GDPR Commitment

We build Nudge for Europe. GDPR isn’t a compliance checkbox for us—it’s part of the product design.

1. Our core commitments

• We collect the minimum data needed to deliver the Service.
• We don’t sell personal data—ever.
• We protect data with strong security controls (encryption, access controls).
• We keep policies readable and honest—no dark patterns.
• We use vetted sub-processors and strong contractual safeguards (SCCs).
• We honor deletion and export requests quickly and transparently.
• We design features to reduce conflict, not to maximize surveillance.

2. Sub-processors

We use a small set of sub-processors to run the Service. Where required, we rely on EU Standard Contractual Clauses (SCCs) and additional safeguards.

3. Your rights — quick reference

• Access: ask what data we have about you.
• Delete: request deletion of your data (with legal retention exceptions) — see how to delete your account.
• Export: request a portable copy of your data where applicable.
• Opt-out / object: object to processing based on legitimate interests.
• Complain: lodge a complaint with a supervisory authority.

4. Retention at a glance

• Tasks and spaces: kept while in use; removed when you delete them or when account/space deletion flows apply (see Privacy Policy §7).
• Photo proof: optional completion images are kept for up to 90 days after the task is marked completed, then automatically deleted from storage with references cleared.
• Account deletion: we aim to erase personal data within 30 days of a confirmed request, subject to legal exceptions (e.g. tax records up to 7 years).

5. Contact

Email: privacy@nudgeworks.app

Dutch supervisory authority (Autoriteit Persoonsgegevens): https://autoriteitpersoonsgegevens.nl