NudgeNudge

Privacy Policy

How we collect, use, and protect your data.

Last updated: 2026-04-10

This Privacy Policy explains how Nudge (“we”, “us”, “our”) collects, uses and protects personal data when you use our website, web app and mobile apps (the “Service”). We comply with the EU General Data Protection Regulation (GDPR).

1. Who we are

Nudge is operated by Zorzen Studios, a sole proprietorship (eenmanszaak) established in the Netherlands. Zorzen Studios is the data controller for the purposes of the GDPR.

2. What data we collect

We collect only what we need to provide and improve the Service.

2.1 Account data

  • Name (optional), email address, authentication identifiers
  • Space membership and roles you configure

2.2 Usage data

  • Interactions with tasks, assignments, completions and reminders
  • Aggregated analytics about feature usage and performance

2.3 Device and technical data

  • Device type, OS version, app version, language and time zone
  • Log data necessary for security and debugging (e.g. error events)

2.4 Payment data

  • Subscription status, plan, billing period and invoices
  • Payment card details are processed by our payment provider (Stripe) and are not stored by us

2.5 Telegram integration (optional)

  • If you choose to connect your Telegram account, we store your Telegram chat ID solely to deliver task notifications to you via Telegram.
  • We do not read your Telegram messages or access any Telegram data beyond what is necessary to send you notifications you requested.
  • You can disconnect Telegram at any time from the app (Settings → Notifications), which removes your chat ID from our systems.

2.6 Communications

  • Messages you send to support, feedback, and administrative emails

3. Legal basis for processing

We process personal data under the following GDPR legal bases:

  • Article 6(1)(b) — performance of a contract (providing the Service)
  • Article 6(1)(f) — legitimate interests (security, fraud prevention, service improvement)
  • Article 6(1)(a) — consent (where required, e.g. certain optional communications)
  • Article 6(1)(c) — legal obligation (e.g. accounting and tax)

4. How we use data

  • Provide, maintain and support the Service
  • Operate fairness features, assignments and analytics you request
  • Secure accounts, prevent abuse and investigate incidents
  • Process subscriptions, invoices and payment status
  • Communicate important service and policy updates
  • Improve performance, reliability and usability

5. Data sharing and processors

We share personal data only with trusted service providers (“processors”) who help us run the Service:

  • Supabase — database, authentication and storage
  • Stripe — payments, billing and invoices
  • Zoho — transactional email delivery
  • Google Analytics — analytics and usage tracking
  • Telegram — optional notification delivery (only if you connect your Telegram account); governed by Telegram's Privacy Policy

Where required, we use the EU Standard Contractual Clauses (SCCs) and other GDPR-appropriate safeguards with these providers.

6. International transfers

Some providers may process data outside the European Economic Area. In those cases, we rely on appropriate safeguards such as SCCs, and we implement additional technical and organizational measures where necessary.

7. Data retention

7.1 Tasks and spaces

  • Task templates, occurrences, assignments and related operational data are kept while your space exists and you use the Service. They are removed when you delete them, when a space is deleted, or when account deletion removes spaces where you are the only member.
  • If you are a member of a shared space with others, deleting your account removes your membership and profile data from that space; it does not delete the space or other members' data.

7.2 Photo proof (optional completion photos)

  • If your plan includes photo proof, completion images are stored in our infrastructure (object storage) and linked to the task occurrence.
  • After a task is marked completed, we retain the photo for up to 90 days, then automatically delete the file and clear the reference in our database (scheduled processing).
  • If you delete a task or space sooner, we remove associated photos as part of that deletion where technically applied.

7.3 Analytics

Historical analytics and exports may be limited by your subscription plan (e.g. how many months of history are available). That limit is a product setting, not the same as deletion of underlying personal data.

7.4 Account deletion

  • You can delete your account from the app or web settings where available. When you confirm deletion, we remove your application profile, end your session (sign-out), and delete or detach data as described in sections 7.1–7.2, including purging task photos for spaces that are fully removed as part of that flow.
  • For deletion requests (including by email), we aim to complete erasure of personal data within 30 days, unless we must retain it longer for legal reasons.
  • Copies in backups or logs held by our processors may persist for a limited additional period and are overwritten or purged according to the provider's retention cycle.

7.5 Financial and legal retention

  • Financial records (invoices, tax-related records): retained for up to 7 years as required under Dutch law.

8. Your rights

Under GDPR (Articles 15–21), you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict processing in certain cases
  • Object to processing based on legitimate interests
  • Data portability (export your data where applicable)
  • Withdraw consent at any time (where processing is based on consent)

You can exercise your rights by emailing privacy@nudgeworks.app.

9. Security

We use industry-standard security measures, including TLS in transit, strong encryption at rest (e.g. AES-256 where applicable), and database-level access controls such as Row Level Security (RLS). We also apply least-privilege access internally.

10. Children

The Service is not intended for children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes

We may update this policy from time to time. We will post the updated version on this page and adjust the “Updated” date.

12. Contact

For privacy questions or requests, contact us at privacy@nudgeworks.app.