Back to homeUpdated 2026-02-27
GDPR Commitment
This page is currently available in English and Dutch only. You are seeing the English version.
We build Nudge for Europe. GDPR isn’t a compliance checkbox for us—it’s part of the product design.
1. Our core commitments
- We collect the minimum data needed to deliver the Service.
- We don’t sell personal data—ever.
- We protect data with strong security controls (encryption, access controls).
- We keep policies readable and honest—no dark patterns.
- We use vetted sub-processors and strong contractual safeguards (SCCs).
- We honor deletion and export requests quickly and transparently.
- We design features to reduce conflict, not to maximize surveillance.
2. Sub-processors
We use a small set of sub-processors to run the Service. Where required, we rely on EU Standard Contractual Clauses (SCCs) and additional safeguards.
| Provider | Purpose | Typical location | Protection |
|---|---|---|---|
| Supabase | Database, auth, storage | EU / EEA (depending on project) | DPA + SCCs where applicable |
| Stripe | Payments, billing | EU / US (processing as needed) | DPA + SCCs where applicable |
| Resend | Transactional email | EU / US (delivery infrastructure) | DPA + SCCs where applicable |
3. Your rights — quick reference
- Access: ask what data we have about you.
- Delete: request deletion of your data (with legal retention exceptions).
- Export: request a portable copy of your data where applicable.
- Opt-out / object: object to processing based on legitimate interests.
- Complain: lodge a complaint with a supervisory authority.
4. Contact
Email: privacy@nudgeworks.app
Dutch supervisory authority (Autoriteit Persoonsgegevens): https://autoriteitpersoonsgegevens.nl