Fan Interactive LLC

Nudge Privacy Policy

Effective date: May 28, 2026
Last updated: May 29, 2026

This Privacy Policy explains what data Nudge ("Nudge," "we," "us") collects when you use the Nudge mobile application (the "App"), where it lives, how long it is kept, who else sees it, and what choices you have. Nudge is operated by Fan Interactive LLC.

For questions or to exercise any right described below, contact contactfandevelopment@gmail.com.

Data we handle

The list below is the authoritative inventory of what the App touches and where it sits. Specific provider behavior is described in Third-party providers.

On your device only (encrypted, not copied to our servers):

  • Workouts, planned workouts, exercises, sets and reps
  • Body measurements, progress photos, blood pressure
  • Nutrition, water, vitamins, supplements, meals, recipes, goals, activity
  • Todos and streaks
  • Heartbeat, Pulse, and Rhythm automations
  • Custom themes, custom prompts, app preferences

This data is kept until you delete it or uninstall the App. We have no copy and cannot restore it for you.

Chat messages, conversations, and coach memories are stored on your device, but the picture is not “device only” for these:

  • When you chat, the message text (and any photo or PDF you attach in chat) is sent to AI providers in real time to generate a response. See Third-party providers for who receives what and under what setting.
  • If the “Help train Nudge’s AI” toggle is on, redacted copies of your chat messages are also stored on our servers and may be used to improve our AI. See AI training. The toggle’s default depends on your region; you can change it at any time.

On our servers:

  • Account: email, name, password hash, date of birth. Kept until you delete your account.
  • Settings and preferences: privacy toggles, voice preferences, notification preferences. Kept until you delete your account.
  • Usage counters and AI token-usage records: used to enforce subscription and rate limits. Kept until you delete your account.
  • Google Calendar tokens (encrypted): only if you connect Google Calendar. Kept until you disconnect Calendar or delete your account.
  • Device-identifier hash: a one-way hash of a per-device identifier, used solely to prevent the same device from claiming the same reward more than once (e.g., child verification, friend invites). We never receive the raw identifier.
  • Parental-consent proof (if you verify a minor): the verifying adult's email, date of birth, and the date of verification. Retained while the verified minor's account exists, even if the verifying adult later deletes their own account, as proof that an adult gave consent on a known date. Kept for that compliance purpose only.
  • Analytics events (opt-in): which features you use, with no personal content. Kept until you delete your account or turn analytics off.
  • AI-training corpus (opt-in): redacted copies of your chat messages. See AI training. Kept until you opt out or delete your account.

Sent to providers in real time, not stored by us:

  • Chat text and any photos you take or attach (including a meal photo for nutrition estimation) are sent to Groq.
  • Voice clips are sent to Deepgram.
  • PDF attachments are sent to Google's Gemini API.
  • Image-generation prompts are sent to Replicate; the resulting image is checked by AWS Rekognition before it is shown to you.
  • Web-search queries (after redaction) are sent to Serper; the readable text of result pages is extracted via Jina.
  • Food, vitamin, and supplement lookups (search term or scanned barcode) are sent to USDA FoodData Central and Open Food Facts.

Sent to a third party that holds the data:

  • Crash reports (opt-in): Firebase Crashlytics. Retained per Firebase's policy.
  • Sign-in identity: if you sign in with Apple or Google, the basic identity you authorize is held by those providers.
  • Subscription status: held by the relevant app store (Apple, Google) and, when subscriptions go live, by RevenueCat and/or Stripe. We never receive card details.

Backups and exports you create are saved wherever you put them. We do not get a copy.

What we do not collect. We do not obtain data from data brokers. We do not access your contacts, photo library, location history, or browsing history unless you explicitly grant access for a specific feature. We do not collect anything for advertising.

Third-party providers

For each provider below, we have configured the most privacy-protective setting they offer.

Groq runs our language and vision models. Zero Data Retention is enabled, which is meant to prevent Groq from retaining your prompts or images. Your chat text and any photos you attach (including meal photos for nutrition estimation) are sent to Groq under this setting and are not sent to any other model provider.

Deepgram transcribes voice clips and reads replies aloud. We send the mip_opt_out=true header on every call, which signals Deepgram not to retain or train on the audio.

Google (Gemini) extracts text from PDFs you attach.

  • What Gemini receives: the PDF's contents (text and page images) plus a fixed instruction to extract and summarize it. No chat history is included.
  • How it is sent: inline in a single API request. We do not upload it to Google's file storage, place it in a vector or search index, or store it in cloud storage. Google does not create a persistent copy.
  • Retention and use: we use Google's paid API tier. Under those terms, Google does not use your file or the returned text to train its models. Google may retain short-lived logs for abuse and policy monitoring, after which they are deleted. See Google's Gemini API terms.
  • What we keep: only the file size and page count, to enforce rate limits.

Replicate generates images you ask for in chat. Per Replicate's published policy, generated images auto-delete within one hour. We also request immediate deletion as soon as we have fetched the image.

AWS Rekognition attempts a moderation check on each generated image for nudity and celebrity likeness before it is shown to you. If the check is unavailable (for example, an AWS outage), an image may be shown without it. We have AWS's AI services opt-out policy enabled, which is meant to exclude submissions from being used to improve AWS models.

Serper performs web searches. Serper logs the queries we send. For chat searches, the AI first rewrites your message into a focused query rather than forwarding your raw text, and our server then runs a redactor that strips common personal-data patterns. For Rhythm prompts the server redactor runs but the AI rewrite step does not. What you type is what gets sent, minus the patterns the redactor catches. Neither step is guaranteed to catch everything; avoid placing truly sensitive information in a search request.

Jina extracts the readable text from search-result pages.

