Privacy Policy
Effective date: May 27, 2026 ยท DryDev Solutions
NudgeUP ("we," "us," or "our") is operated by DryDev Solutions. This Privacy Policy explains how we collect, use, and protect your personal information when you use the NudgeUP application ("Service"). By using the Service you agree to this policy.
1. Information We Collect
We collect information you provide directly and information generated through your use of the Service:
- Account information โ email address, display name, and password (stored as a secure hash by Supabase Auth).
- Profile data โ display name, Nudge ID, AI coach preference, and subscription tier.
- Task data โ task titles, categories, priorities, due dates, notes, and completion status.
- Vibe check data โ mood ratings and optional notes you submit for AI coaching.
- NudgeBuds โ connections you create with other users (stored by user ID only).
- Broadcasts โ messages and reactions you send to connected users.
- Subscription data โ your plan tier, billing status, and Stripe customer ID. We do not store full card numbers; payments are processed by Stripe.
- Usage data โ server logs, error reports, and general usage analytics collected by Vercel and Supabase.
2. How We Use Your Information
- To provide, operate, and improve the NudgeUP Service.
- To authenticate your account and keep it secure.
- To generate AI coaching responses โ your vibe check input and task list are sent to Google's Gemini API. Google's AI API Terms and privacy policies apply to that processing.
- To process subscription payments through Stripe. Stripe's Privacy Policy governs payment data.
- To send push notifications you have opted into (Nudge Time reminders, bud activity).
- To communicate with you about your account, updates, and support.
3. Third-Party Services
NudgeUP relies on the following third-party services, each with their own privacy practices:
- Supabase โ database, authentication, and real-time infrastructure. Data is stored in us-east-1 (AWS). Supabase Privacy Policy.
- Vercel โ application hosting and edge functions. Vercel Privacy Policy.
- Stripe โ payment processing. NudgeUP does not store your full card details. Stripe Privacy Policy.
- Google Gemini API โ AI coaching responses. Your vibe check text and task context are sent to Google for processing. Google AI Terms.
- Firebase Cloud Messaging (FCM) โ push notification delivery. Firebase Privacy.
4. Data Sharing
We do not sell your personal information. We share data only:
- With the third-party services listed above, as required to operate the Service.
- With other NudgeUP users you have explicitly connected with as NudgeBuds.
- If required by law, court order, or to protect the rights and safety of NudgeUP, our users, or the public.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, your personal data will be deleted within 30 days, except where retention is required by law (e.g., billing records may be kept for up to 7 years).
6. Your Rights (GDPR โ EEA & UK Users)
If you are in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:
- Right of access (Article 15) โ Request a copy of the personal data we hold about you.
- Right to rectification (Article 16) โ Request correction of inaccurate or incomplete personal data.
- Right to erasure (Article 17) โ Request deletion of your personal data ("right to be forgotten"). You can also delete your account directly in the app: Profile โ Delete Account.
- Right to restriction (Article 18) โ Request that we limit how we use your data in certain circumstances.
- Right to data portability (Article 20) โ Receive your personal data in a structured, commonly used, machine-readable format (JSON). Use the "Download my data" button in your Profile to get an immediate export, or contact us for a full export.
- Right to object (Article 21) โ Object to processing of your personal data for direct marketing.
- Right to withdraw consent โ Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, use the self-service tools in your account Profile, or email privacy@getnudgeup.app. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
7. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:
- Right to Know โ You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete โ You have the right to request deletion of personal information we have collected from you, subject to certain exceptions. Use Profile โ Delete Account for self-service deletion.
- Right to Correct โ You have the right to request correction of inaccurate personal information.
- Right to Data Portability โ You have the right to obtain a copy of your personal information in a portable format. Use the "Download my data" button in your Profile.
- Right to Opt-Out of Sale / Sharing โ We do not sell your personal information to third parties, and we do not share it for cross-context behavioral advertising. There is nothing to opt out of; however, if you believe this has changed, contact us at privacy@getnudgeup.app.
- Right to Non-Discrimination โ We will not discriminate against you for exercising your CCPA rights.
To submit a verifiable consumer request, email privacy@getnudgeup.app with subject line "CCPA Request." We respond within 45 days.
Do Not Sell or Share My Personal Information: As stated above, NudgeUP does not sell or share personal information for cross-context behavioral advertising. If our practices change, this page will be updated and you will be notified.
9. Security
We use industry-standard practices including encrypted connections (HTTPS), row-level security on our database, and hashed passwords. No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.
10. Children
NudgeUP is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with information, contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Effective date" at the top of this page. Continued use of the Service after changes constitutes acceptance.
12. Contact Us
For privacy-related requests (data export, deletion, GDPR/CCPA rights): privacy@getnudgeup.app.
For general questions about this Privacy Policy: support@getnudgeup.app.