Privacy Policy

Last updated: March 24, 2026

1. Introduction

NudgeStack, Inc. ("we", "us", "our") operates the NudgeStack platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Data We Collect

Account Data

Name, email address, profile photo (via Clerk authentication), timezone preference, sender name, and reply-to email address.

Client Data

Your clients' names, email addresses, phone numbers, and payment terms that you enter into the system.

Invoice Data

Invoice numbers, amounts, due dates, payment status, PDF files you upload, and invoices synced from connected integrations (Stripe).

Uploaded Files

Deliverable files you upload for paywall-protected delivery, including file names, sizes, and types. Invoice PDFs uploaded for data extraction.

Usage Data

Pages visited, features used, sequence activity, email open/click events, and general analytics data collected via PostHog.

Payment Data

Subscription plan, billing status, and payment history. Credit card details are processed and stored by Stripe — we never see or store your full card number.

3. How We Use Your Data

  • Provide the Service: send reminder emails, manage sequences, track payments
  • Process invoice PDFs using AI (Anthropic Claude) to extract structured data
  • Send transactional emails: welcome, billing notifications, sequence completion
  • Manage your subscription and billing via Stripe
  • Improve the Service through anonymized usage analytics
  • Detect and prevent abuse or fraud
  • Comply with legal obligations

4. Third-Party Services

We use the following third-party services to operate NudgeStack:

  • Clerk — Authentication and user management
  • Stripe — Subscription billing and payment processing, invoice sync via Stripe Connect
  • Resend — Transactional and reminder email delivery
  • Neon — PostgreSQL database hosting
  • Cloudflare R2 — Secure file storage for deliverables and invoice PDFs
  • Anthropic (Claude) — AI-powered PDF invoice data extraction
  • PostHog — Product analytics and usage tracking
  • Sentry — Error monitoring and reporting
  • Trigger.dev — Background job processing

Each service processes only the minimum data necessary for its function. We encourage you to review their respective privacy policies.

5. Data Storage and Security

Your data is stored in encrypted databases hosted in the United States. Uploaded files are stored in Cloudflare R2 with server-side encryption. All data transmission uses TLS encryption. Sensitive tokens (Stripe Connect credentials) are encrypted at rest. We implement access controls and audit logging to protect your data.

6. Data Retention

Account and invoice data is retained for the lifetime of your account. Upon account deletion, your data is permanently removed within 30 days. Email logs are retained for 12 months for deliverability analysis. Uploaded files are deleted when the associated invoice or account is deleted. Anonymized analytics data may be retained indefinitely.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your personal data
  • Portability — Request your data in a machine-readable format
  • Restriction — Request restriction of processing
  • Objection — Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@nudgestack.com. We will respond within 30 days.

8. Cookies and Tracking

We use essential cookies for authentication (via Clerk). PostHog may use cookies or local storage for analytics purposes. We do not use third-party advertising cookies or sell your data to advertisers.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related inquiries, contact us at privacy@nudgestack.com.