Privacy Policy

Last updated: August 28, 2025

This Privacy Policy explains how Yondu AG (doing business as “nudgr”, “we”, “us”, “our”), registered in Freienbach, Switzerland, collects, uses, shares, and protects personal data when you use our websites, applications, and related services (the “Services”). We comply with the Swiss Federal Act on Data Protection (rev-FADP) and, where applicable, the EU/EEA General Data Protection Regulation (GDPR) and the UK GDPR.

1) Who is responsible (Controller)

The controller is Yondu AG, Freienbach, Switzerland. You can reach us at privacy [at] nudgr.ch .

2) What we do

nudgr is a behavioral-science-powered copy generation platform (e.g., ad copy, newsletters). To run the Services, we process limited account, usage, and billing data, and content you submit to create copy.

3) Personal data we collect

• Account & Contact: name, email, optional company.
• Authentication & Security: identifiers (IP address, device/browser info), login events, error logs.
• Billing: subscription tier, transactions handled by Stripe (we do not store full card numbers).
• Product Usage: copy jobs, quotas/usage counters, feature interactions.
• Content you provide: prompts/inputs to generate copy (stored to deliver the Service and your history).

We do not intentionally collect special-category data or precise geolocation and ask you not to submit such data.

4) Purposes & legal bases

• Provide the Services (account creation, copy generation, support) — contract performance.
• Security & abuse prevention (fraud, misuse, incident response) — legitimate interests / legal obligations.
• Analytics & product improvement (feature adoption, reliability) — legitimate interests (with safeguards).
• Billing & compliance (invoices, accounting, tax) — legal obligations.
• Communications (service notices; optional updates) — legitimate interests / consent where required.

We do not engage in automated decision-making producing legal or similarly significant effects (GDPR Art. 22).

5) Cookies & analytics

We currently use functional and analytics cookies only. We use Google Analytics to understand aggregate usage; in the EEA/UK/CH we obtain consent for non-essential cookies. You can change preferences in your browser or through any cookie banner we provide.

6) Sub-processors (service providers)

We use carefully selected providers bound by data-processing terms equivalent to this Policy:

• Firebase (Google Cloud) — authentication, Firestore database, hosting.
• Fly.io — application hosting/deployment.
• Postmark — transactional email delivery.
• Stripe — payments and subscription billing.
• Google Analytics — product analytics (with consent where required).

An up-to-date list is available on request at privacy [at] nudgr.ch .

7) International transfers

If personal data is transferred outside Switzerland/EEA/UK (e.g., to the United States), we rely on recognized safeguards such as the EU Standard Contractual Clauses (SCCs) (including Swiss/UK addenda) and, where applicable, Data Privacy Framework certifications of vendors.

8) Security

• Encryption in transit; platform-level encryption at rest provided by our cloud vendors.
• Access controls (least privilege), audit logging, and periodic security reviews.
• Backups and resilience measures appropriate for our stage and risk profile.

Your role: keep credentials confidential and enable two-factor authentication where available.

9) Retention

• Account & Service data: kept while your account is active and as needed to operate the Service.
• Usage & log data: typically up to 90 days for troubleshooting and security.
• Billing records: retained per Swiss law (generally up to 10 years).

We delete or irreversibly anonymize data when it is no longer required, subject to legal holds.

10) Your rights

Under rev-FADP/GDPR (where applicable) you may request access, correction, deletion, restriction, portability, or object to certain processing. You may also withdraw consent at any time (does not affect prior lawful processing). Contact: privacy [at] nudgr.ch . We will verify your identity and respond within the statutory period.

11) Children

The Services are intended for individuals 18 years and older. We do not knowingly collect data from minors.

12) Disclosures required by law

We may disclose data when necessary to comply with valid legal processes or to prevent fraud/security incidents, consistent with applicable law and subject to our confidentiality obligations.

13) Governing law & complaints

This Policy is governed by Swiss law. The competent supervisory authority in Switzerland is the FDPIC. If you are in the EEA/UK, you may also lodge a complaint with your local data-protection authority.

14) Changes

We may update this Policy to reflect changes in our Services or legal requirements. We will post the updated version here and adjust the “Last updated” date. Material changes will be notified in advance where required.

15) Contact

Email: privacy [at] nudgr.ch
Controller: Yondu AG, Freienbach, Switzerland
(Postal address to be added when available.)