Privacy Policy

1. Welcome

This Privacy Policy ("Policy") explains how Nüdge Theory ("we," "us," or "our") handles your data when you use Nüdge Theory, our websites, apps, and related services (the "Service").

By using Nüdge Theory, you're agreeing to these practices. If you don't agree, please don't use the Service.

We reserve the right to modify this Policy at any time. Changes are effective immediately upon posting. We'll update the date at the top when we make changes, and your continued use means you accept them.

This Policy covers Nüdge Theory only, not third-party sites we might link to. Their privacy practices are their own.

2. What We Collect

We collect information necessary to provide and improve the Service.

2.1 Information You Give Us

The information you provide includes, but is not limited to:

• Account info: Your email address and name
• Service data: Information about your invoices and clients that you choose to enter
• Uploaded files: Invoice documents and attachments you upload (such as PDFs, images, and spreadsheets). These files are stored on third-party cloud infrastructure
• Messages: Anything you send us when you reach out for help

2.2 Information We Collect Automatically

When you use Nüdge Theory, we may automatically collect information including, but not limited to:

• Device and usage info: Your IP address, browser type, operating system, and how you use the Service
• Log data: When you accessed Nüdge Theory, what pages you viewed, and actions you took
• Product analytics: We use analytics tools to collect anonymized usage data such as page views, feature interactions, and session information. This helps us understand how people use Nüdge Theory so we can improve it. Analytics data is not used for advertising or sold to third parties
• Error reports: We use error monitoring tools to automatically collect error and performance data when something goes wrong. This may include technical details about the error, your browser, and the action that triggered it. This data is used solely to identify and fix bugs
• Security logs: When you log in, log out, create or edit reminders, or make changes to your account, we record the action, your IP address, browser type, and timestamp. These logs are used solely for security purposes: detecting unauthorized access, investigating fraud, and supporting law enforcement requests. Security logs are retained for 12 months
• Cookies: Small files that help the Service work (more on this in Section 7)

2.3 Information From Others

We may receive information about you from third parties, including service providers and publicly available sources, to the extent permitted by applicable law.

3. How We Use Your Information

We may use the information we collect for various purposes, including but not limited to:

• Run Nüdge Theory: Provide, maintain, and improve the Service
• Process your requests: Handle transactions and send related info
• Keep you informed: Send technical notices, updates, security alerts, and admin messages
• Help you out: Respond to your questions and provide support
• Understand usage: Monitor trends and analyze how people use Nüdge Theory
• Stay safe: Detect and prevent fraud, abuse, and illegal activity
• Protect your account: Detect and investigate unauthorized access, fraud, and security incidents using security audit logs
• Protect rights: Defend our rights and the rights of others
• Follow the law: Comply with legal obligations

3.1 Legal Bases (for EEA/UK Users)

If you're in the European Economic Area or UK, here's our legal basis for processing your data:

• Contract: We need to process data to provide the Service you signed up for
• Legitimate interests: Processing that benefits our business, as long as it doesn't override your rights
• Consent: Where you've given us specific permission
• Legal obligation: When the law requires it

4. When We Share Information

We're careful about sharing. Here's when it happens:

4.1 Service Providers

We work with trusted vendors who help us run Nüdge Theory. They only use your information to provide services to us, nothing else. Our current service providers include:

• Third-party cloud platform: application hosting and database
• Third-party cloud storage: file storage for invoice attachments
• Third-party email service: email delivery
• Third-party payment processor: payment processing (we do not store your payment card details)
• Product analytics provider: anonymized usage data
• Error monitoring provider: error tracking and performance monitoring
• Third-party caching service: session caching and rate limiting

This list may change as we evolve the Service. We will update this Policy to reflect material changes in our service providers.

4.2 People You Choose

When you send a reminder through Nüdge Theory, information goes to the recipient you specified. That's the whole point! You are solely responsible for the information you choose to share through the Service.

4.3 Legal Requirements

We may disclose information if we believe in good faith that disclosure is necessary or appropriate to:

• (a) Comply with applicable law, regulation, legal process, or governmental request
• (b) Enforce our agreements, policies, and terms of service
• (c) Protect the security or integrity of the Service
• (d) Protect the rights, property, or safety of us, our users, or the public

4.4 Business Changes

We may share or transfer information in connection with any merger, sale of company assets, financing, acquisition, dissolution, or similar transaction. You acknowledge and agree that such transfers may occur and that any acquirer may continue to use your information as set forth in this Policy.

