Legal

NUDGEO Privacy Policy

NUDGEO privacy practices — data collection, processing, and retention. Data residency, AES-256 encryption at rest, TLS 1.3 in transit, retention periods, third-party sharing, sub-processors, user rights, cookies, and security controls.

Effective 2026-05-19

NUDGEO (the “Company”) is committed to protecting your personal data in compliance with applicable privacy laws and regulations. This Privacy Policy explains how we collect, use, retain, and protect information about users of the Service.

1. Data We Collect

We collect the following categories of information:

  • Required — Email address, company name, AWS Account ID.
  • Optional — Full name, job title, industry category.
  • Automatically collected — IP address, browser and OS information, page visit logs, cookies.
  • Service usage data — Tracked queries, entity information, API call records.

2. Purposes of Collection

  • Service delivery (dashboard access, measurement, content generation, automated publishing).
  • Account management (authentication, permissions, billing).
  • Service improvement (product usage analytics, A/B testing).
  • Customer support (responding to inquiries, debugging issues).
  • Legal obligations (tax reporting, dispute resolution).

3. Retention Periods

We retain personal data only for as long as necessary to fulfill the stated purpose or as required by law.

  • Account information — Until account deletion.
  • Payment records — 5 years (per applicable e-commerce regulations).
  • Access logs — 3 months (per applicable communications privacy regulations).
  • Measurement raw data — For the duration of an active account. Permanently deleted within 30 days of a deletion request.

4. Data Residency and Encryption

All personal data is stored exclusively in AWS ap-northeast-2 (Seoul region). No cross-border transfer of raw personal data occurs. Data is encrypted at rest with AES-256 and in transit with TLS 1.3.

5. Third-Party Disclosure

We do not share personal data with third parties except in the following circumstances:

  • With your explicit consent.
  • When required by law (e.g., valid legal process).
  • With subprocessors necessary to deliver the Service (see Section 6).

6. Subprocessors

We engage the following subprocessors:

  • AWS — Infrastructure hosting and payment processing.
  • OpenAI · Anthropic · Google · other AI providers — Transmission of tracked queries during measurement (limited to brand name and industry category).
  • Resend — Transactional email delivery.

7. Your Rights

You have the right to:

  • Access, correct, or delete your personal data.
  • Request restriction of processing.
  • Withdraw consent (by canceling your account).
  • Lodge a complaint with the relevant data protection authority.

Submit requests to privacy@nudgeo.com. We will respond within 7 business days.

8. Cookies

We use the following categories of cookies:

  • Authentication — Maintains your login session (required).
  • Preferences — Stores language, theme, and other user settings (optional).
  • Analytics — Anonymized usage statistics (optional; opt-out available).

9. Security Measures

  • Annual SOC 2 Type II audit (report available to Enterprise plan customers).
  • AWS Foundational Technical Review — all items passed (verified April 2026).
  • Role-Based Access Control (RBAC) with audit logs retained for 90 days.
  • SSO/SAML integration for Enterprise customers (Okta, Google Workspace, Azure AD).

10. Data Protection Officer

To obtain the name, title, and contact details of our Data Protection Officer, email privacy@nudgeo.com.

11. Policy Updates

We will provide at least 7 days' advance notice of changes to this Policy (30 days for material changes).

To request a DPA, security checklist, or audit report, contact security@nudgeo.com.