Privacy Policy
nudgedhq.com | Effective 1 April 2026 | Governed by the New Zealand Privacy Act 2020
1. Introduction
Nudged ("we", "us", "our") operates the nudgedhq.com platform. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with the New Zealand Privacy Act 2020 and, where applicable to Australian users, the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
By using the Service, you consent to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
Nudged operates in two capacities with respect to personal information:
- As a controller of information about our Users (business owners who subscribe to Nudged)
- As a processor of information about End Clients (the clients of our Users, whose contact details Users enter into the platform)
2. Information We Collect
2.1 Information you provide directly
When you create an account and use the Service, we collect:
- Your name and email address
- Your business name, industry, and logo
- Your bank account number (if provided for display in reminder emails)
- Your communication style and tone preferences (used to generate AI email templates)
- Client names and email addresses that you enter into the platform
- Invoice information including invoice numbers, amounts, due dates, and job descriptions
- Payment information collected during subscription signup (processed by Lemon Squeezy — we do not store card details)
2.2 Information collected automatically
When you use the Service, we automatically collect:
- Log data including your IP address, browser type, pages visited, and timestamps
- Device information including operating system and device identifiers
- Usage data including features used, reminder schedules created, and actions taken in the platform
2.3 Information from third parties
We may receive information from:
- Stripe Connect: confirmation that a payment was made, including the amount and timestamp (we do not receive card details or full bank account numbers)
- Lemon Squeezy: subscription status, billing events, and customer ID
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Generate AI-powered email templates based on your tone and style preferences
- Send invoice reminder emails to your clients on your behalf
- Process subscription payments and manage your billing
- Send you notifications about reminder activity, payments received, and account updates
- Respond to your support requests and enquiries
- Improve and develop the Service
- Detect, prevent, and address fraud, abuse, and security issues
- Comply with our legal obligations
We do not use your data or your clients' data for advertising purposes. We do not sell personal information to third parties.
4. How We Share Your Information
We do not sell, rent, or trade personal information. We share information only as described below.
4.1 Service providers (data processors)
We share personal information with the following third-party service providers who process it on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase / AWS | Database and file storage | All user and client data is stored in Supabase, hosted on AWS infrastructure in the United States |
| Vercel | Application hosting | IP addresses and request logs for security and performance monitoring |
| Resend | Email delivery | Client name, client email address, and the content of reminder emails |
| Inngest | Background job scheduling | Invoice IDs and scheduled send times to manage reminder dispatch |
| Anthropic | AI template generation | Your tone description and communication style input used to generate email templates |
| Lemon Squeezy | Subscription billing | Your name, email address, and payment details for subscription management |
| Stripe | Payment processing | Connected Stripe account ID and payment confirmation webhooks if you choose to enable Pay Now links |
4.2 International data transfers
Some of our service providers are located outside New Zealand and Australia, including in the United States. By using the Service, you consent to your personal information being transferred to and processed in countries that may have different privacy laws to New Zealand or Australia.
4.3 Legal disclosure
We may disclose personal information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
4.4 Business transfers
If Nudged is acquired, merged, or sold, personal information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.
5. End Client Data
When you add your clients' names and email addresses to Nudged, we process that data solely to send reminder emails on your behalf. In this context:
- You are the data controller for your clients' personal information
- We are a data processor acting on your instructions
- You are responsible for ensuring you have a lawful basis for providing your clients' personal information to us and for sending them electronic messages
- We do not use End Client data for any purpose other than sending the reminder emails you have instructed us to send
End Clients may contact us at hello@nudgedhq.com to enquire about their personal information. We will direct such enquiries to the relevant User.
6. Data Retention
We retain personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account and business data: retained while your account is active and for 30 days after account deletion
- Client and invoice data: retained while your account is active and for 30 days after account deletion
- Reminder logs: retained for 12 months for audit and dispute resolution purposes
- Payment records: retained for 7 years as required by New Zealand tax law
- Log data: retained for 90 days
7. Security
We implement the following security measures to protect your personal information:
- All data is encrypted in transit using TLS 1.2 or higher
- All data is encrypted at rest in Supabase using AES-256 encryption
- Row Level Security is enforced in the database — users can only access their own data
- Authentication is handled by Supabase Auth with secure session management
- API keys and secrets are stored as environment variables and never exposed in code
- Access to production systems is restricted to authorised personnel only
- We do not store credit card numbers or full bank account numbers
While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
In the event of a data breach that is likely to cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner as required by the Privacy Act 2020.
8. Your Rights
Under the New Zealand Privacy Act 2020, you have the right to:
- Access the personal information we hold about you
- Request correction of any inaccurate personal information
- Request deletion of your personal information (subject to our legal retention obligations)
- Withdraw consent to data processing where consent is the basis for processing
To exercise any of these rights, contact us at hello@nudgedhq.com. We will respond within 20 working days as required by the Privacy Act 2020.
New Zealand users may make a complaint to the Office of the Privacy Commissioner at privacy.org.nz if you believe we have interfered with your privacy.
Australian users may make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached the Australian Privacy Principles. We ask that you contact us first and give us an opportunity to resolve your concern before lodging a formal complaint.
9. Cookies
The Service uses cookies and similar technologies to maintain your session and improve your experience. Specifically we use:
- Session cookies: required for authentication and to keep you logged in
- Preference cookies: to remember your settings within the application
We do not use advertising cookies or tracking cookies. You can control cookies through your browser settings, however disabling session cookies will prevent you from using the Service.
10. Children's Privacy
The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at hello@nudgedhq.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. The current version will always be available at nudgedhq.com/privacy.
12. Contact Us
For any privacy-related questions, requests, or complaints, contact us at:
Email: hello@nudgedhq.com
Website: nudgedhq.com
We aim to respond to all privacy enquiries within 5 working days.