Privacy Policy

• Account information : your email address and name, provided when you sign up or sign in via Google OAuth.
• App data : the items you add to Nudge (insurance policies, subscriptions, memberships, reminders) and their associated details.
• Profile data : optional details you provide in your profile, such as display name, phone number, and date of birth.

• To authenticate you and provide secure access to your account.
• To store and display the reminders and items you create.
• To personalise your experience (e.g. currency preferences, display name).
• To send you renewal reminder notifications by email or push, where enabled.
• For service administration: the operator may access your account information (such as email address, sign-up date, and item counts) to operate, maintain, and support the service. This access is limited to non-sensitive account and usage data only.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

• Data accessed: When you sign in with Google, we receive only your email address and display name from Google. We do not access your Google contacts, calendar, Drive, Gmail, or any other Google services.
• Data usage: Your Google email address is used solely to create and identify your Nudge account, and to send you renewal reminder notifications where enabled. Your display name is used to personalise the in-app experience.
• Data sharing: Google user data is never sold, rented, or shared with any third party. It is not used for advertising or marketing purposes.
• Data storage: Your email address and display name are stored securely in our database (Supabase), protected by Row Level Security. Only you can access your own data.
• Data retention and deletion: Your Google account data is retained for as long as your Nudge account exists. You can delete your account at any time from Settings, which permanently removes your email address, display name, and all associated data from our systems.

Your data is stored securely using Supabase, a cloud database platform hosted on AWS infrastructure. All data is encrypted at rest (AES-256) and in transit (TLS). Row Level Security (RLS) ensures your data is never accessible to other users. The service operator retains administrative access to account and usage data (such as email address, sign-up date, and item counts) solely for the purpose of operating and supporting the service. Your item details (including notes, policy numbers, and financial data) are never accessed by the operator.

Your data is retained for as long as your account is active. If you delete your account, all associated data (including your profile, items, and notification preferences) is permanently and immediately removed from our systems. There is no recovery period.

To delete your account: sign in, go to Settings, scroll to the bottom, and select Delete account. Alternatively, contact us and we will delete it on your behalf.

We use essential session cookies to keep you signed in. We do not use tracking or advertising cookies. See our Cookie Policy for full details.

• Access the personal data we hold about you.
• Request correction of inaccurate information.
• Delete your account and all associated data at any time via Settings.
• Withdraw consent and revoke Google OAuth access at any time via your Google account permissions.

To exercise any of these rights, use the in-app Settings page or contact us via the feedback button in the app.

You may share individual items with another person by entering their email address. When you share an item:

• You choose exactly which fields to include (e.g. notes, reference numbers, account email). Sensitive fields are excluded by default and must be opted in.
• A snapshot of the selected data is sent to the recipient. No live link is maintained; the shared copy is independent.
• You must confirm that you know the recipient and have their permission before sharing.
• The recipient can accept (adding the item to their own list) or decline (the data is discarded).
• If the recipient does not have a Nudge account, they receive an email notification. If they do not sign up, the pending share is not acted on.
• We store a record of the share (sender, recipient email, item data, consent timestamp) for audit and abuse prevention purposes.

Sharing is rate-limited to 10 items per day per user to prevent abuse. If you receive a share from someone you do not recognise, you can decline it.

We may update this policy from time to time. We will notify you of significant changes via the in-app "What's New" modal. Continued use of Nudge after changes constitutes acceptance of the updated policy.