Legal

Privacy Policy

Effective date: 3 April 2026

Last updated: 3 April 2026

1. Introduction

NudgeX ("we", "us", "our") is an email command centre that helps sales and recruitment professionals manage high-volume inboxes. NudgeX surfaces conversations that need attention, prioritises them, and drafts replies for your review. Nothing is sent without your explicit approval.

This Privacy Policy explains what personal data we collect, why we collect it, how we process it, who we share it with, and what rights you have. It applies to all users of nudgex.app and the NudgeX service.

Data controller: NudgeX, a sole proprietorship (eenmanszaak) registered with the Dutch Chamber of Commerce (KvK) under number 42051536

Contact: info@nudgex.app

2. What Data We Collect

We collect data in four categories:

2.1 Email Content (Gmail and Outlook)

When you connect a Gmail or Outlook account, NudgeX syncs email threads from your inbox. Specifically, we collect:

  • Email body content (full text of messages in synced threads)
  • Email metadata: subject lines, sender and recipient addresses, timestamps, thread IDs
  • Thread-level signals: last inbound date, last outbound date, outbound message count

NudgeX does not store email attachment binary content. When you attach files to outbound replies, the file content is transmitted through our servers to your email provider (Gmail or Outlook) and is not retained after the email is sent. We record attachment metadata (filename, file type, and file size) in your workspace's audit log for your records. Inbound attachment content is not accessed, processed, or stored — only metadata may be displayed for reference.

For Gmail, NudgeX targets your Primary inbox category. For Outlook, NudgeX syncs messages from your inbox folder. The specific messages processed may vary depending on your email provider's inbox configuration and settings.

2.2 Operational Metrics

From your usage of NudgeX, we generate operational metrics that are scoped to your workspace. These include:

  • Communication timing patterns (e.g. typical response windows)
  • Follow-up outcome correlations (e.g. which follow-up strategies result in replies)
  • Queue interaction metrics (approval rate, edit rate, dismissal rate)
  • Draft effectiveness signals

These metrics are associated with your workspace and are used solely to improve how NudgeX prioritises and scores your queue. They constitute personal data under GDPR and are subject to the same rights and protections as your other data. When you delete your account, these metrics are deleted along with all other workspace data (see Section 7).

2.3 Account and Workspace Data

  • Name and email address (via Clerk authentication)
  • Workspace configuration: tone preferences, guardrail settings, sender identity, Do Not Contact lists
  • Subscription and billing status (managed by Stripe — we do not store card details)
  • Onboarding information: company name, role, business context

2.4 Usage and Error Data

  • Queue interactions: which items you approve, edit, snooze, or dismiss
  • Feedback you provide on outcomes ("worked" / "did not work" / "unsure")
  • Application error logs (via Sentry, for debugging — no email content is captured in error logs)
  • Rate-limiting counters (via Upstash Redis — no personal data stored beyond request counts)

3. Why We Collect It (Purpose Limitation)

Every data type is tied to a specific product function:

Draft generation: Email body content

Content is sent to our AI provider (Anthropic) to generate a reply draft for your review. You approve, edit, or discard the draft before anything is sent.

Queue prioritisation: Email metadata and thread signals

Subject lines, timestamps, and thread signals are used to calculate which conversations need attention and in what order.

Intelligent prioritisation: Operational metrics

Workspace-scoped outcome data is collected for future activation in queue scoring and ranking. This data is not used for advertising or shared with third parties.

Service delivery: Account and workspace data

Required to authenticate you, enforce your preferences, gate your subscription, and tailor AI outputs to your communication style.

Service reliability: Usage and error data

Error logs allow us to identify and fix bugs. Interaction data informs product decisions.

We do not use your data for advertising. We do not sell your data. We do not use your data to train foundational or generalised AI models.

4. Email Provider Data — Limited Use Disclosure

NudgeX accesses your email data through the Gmail API and Microsoft Graph API. Both are subject to their respective platform policies. Our use of Gmail data is subject to Google's API Services User Data Policy. Our use of Outlook data is subject to Microsoft's API Terms of Use.

