Nudge

Privacy Policy

Effective date: 1 March 2025

This Privacy Policy explains how Nudge ("we", "us", "our") collects, uses, and protects information about you when you use our Service. By using Nudge you agree to the practices described here.

1. Information We Collect

Information you provide:

  • Email address and name when you sign up
  • Tasks, events, and notes you create in the app
  • Voice recordings you submit for transcription (processed immediately, not stored)
  • Messages you send to the Nudge Telegram bot

Information collected automatically:

  • Study session durations and timer usage
  • Feature usage (e.g. which pages you visit)
  • Browser type and general location (country level) from your IP address

Information from third parties:

  • Google account profile (name, email) if you sign in with Google
  • Google Calendar event data if you connect your calendar
  • Payment method details handled by Stripe (we never see your full card number)

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process your tasks and events using AI (OpenAI) on your behalf
  • To send you service-related emails (trial expiry, billing receipts)
  • To send study reminders you have opted into
  • To detect and prevent fraud or abuse
  • To analyse aggregated, anonymised usage patterns to improve the product

We do not sell your personal data to any third party.

3. AI Processing

When you add tasks or events, your input text is sent to OpenAI's API for parsing. Voice recordings are transcribed via OpenAI Whisper. OpenAI may retain data per their own privacy policy. We use the API under a data processing agreement that prohibits OpenAI from using your data to train their models (API usage).

4. Data Storage & Security

Your data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the EU. We use industry-standard encryption in transit (TLS) and at rest. Google Calendar refresh tokens are stored encrypted using AES-256. We restrict access to your data to personnel who need it to operate the Service.

Despite our precautions, no system is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance (e.g. billing records, up to 7 years).

6. Third-Party Services

We share data with the following third parties only to the extent needed to operate the Service:

  • Supabase — database and authentication
  • OpenAI — AI parsing and transcription
  • Stripe — payment processing
  • Google — OAuth login and Calendar sync (if connected)
  • Telegram — bot integration (if connected)
  • Vercel — hosting and edge infrastructure

7. Cookies

We use a single session cookie to keep you logged in (set by Supabase Auth). We do not use advertising or tracking cookies. We do not use third-party analytics tools that place cookies.

8. Your Rights

Depending on your location you may have the right to access, correct, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, email us at support@nudgestudy.app. We will respond within 30 days.

You can delete your account at any time from the Settings page. This triggers deletion of all your personal data within 30 days.

9. Children

Nudge is not directed at children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have, we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect.

11. Contact

Questions or concerns about your privacy? Email support@nudgestudy.app.