USDA FoodData Central and Open Food Facts. When you look up a food, vitamin, or supplement, by typing a search term or scanning a product's barcode/QR code, the search term or product code is sent to these public databases for nutrition and ingredient data. We send only the search text or product code, never information about you or your account. Barcode lookups may be sent to Open Food Facts directly from your device.

Supabase is our database, file storage, and server functions provider.

Firebase Crashlytics (Google) handles crash reports, only if you have enabled crash reporting.

Apple, Google: sign-in (only if you use it), app distribution, and in-app purchases.

Expo: app builds and over-the-air updates.

Payments (not active yet, for when paid subscriptions launch). Subscriptions are not currently available to purchase. When they launch: Apple App Store and Google Play will process in-app purchases; Stripe will process web checkouts; RevenueCat will manage subscription status across platforms. None of these will receive your card details from us, because we never see them. We will update this policy before any of these providers begin processing your data.

AI training (opt-in toggle)

Settings contains a toggle called Help train Nudge's AI. When it is on, redacted copies of your chat messages are saved on our servers and may be used to improve our AI. When it is off, no new chat content is sent to the training corpus, and any redacted copies we already hold for your account are deleted.

Default by region. For new accounts created outside the EU/EEA and the UK, the toggle starts on. For new accounts created in the EU/EEA or the UK, the toggle starts off, and you must actively turn it on to participate. You can change it at any time, in either direction.

Redaction. Before any chat content is stored, it passes through two passes of redaction: a local pass on your device that strips emails, phone numbers, addresses, and your own profile name, then a second AI-driven pass that strips other people's names, organizations, locations, and identifiers.

What deletion can and cannot undo. Turning the toggle off deletes our redacted copies of your contributions. We cannot remove data from a model that has already been trained on it, because removing data from trained model weights requires retraining from scratch. This is the same for every AI provider.

Your rights and choices

You can:

  • Export your data via the in-app Export feature.
  • Correct your data in the App, or by email.
  • Delete your account in Settings, then Account, then Delete Account. We wipe what we have within 30 days, except records we are legally required or permitted to keep (a small number of records such as tax-relevant transaction history and, if you verified a child, proof that parental consent was given).
  • Withdraw consent for analytics, crash reporting, or AI training at any time.

How to make a request. Email contactfandevelopment@gmail.com. We respond within one month of receiving your request. Where a request is particularly complex or where we receive a high volume of requests, we may extend the response period by up to two further months and will tell you within the first month if we need to do so.

In-app controls. In Settings you can turn off Crash reporting, Product analytics, and Help train Nudge's AI. You can also turn on Block screenshots. On Android the OS prevents screenshots and screen recording of the App; on iOS the OS does not allow full screenshot blocking, but the App hides sensitive content when it detects screen recording.

If you live in a country with a data protection authority, you may lodge a complaint with it. If you live in California, the rights above apply; we do not sell or share personal information.

Security

  • Data on your device is encrypted at rest using industry-standard encryption. The key is held only in your device's secure storage and is never transmitted to us.
  • Data in transit between the App and our servers is encrypted.
  • The App offers an optional App Lock (password + biometric) with recovery codes. We do not hold a copy of your password. If you lose both your password and your recovery codes, we cannot restore access. That is by design.
  • Breach notification. If we become aware of a personal-data breach that is likely to result in a risk to your rights or interests, we will notify the relevant supervisory authority within 72 hours of becoming aware, and we will notify affected users without undue delay where required by law.

Children and under-18 verification

Nudge is for users 13 and up. We do not knowingly collect anything from children under 13. If you believe a child under 13 has created an account, email us and we will investigate and remove the account if we determine it belongs to a child under 13.

Everyone under 18 must be verified by a parent or guardian before they can use the App, regardless of where they live. The parent or guardian creates their own adult (18+) account and approves the under-18 user through an in-app pairing code. We apply this everywhere, even where the legal minimum is lower (for example, 16 in parts of the EU), in order to over-protect rather than maintain a per-country rule.

When a parent or guardian verifies a child, we keep a consent-proof record: the verifying adult's email, date of birth, and the date of verification, as proof that an adult gave consent on a known date. We retain it while the verified minor's account exists, even if the verifying adult later deletes their own account. It is kept for that compliance purpose only.

We may access, preserve, or disclose information we hold about you (a) to comply with applicable law, regulation, subpoena, court order, or other valid legal process, and (b) where we believe in good faith it is necessary to enforce our Terms; to detect, prevent, or address fraud, abuse, or security issues; or to protect the rights, property, or safety of our users, the public, or us.

Disclaimers

Medical. Nudge is not a medical service and is not a HIPAA-covered entity. The data you log and the responses the AI gives are for general information and motivation only. They are not a diagnosis, treatment, prescription, or professional recommendation. Talk to a licensed healthcare professional before starting or changing an exercise program, changing your diet, taking supplements, or acting on anything the App tells you, especially if you have a medical condition, are pregnant, or take medication.

AI output. AI output can be wrong, incomplete, biased, or fabricated. Generated images can fail to match what you asked for, and web search can surface unreliable sources. Do not rely on AI output for decisions that materially affect your health, finances, relationships, or safety without independent verification.

Changes to this policy

We may update this policy as the App and the law evolve. For material changes, such as collecting new categories of personal data, using your data for a new purpose, sharing it in a materially less protective way, or reducing your rights, we will give reasonable advance notice (typically 30 days) through the App or by email before the change takes effect. Other updates take effect when posted. Routine provider changes serving the same purpose with comparable protections are not, by themselves, material. Continued use of the App after a change takes effect means you accept the updated policy.

Contact

contactfandevelopment@gmail.com

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by