4.5 Anonymized Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

4.6 What We Don't Do: Sell Your Data

We do not sell personal information. Fullstop.

5. How Long We Keep Your Data

We retain information for as long as reasonably necessary to fulfill the purposes for which it was collected, to perform our contractual obligations, and to comply with legal obligations.

How long that is depends on the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements.

When we no longer need your data, we will delete or anonymize it. If that's not immediately possible, we will securely store and isolate it from further processing until deletion is possible.

Security audit logs are retained for a maximum of 12 months. When you delete your account, all personally identifiable information in your security logs (including IP address, browser information, and email address) is permanently and immediately removed.

6. Security

We take security seriously. We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, alteration, and destruction.

That said, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.

YOU ACKNOWLEDGE AND AGREE THAT YOU PROVIDE YOUR INFORMATION AT YOUR OWN RISK.

In the event of a security incident affecting your personal information, we will notify you and relevant authorities as required by applicable law.

We maintain security audit logs that record login events, account changes, and actions on your reminders. These logs include your IP address and browser information. We process this data under our legitimate interest in protecting our users and the Service from fraud and unauthorized access. We have assessed that this interest does not override your privacy rights, as the data collected is limited to what is necessary for security purposes and is automatically removed when you delete your account.

7. Cookies

We use cookies, small data files stored on your device, to make Nüdge Theory work properly.

The cookies and similar technologies we use include:

• Essential cookies: Strictly necessary for the Service to function, such as authentication and session management. These cannot be disabled
• Analytics cookies: Used by our analytics tools to understand how people use Nüdge Theory. These collect anonymized usage data such as pages visited and features used. They do not track you across other websites

You can control non-essential cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

8. Deleting Your Account

Want to delete your account? Just contact us and we'll take care of it.

Upon receiving a valid deletion request, we will delete or anonymize your information in accordance with our data retention practices and applicable law. Some data may need to be retained as required by law or for legitimate business purposes, and residual copies may remain in backup systems for a limited period.

9. Automated Processing

Nüdge Theory uses automation to do things like schedule and send your reminders based on the settings you choose. That's the core of what we do.

What we don't do: make automated decisions that produce legal effects or similarly significantly affect you.

10. Changes to This Policy

We may update this Policy from time to time. When we make changes:

• We'll update the "Last Updated" date at the top
• Where required by applicable law, we'll provide additional notice
• Your continued use of Nüdge Theory after any changes indicates your acceptance of the revised Policy

We encourage you to review this Policy periodically.

11. Questions?

We're here to help. If you have questions about this Policy or our privacy practices:

Email: hello@nudgetheory.app

Website: https://www.nudgetheory.app

12. Legal Details

A few more things our lawyers want us to include:

12.1 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM (A) YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICE; (B) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SERVERS AND/OR ANY PERSONAL INFORMATION STORED THEREIN; OR (C) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICE.

12.2 Your Responsibilities

You are responsible for ensuring that the information you provide is accurate and complete. You are also responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

If you input third-party information into the Service (such as client information), you represent and warrant that you have the necessary rights and permissions to provide such information to us and for us to process it as described in this Policy.

12.3 Indemnification

You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the Service; (b) your violation of this Policy or any applicable law; (c) your violation of any rights of another party, including any users of the Service; or (d) your provision of third-party information through the Service without proper authorization.

12.4 Severability

If any provision of this Policy is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.

12.5 Entire Agreement

This Policy, together with our Terms of Service, constitutes the entire agreement between you and the Company regarding the subject matter hereof and supersedes all prior agreements and understandings.

12.6 No Waiver

Our failure to enforce any right or provision of this Policy will not be deemed a waiver of such right or provision.

12.7 Assignment

We may assign or transfer this Policy and any rights and obligations hereunder, without your consent, to any third party in connection with any merger, acquisition, reorganization, sale of assets, or similar transaction, or in the event of bankruptcy.