The specific OAuth scopes requested are:

Gmail: gmail.readonly (read inbox), gmail.send (send replies), userinfo.email (identify your account).

Outlook: Mail.Read (read inbox), Mail.Send (send replies), User.Read (identify your account), offline_access (maintain connection).

NudgeX does not request write or modify access to existing messages on either platform.

We confirm the following:

  • Email data from both Gmail and Outlook is used only to provide and improve user-facing features of the NudgeX inbox command centre as described in this policy
  • Email data from Gmail and Outlook is not transferred to third parties except to the sub-processors listed in Section 6, acting under our instruction, solely to provide the service
  • Email data from Gmail and Outlook is not used for serving advertisements
  • Email data from Gmail and Outlook is not used to train or improve foundational or frontier AI models
  • Humans at NudgeX do not read your email content, except where you have explicitly shared it with us for support purposes, or where required by applicable law

NudgeX's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Our use of Microsoft Graph API data adheres to Microsoft's API Terms of Use and applicable data protection obligations.

5. Data Storage and Security

5.1 Where data is stored

  • Database: Supabase, hosted in the EU West region (Ireland, eu-west-1). All email content and account data is stored in this region.
  • Hosting: Vercel (application server), hosted in the EU West region (Frankfurt, fra1). All request processing occurs within the EU.

5.2 Encryption

  • Email body content is encrypted at rest using AES-256-GCM with per-workspace key derivation. Encryption keys are never stored in the database.
  • OAuth tokens (your Gmail and Outlook connection credentials) are encrypted using AES-256-GCM.
  • All data in transit is protected by TLS.

5.3 Access controls

  • Strict workspace isolation: your data is only accessible to users within your workspace (enforced at the application layer; every database query is scoped to your workspace before execution)
  • No NudgeX employee has routine access to your email content
  • Rate limiting is applied to all write endpoints

5.4 Sentry error tracking

We use Sentry for application error tracking. Sentry captures stack traces, error messages, and basic request context. Session replay is disabled — Sentry does not record user screen activity or email content. If we enable session replay in the future, we will update this policy and implement content masking before doing so.

6. Sub-Processors

We share data with the following third-party processors and controllers in connection with the Service. Each processes only the data necessary to perform their function.

Third-Party Controllers

The following parties act as independent data controllers for data processed through their respective platforms. NudgeX accesses only the scopes explicitly granted by the user.

Google LLC — Gmail email access

  • Data shared: OAuth tokens and inbox data retrieved via Gmail API (gmail.readonly, gmail.send, userinfo.email scopes)
  • Purpose: authenticating Gmail connections and retrieving inbox data on behalf of the user
  • Safeguards: Google acts as an independent data controller for its own platform. Google's use of data is governed by the Google Privacy Policy and applicable API terms.
  • Location: United States and global Google datacentres (governed by Google's own data protection terms)

Microsoft Corporation — Outlook email access

  • Data shared: OAuth tokens and inbox data retrieved via Microsoft Graph API (Mail.Read, Mail.Send, User.Read scopes)
  • Purpose: authenticating Outlook connections and retrieving inbox data on behalf of the user
  • Safeguards: Microsoft acts as an independent data controller for its own platform. Microsoft's use of data is governed by the Microsoft Privacy Statement and applicable API terms.
  • Location: United States and global Microsoft datacentres (governed by Microsoft's own data protection terms)

Sub-Processors

The following third-party processors act under our instruction.

