Nudje

Privacy Policy

2026-07-04

Draft — this policy is pending legal review and will be finalized before launch.

The short version: Nudje works without an account, keeps your reminders on your phone, never tracks you, and never sells anything about you. If you subscribe to cloud sync, your data is end-to-end encrypted and we cannot read it. This policy spells out the details, including the small amount of metadata we necessarily see.

1. Who we are

Nudje is built and operated by Nameverse (“we”, “us”). Contact: privacy@nudje.app.

2. What the free app processes

The free app requires no account and no personal information.

  • Your reminders, history, streaks, and settings are stored in a local database on your device. They are not transmitted to us.
  • Anonymous crash reports. If the app crashes, a technical report (stack trace, app version, OS version, device model) is sent to a crash server we host ourselves. It contains no advertising identifier, no account, and no reminder content.
  • Anonymous usage analytics (optional). Coarse product events — e.g. “a reminder was created”, “onboarding completed” — are sent to an analytics server we host ourselves. There is no persistent identifier: a random session ID exists only while the app runs and is never stored. No reminder content, health information, or personal data is ever included. In the EU/EEA/UK this is off until you opt in; elsewhere it is on by default and can be switched off any time in Settings.
  • Remote configuration. The app periodically fetches a small public settings file (nothing about you is sent — it’s a plain download).

3. Advertising

The free app shows a single, low-frequency banner ad, and occasionally an interstitial, served by Google AdMob in non-personalized mode: no advertising identifier is used, no profile is built, and ads are selected from context only.

  • In the EU, EEA, UK, and Switzerland the app shows no ads at all.
  • In Brazil and Türkiye, where ads run and local law (LGPD, KVKK) requires it, a consent dialog is shown before any ad loads.
  • Both paid tiers remove ads everywhere.
  • Because the ad SDK ships in the app, store privacy labels disclose “advertising data — not linked to you” even in regions where no ad is ever shown.

4. What Nudje+ (cloud sync) processes

If you subscribe and enable sync:

  • Your content is end-to-end encrypted. Reminders and history are encrypted on your device (XChaCha20-Poly1305) with keys only your devices hold. Our servers store ciphertext they cannot decrypt. Your recovery code is the only way to unlock your data on a new device; we cannot read, reset, or recover it.
  • Account metadata we do see: an account identifier from your sign-in provider (Apple/Google subject, or a salted hash of your email for magic-link sign-in — we do not store the address itself), device push tokens, encrypted-record counts and version numbers, sync timestamps, and — if you share a caregiver profile — which accounts share with which, and in what role. We disclose this because zero-knowledge systems still see shapes; we minimize what those shapes reveal.
  • Subscription status is provided to us by RevenueCat and the app stores to unlock features. Payment card details never reach us.

5. What we never do

  • We never sell or rent data — content, metadata, or otherwise.
  • We never use advertising identifiers or cross-app tracking (the app never shows an ATT prompt because it has nothing to ask for).
  • We never share data with third parties except the processors strictly required to operate (app stores/RevenueCat for billing, Google AdMob for non-personalized ads outside the EU) — our crash and analytics servers are self-hosted precisely to avoid third-party processors.
  • We never read your reminders. With sync enabled, we couldn’t even if asked.

6. Children

Nudje accounts are for adults (16+, or the digital-consent age in your country). Children can be cared for through managed profiles, which contain no personal data about the child beyond a label you choose (like “Kid”), stay under your account and your responsibility, and are excluded from analytics and ads.

7. Your rights

Wherever you live — and specifically under GDPR, LGPD, and KVKK — you can:

  • Export your data at any time (Settings → Export backup; it’s your file).
  • Delete everything: uninstall the free app, or use Settings → Account → Delete account for Nudje+, which erases your ciphertext, keys, and account records. Erased ciphertext is unrecoverable by construction.
  • Object / opt out of analytics (Settings toggle) and ads (both paid tiers, or the EU where none exist).
  • Contact privacy@nudje.app for anything else; we respond within 30 days.

8. Data location and retention

Sync data is stored in the European Union. It is retained while your account exists and deleted when you delete the account. Crash reports and analytics events are retained for at most 12 months.

9. Changes

We’ll post changes here with the “updated” date above, and note material changes in the app. The promises in §5 are the product’s foundation — they don’t change.