement
- Tax records (receipts, invoices) are retained for 7 years as required by law
8. Security
Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Production database access is limited to authorized Nudg AI LLC personnel and is logged. Report security issues to security@nudg.gg.
9. Children
Nudg is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.
10. Changes to this policy
We'll notify you by email and in-app at least 14 days before material changes take effect. Minor clarifications may be made without notice. The "Last updated" date always reflects the current version.
11. California residents (CCPA/CPRA)
If you're a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to know what personal information we collect, use, and disclose
- Right to delete personal information (subject to narrow exceptions)
- Right to correct inaccurate personal information
- Right to opt out of the sale or sharing of personal information
- Right to limit use of sensitive personal information. The only sensitive personal information we process is your mood data, which is collected only with your explicit in-app consent and used solely to coach you — never for advertising or profiling. Withdraw consent anytime in
Settings → Privacy - Right to non-discrimination for exercising these rights
Do we sell or share your personal information? No. We do not sell your personal information as defined by the CCPA/CPRA, and we do not share it with third parties for cross-context behavioral advertising. To exercise any CCPA/CPRA right, email privacy@nudg.gg. You can also toggle "Opt out of any data sharing" in Settings → Privacy in-app as belt-and-suspenders.
For any privacy request, reach out to privacy@nudg.gg.
Nudg AI LLC · New Jersey, USA. Please use the email above for any privacy request.
EU users may lodge a complaint with their local supervisory authority. UK users: the ICO.