Anthropic PBC — AI draft generation

  • Data shared: full email body content, thread context, sender identity, business context
  • Purpose: generating reply drafts for your review
  • Safeguards: DPA with EU Standard Contractual Clauses (SCCs), automatically incorporated into Anthropic's Commercial Terms of Service. Anthropic does not use API customer data to train models.
  • Location: United States (data transfer covered by EU SCCs)

OpenAI, L.L.C. — AI draft generation (fallback)

  • Data shared: full email body content, thread context, sender identity, business context
  • Purpose: fallback LLM provider used when the primary AI provider is rate-limited or unavailable
  • Safeguards: DPA with EU Standard Contractual Clauses (SCCs). OpenAI does not use API customer data to train models.
  • Location: United States (data transfer covered by EU SCCs)

Supabase — Database

  • Data shared: all stored user and workspace data
  • Purpose: primary data storage
  • Safeguards: DPA accepted; EU hosting (Ireland, eu-west-1)

Vercel — Application hosting

  • Data shared: request data passing through the application server
  • Purpose: hosting and serving the NudgeX application
  • Safeguards: DPA accepted; EU SCCs in place for international data transfers

Clerk — Authentication

  • Data shared: email address, user identity
  • Purpose: user authentication and session management
  • Safeguards: DPA accepted; EU SCCs in place for international data transfers

Stripe — Billing

  • Data shared: email address, subscription status, payment information
  • Purpose: subscription billing and payment processing
  • Safeguards: DPA accepted; EU SCCs in place; Stripe is PCI DSS Level 1 certified

Sentry — Error tracking

  • Data shared: error logs, stack traces, request metadata (no email content)
  • Purpose: application monitoring and debugging
  • Safeguards: DPA accepted; EU hosting (Frankfurt) for the NudgeX project

Resend — Transactional email

  • Data shared: email address, account event metadata (no inbox content)
  • Purpose: sending transactional and account notification emails (e.g. trial reminders, billing notifications, account events)
  • Safeguards: DPA accepted; EU SCCs in place for international data transfers

Upstash — Rate limiting

  • Data shared: request counts (no personal data beyond IP address for rate limiting)
  • Purpose: API rate limiting and abuse prevention
  • Safeguards: DPA accepted; EU SCCs in place for international data transfers

We do not share your data with advertising platforms, data brokers, or any entity not listed above.

7. Data Retention and Deletion

7.1 Email content and account data

  • Retained for the lifetime of your active subscription.
  • Permanently deleted when you delete your account — all workspace data, inbox connections, email threads, messages, actions, audit logs, operational metrics, and feedback are cascade-deleted. This applies whether you delete via the NudgeX account settings or by deleting your account directly through your authentication provider.
  • Pseudonymised and data-cleared when you disconnect a Gmail or Outlook connection — all email thread data, messages, queue items, actions, and feedback associated with that connection are permanently deleted via cascade. The connection record itself is retained with status "revoked" for audit purposes, but your email address is replaced with a pseudonym and your OAuth tokens are permanently deleted from the record.
  • Deletion is irreversible. We do not retain backups of deleted user data beyond our standard backup rotation window.

Database backups are retained for 30 days. Deleted user data becomes unrecoverable after this period.

Some sub-processors retain operational logs or metadata on their own systems independently of NudgeX-side deletion — see Section 7.5 for details.

7.2 Operational metrics

Operational metrics (see Section 2.2) are associated with your workspace and constitute personal data under GDPR. They are deleted when your workspace is deleted as part of account deletion. The right to erasure applies to this data.

7.3 Billing event records

Anonymised billing event records (with no workspace or user association) may be retained after account deletion for financial compliance and audit purposes. These records do not contain email content or personally identifiable information.

7.4 Stripe billing records

Stripe retains billing records as required by applicable financial regulations. This is outside our control.

