ChaseNudge is fully committed to complying with the EU General Data Protection Regulation (GDPR). Here's how we protect your data and your clients' data.
We collect the minimum data required to provide the Service: your name, email, connected email account (via OAuth), proposal content, and client contact details. We do not collect unnecessary personal information.
We never sell your personal data or your clients' data to third parties. We never use your proposal content for marketing, training, or any purpose other than delivering the Service to you.
OAuth tokens are encrypted with AES-256 at rest. All connections use TLS 1.2+ encryption. Payments are handled by Stripe (PCI DSS Level 1 certified). We never store credit card numbers.
You can access, export, correct, or delete your data at any time. Delete your account and all your data: proposals, follow-ups, tracking data, OAuth tokens: is permanently removed within 30 days.
We maintain a public list of all third-party services that process data on our behalf: Supabase (database, EU), Cloudflare (hosting), Stripe (payments), and Google/Microsoft (email OAuth). Each has appropriate data protection agreements.
Follow-up emails may contain a tracking pixel that records when the email is opened. This is clearly documented in our Privacy Policy and Cookie & Tracking Policy. We only record that an email was opened and when: nothing more.
In the unlikely event of a data breach, we will notify the Irish Data Protection Commission within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.
Our primary database is hosted in the EU (Frankfurt) via Supabase. Where data is processed outside the EU, we ensure Standard Contractual Clauses (SCCs) or adequacy decisions are in place.
As an EU/EEA resident, you have the following rights regarding your personal data:
Request a copy of all personal data we hold about you.
Correct any inaccurate or incomplete data.
Request deletion of your data ("right to be forgotten").
Request we limit how we process your data.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interest.
To exercise any of these rights, email adam@chasenudge.com. We will respond within 30 days.
We are the data controller for your account data (name, email, login credentials) and usage data. We decide how this data is processed to provide the Service.
When you create proposals and send follow-ups, you are the data controller for your clients' data. ChaseNudge acts as a data processor: we process client emails and proposal data only on your instructions.
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority. Our lead supervisory authority is:
Irish Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone: +353 (0)1 765 0100
Website: www.dataprotection.ie