Nudgio Privacy Policy

Effective Date: March 5, 2026

Nudgio is committed to safeguarding the privacy of its users and the merchants who connect their stores through our platform. This Privacy Policy outlines how we collect, use, share, and protect personal information, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

1.1 Account Information

When you create a Nudgio account, we collect:

  • Name and Email Address: Used for account creation, authentication, and communication.
  • Organization Details: Organization name and membership information for multi-user access.
  • Billing Information: Payment details processed securely through Stripe. We do not store credit card numbers on our servers.

1.2 Store Connection Data

When you connect your ecommerce store (Shopify, WooCommerce, or Magento), we collect and process:

  • API Credentials: Access tokens, consumer keys, and consumer secrets required to communicate with your store. These are encrypted at rest using AES symmetric encryption.
  • Product Data: Product names, descriptions, prices, images, categories, SKUs, and stock information from your store catalog.
  • Order Data: Order history including order IDs, product IDs, quantities, prices, and timestamps. Used to generate purchase-pattern-based recommendations.

1.3 Automatically Collected Data

When you visit our website or use our platform, we may automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers.
  • Usage Data: Pages viewed, time spent on each page, navigation paths, and referring URL.
  • Location Data: General geographic location inferred from your IP address.
  • Analytics Data: Recommendation widget interactions (impressions, clicks) tracked for performance analytics.

2. How We Use Your Information

We use your information for the following purposes:

  • To Provide Our Service: Connect to your ecommerce store, import product and order data, generate AI-powered product recommendations, and serve recommendation widgets.
  • Account Management: Manage your account, authenticate your identity, and process subscription billing through Stripe.
  • Analytics and Improvement: Track recommendation performance (clicks, impressions, conversions) to improve recommendation quality and provide you with analytics dashboards.
  • Communication: Send service-related emails, respond to support inquiries, and notify you of important changes to our platform.
  • Compliance and Legal Obligations: Process your data to comply with applicable laws, enforce our terms, and protect our rights or the rights of others.

3. Data Security

We take the security of your data seriously and implement the following measures:

  • Credential Encryption: All store API credentials (access tokens, consumer keys, consumer secrets, database passwords) are encrypted at rest using Fernet symmetric encryption (AES-128-CBC).
  • Transport Security: All data transmitted between your browser, our servers, and third-party store APIs is encrypted using TLS/HTTPS.
  • Access Controls: Access to personal data is limited to authorized personnel. Store connections are scoped to the owning user and organization.
  • Payment Security: All payment processing is handled by Stripe. We never store credit card numbers on our servers.

Despite these measures, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance user experience and track website performance. Cookies enable us to:

  • Authenticate Sessions: Maintain your login state and secure access to your account.
  • Track Website Performance: Using Vercel Analytics to collect and analyze anonymous usage data.
  • Remember Preferences: Store your theme preference (light/dark mode) and other settings.

You can control cookie preferences through your browser settings. Please note that disabling cookies may affect certain platform features, including authentication.

5. Third-Party Services

We use third-party services to help us operate our platform, including but not limited to:

  • Stripe: Handles subscription billing and payment processing. Stripe collects and processes payment information under its own privacy policy.
  • Vercel: Hosts our website and provides anonymous analytics. Subject to Vercel's privacy policy.
  • Ecommerce Platforms: Shopify, WooCommerce, and Magento APIs are accessed using credentials you provide to fetch product and order data necessary for our service.

These third parties may collect personal data subject to their own privacy policies. We recommend reviewing the privacy policies of these third parties.

6. Data Sharing and Disclosure

We may share your personal information with:

  • Service Providers: Third parties who assist us in providing our services (e.g., hosting, payment processing).
  • Legal Obligations: When required by law, regulation, or court order, or in response to a valid legal process.
  • Business Transfers: In the event of a merger, sale, or acquisition, your personal information may be transferred to the acquiring entity.

We do not sell or rent your personal information to third parties for their marketing purposes. Your store data (products, orders) is only used to generate recommendations for your own store.

7. Your Rights and Choices

7.1 Access and Control Over Your Data

You have the following rights regarding your personal data:

  • Right to Access: You may request access to the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete information.
  • Right to Deletion: You can request the deletion of your data, including all store connections and associated data.
  • Right to Restrict Processing: You can request limitations on how your data is processed.
  • Right to Object: You can object to data processing based on legitimate interests.
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.

To exercise these rights, please contact us at contact@nudgio.tech. We may require verification of your identity before processing your request.

7.2 Store Data Deletion

You can disconnect your ecommerce store at any time through the Nudgio dashboard. When you delete a connection, all associated API credentials are permanently removed from our systems. Cached recommendation data is also cleared.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. When you delete your account or a store connection, we will delete the associated data within 30 days, except where we are required to retain it for legal or compliance purposes. Analytics data may be retained in anonymized form for service improvement.

9. International Data Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from those in your country. We take appropriate steps to ensure that your personal information is protected in accordance with this Privacy Policy wherever it is processed.

10. Children's Privacy

Our services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected such information, we will delete it as soon as possible.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will revise the effective date at the top of the policy and post the updated policy on our website. We encourage you to review this policy regularly.