7.5 External retention surfaces

Some sub-processors and platform integrations retain data on their own systems for operational, technical, or compliance reasons. We do not control these retention periods directly, and deletion of NudgeX-side data does not necessarily delete the corresponding records held externally:

  • Microsoft (Outlook): Microsoft retains a copy of your email data on its platform regardless of NudgeX activity. Deleting NudgeX data does not delete the underlying message from your Outlook account.
  • Resend: Transactional email metadata and delivery logs are retained by Resend per their standard log retention policy.
  • Sentry: Application error logs (no email content) are retained in the EU (Frankfurt) per Sentry's standard retention policy.
  • Stripe: The Stripe customer object and associated billing history are retained by Stripe as required by financial regulations (see also Section 7.4).
  • Google Pub/Sub watch: The Gmail watch subscription used to receive push notifications expires approximately every 7 days and is renewed automatically. No email content is stored within the subscription itself.
  • Microsoft Graph subscription: The Outlook subscription used to receive push notifications expires approximately every 3 days and is renewed automatically. No email content is stored within the subscription itself.

7.6 Inactive accounts

If your account has been inactive for 12 consecutive months, we will notify you by email that your email content and associated workspace data will be deleted in 30 days unless you log in. If you do not log in within 30 days of this notice, your email content, threads, queue items, actions, operational metrics, and feedback will be permanently deleted. Your account and workspace configuration will be retained so you can reactivate and reconnect your inboxes at any time.

8. Your Rights Under GDPR

As a user in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and, where applicable, the UK GDPR:

  • Right of access: you can request a copy of the personal data we hold about you
  • Right to rectification: you can ask us to correct inaccurate data
  • Right to erasure: you can delete your account at any time, which triggers deletion of all associated data (see Section 7)
  • Right to restriction of processing: you can ask us to restrict processing of your data in certain circumstances
  • Right to data portability: you can request your data in a machine-readable format

To request a copy of your personal data, email info@nudgex.app with the subject line "Data Portability Request". We will compile and deliver your data in a machine-readable format (JSON) within 30 days.

  • Right to object: you can object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at info@nudgex.app. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for NudgeX is:

  • Autoriteit Persoonsgegevens (Dutch Data Protection Authority) — autoriteitpersoonsgegevens.nl

If you are based in the UK, you may also contact the Information Commissioner's Office (ICO) — ico.org.uk.

9. Legal Basis for Processing

We rely on the following legal bases under GDPR Article 6:

  • Contract performance (Article 6(1)(b)): processing your email content, account data, and usage data is necessary to provide the NudgeX service you have subscribed to
  • Legitimate interests (Article 6(1)(f)): processing operational metrics to improve service quality; error logging for security and reliability. Our legitimate interests do not override your rights.
  • Legal obligation (Article 6(1)(c)): retaining billing records as required by law

10. Minimum Age

NudgeX is a professional tool intended for use in a business context. You must be at least 16 years old to use NudgeX. By creating an account, you confirm that you meet this requirement.

If we become aware that a user is under 16, we will delete their account and associated data immediately.

11. International Data Transfers

Your data is primarily stored in the European Union:

  • Supabase (database): Ireland, eu-west-1
  • Vercel (application hosting): Frankfurt, fra1 — no international transfer; data remains within the EEA

Some sub-processors are located in the United States:

  • Anthropic (AI processing) and OpenAI (fallback AI processing): each covered by EU Standard Contractual Clauses (SCCs) incorporated into their respective Commercial Terms of Service
  • Clerk, Stripe, Sentry, Resend, and Upstash: each provides a DPA incorporating EU Standard Contractual Clauses (SCCs), which we have accepted as part of their standard terms of service

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place as required by GDPR Chapter V.

12. Cookies and Tracking

NudgeX uses only technically necessary cookies for authentication and session management (via Clerk). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

We do not run any analytics beyond error tracking (Sentry). Sentry session replay is disabled — no user screen recordings are made.

No cookie consent banner is required for strictly necessary cookies under the ePrivacy Directive.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document. For significant changes, we will notify you by email to the address associated with your account at least 14 days before the change takes effect.

Continued use of NudgeX after the effective date of a change constitutes acceptance of the updated policy.

14. Contact

For any questions, requests, or complaints regarding this Privacy Policy or our data practices:

  • Email: info@nudgex.app
  • Website: nudgex.app

We aim to respond to all privacy-related requests within 30 days.

NudgeX — nudgex.app