Privacy Policy

Last updated: April 13, 2026

This Privacy Policy explains how Nudge ("we", "us", "our") collects, uses, and protects your personal data when you use our progressive web application at app.joinnudge.app (the "Service").

Data We Collect

We collect the minimum data necessary to provide the Service:
  • Account data: email address, display name, avatar selection

  • Content data: tasks, habits, habit logs, group memberships you create

  • Technical data: browser type, device type, IP address (for security and abuse prevention)

  • Push subscription data: endpoint URLs for Web Push notifications (if you opt in)

    • We do NOT collect: location data, contacts, browsing history, or any data from other apps on your device.

    How We Use Your Data

    Your data is used solely to:
  • Provide and maintain the Service (task management, habit tracking, group collaboration)

  • Send push notifications you have opted into

  • Send transactional emails (password reset, account verification)

  • Improve the Service based on aggregated, anonymized usage patterns

    • We do NOT sell your data. We do NOT show ads. We do NOT use your data for profiling or marketing purposes.

    Data Storage and Security

  • All data is stored in PostgreSQL hosted by Supabase (servers in EU, Frankfurt region)

  • Database access is protected by Row Level Security (RLS) — you can only access your own data

  • All connections use TLS/SSL encryption in transit

  • Passwords are hashed using bcrypt (handled by Supabase Auth)

  • We perform regular backups and have disaster recovery procedures in place

    • Third-Party Services

    We use the following third-party services:
  • Supabase (database, authentication, real-time subscriptions) — supabase.com/privacy

  • Vercel (hosting, CDN, edge functions) — vercel.com/legal/privacy-policy

  • Resend (transactional emails) — resend.com/legal/privacy-policy

  • Web Push Protocol (browser push notifications) — no third-party service, uses standard Web Push API

    • We do NOT use Google Analytics, Facebook Pixel, or any advertising trackers.

    Cookies

    Nudge uses only essential cookies:
  • Authentication cookies: to keep you signed in (session tokens managed by Supabase Auth)

  • Cookie consent preference: to remember your cookie choice

    • We do NOT use tracking cookies, advertising cookies, or third-party analytics cookies.

    Your Rights (GDPR)

    Under the General Data Protection Regulation (GDPR), you have the right to:
  • Access your personal data

  • Rectify inaccurate data

  • Delete your account and all associated data (available in Settings > Delete Account)

  • Export your data in a portable format

  • Restrict processing of your data

  • Object to processing of your data

  • Withdraw consent at any time (e.g., unsubscribe from push notifications)

    • To exercise any of these rights, contact us at hello@joinnudge.app. We will respond within 30 days.

    Data Retention

  • Your data is retained as long as your account is active

  • When you delete your account, all data is permanently removed within 30 days (cascade delete)

  • Push subscription data is removed immediately when you unsubscribe

  • Server logs are retained for 30 days for security purposes

    • Children's Privacy

    Nudge is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us at hello@joinnudge.app.

    Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any significant changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

    Contact

    If you have questions about this Privacy Policy or your data, contact us at:

    Email: hello@joinnudge.app
    Website: https://joinnudge.app