Privacy Policy

1. Who we are

Nudg is operated by Nudg AI LLC ("Nudg", "we", "us"). We're the data controller for the personal data you give us when using the Nudg iOS app, web app, and website at nudg.gg.

2. What we collect

We collect three categories of data:

Account data

Email address and authentication info (password hash or OAuth token)
Display name and chosen coach personality
Subscription status via RevenueCat (no card data touches our servers)

Usage data

Goals you create and the milestones you set
Check-ins: the question, your answer, the mood, the timestamp, the coach's reply
Streak history and notification preferences

Technical data

Device type, OS version, app version, crash logs
Anonymized analytics via PostHog (page views, button clicks — never your check-in content)
IP address (truncated before storage, retained 30 days for abuse prevention)

3. Why we collect it

Purpose	Legal basis (GDPR)
Running your account and showing you coaching	Contract
Generating AI coach replies	Contract
Sending notifications you've opted into	Consent
Preventing abuse and keeping Nudg up	Legitimate interest
Product analytics (anonymized)	Legitimate interest
Tax & legal compliance	Legal obligation

We share data only with processors who help us run Nudg:

Supabase — auth, database, storage. Hosted on AWS US East, SOC 2 Type II.
Anthropic — primary model for coach replies. We send your recent check-ins plus goal context to generate replies. Anthropic does not use API data for training.
OpenAI — fallback model for coach replies and for voice transcription. OpenAI does not use API data for training under our agreement.
RevenueCat — iOS subscription management (no payment details stored by us).
Stripe — payments for web subscriptions, PCI-DSS Level 1.
Resend — transactional email (password resets, receipts, weekly reports).
PostHog — product analytics, EU-hosted, anonymized.
Sentry — error monitoring, scrubbed of PII.
Vercel — web hosting and edge infrastructure.

We do not sell personal data. We do not share it with advertisers.

5. AI & model training

Your check-in content is sent to an AI model to generate coach replies. Under our provider agreements, your data is not used to train their models and is retained only as long as required to deliver the service.

We may use de-identified, aggregated patterns from check-ins to improve Nudg's prompts and coaching. You can opt out of this in Settings → Privacy → Improve Nudg. Opting out has no impact on your experience.

6. Your rights

Depending on where you live (GDPR, CCPA, UK DPA), you have the right to:

Access — get a copy of your data (export in-app)
Rectify — correct inaccurate data
Erase — delete your account and all data
Object & restrict — to certain processing
Portability — receive your data in JSON
Withdraw consent — for notifications, improvement program, etc.

Email privacy@nudg.gg to exercise any right. We respond within 30 days.

7. Retention & deletion

We keep your data as long as your account is active. When you delete your account:

Profile, goals, and check-ins are deleted within 30 days
Anonymized analytics events are retained for product improvement
Tax records (receipts, invoices) are retained for 7 years as required by law

8. Security

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production databases is restricted to two named engineers, logged, and requires SSO + hardware key. We run a public bug bounty — email security@nudg.gg.

9. Children

Nudg is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

10. Changes to this policy

We'll notify you by email and in-app at least 14 days before material changes take effect. Minor clarifications may be made without notice. The "Last updated" date always reflects the current version.

11. California residents (CCPA/CPRA)

If you're a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to know what personal information we collect, use, and disclose
Right to delete personal information (subject to narrow exceptions)
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of personal information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising these rights

Do we sell or share your personal information? No. We do not sell your personal information as defined by the CCPA/CPRA, and we do not share it with third parties for cross-context behavioral advertising. To exercise any CCPA/CPRA right, email privacy@nudg.gg. You can also toggle "Opt out of any data sharing" in Settings → Privacy in-app as belt-and-suspenders.

12. Contact

For any privacy request, reach out to privacy@nudg.gg.

Nudg AI LLC · New Jersey, USA. We operate remotely and don't maintain a public physical address; please use the email above.

EU users may lodge a complaint with their local supervisory authority. UK users: the ICO.

On this page