Privacy Policy
Last updated: 10 March 2026
ChaseNudge ("we", "us", "our") is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable EU/EEA data protection laws. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our Service.
1. Data Controller
ChaseNudge is the data controller for personal data collected through the Service. Contact: adam@chasenudge.com
2. Data We Collect
Account data: Name, email address, password (hashed), and authentication provider (Google OAuth).
Email connection data: OAuth tokens (encrypted at rest) for Gmail or Outlook, the email address you connect, and provider information. We do not store your email password.
Proposal data: Proposal title, content, client name, and client email address that you provide.
Follow-up data: Email subjects, body text, scheduling information, and send status.
Tracking data: Email open events (timestamp, IP address of the opener) collected via a tracking pixel embedded in follow-up emails. See Section 7 for details.
Payment data: Processed by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers.
Usage data: Pages visited, features used, and general analytics to improve the Service.
3. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Providing the Service (sending follow-ups, dashboard) | Performance of contract (Art. 6(1)(b)) |
| Processing payments | Performance of contract (Art. 6(1)(b)) |
| Email open tracking | Legitimate interest (Art. 6(1)(f)) |
| Sending service communications (account, billing) | Performance of contract (Art. 6(1)(b)) |
| Improving the Service | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (tax, fraud prevention) | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
- To send automated follow-up emails on your behalf from your connected email account
- To track whether recipients have opened your follow-up emails
- To display engagement data (opens, timestamps) on your dashboard
- To process subscription payments via Stripe
- To communicate with you about your account, billing, and Service updates
- To detect and prevent abuse, spam, and unauthorised access
- To improve and develop the Service
5. Data Sharing & Sub-processors
We do not sell your personal data. We share data only with the following third-party services necessary to operate ChaseNudge:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | EU (Frankfurt) |
| Stripe | Payment processing | US (SCCs in place) |
| Cloudflare | Hosting & CDN | Global (SCCs in place) |
| Google (Gmail OAuth) | Email sending on your behalf | US (Adequacy decision) |
| Microsoft (Outlook OAuth) | Email sending on your behalf | US/EU (SCCs in place) |
6. Google API Services: Limited Use Disclosure
ChaseNudge uses Google OAuth to connect your Gmail account so we can send follow-up emails on your behalf. When you connect Gmail, we request access to the gmail.send scope only. This allows us to send emails from your account. We do not read, scan, index, or store your inbox, contacts, or any other Gmail data.
What we access:
- Your Gmail address (to identify your connected account)
- Permission to send emails on your behalf (gmail.send scope)
What we do NOT access:
- Your inbox or existing emails
- Your contacts
- Your drafts, labels, or settings
How we use this data:
- Solely to send scheduled follow-up emails that you have configured in ChaseNudge
- OAuth tokens are encrypted at rest and revoked immediately when you disconnect your account
ChaseNudge's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
7. International Data Transfers
Some sub-processors are located outside the EU/EEA. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.
8. Email Open Tracking (Tracking Pixel)
Follow-up emails sent through ChaseNudge contain a small, invisible image (a "tracking pixel"). When the recipient opens the email, their email client requests this image from our server, which allows us to record:
- That the email was opened
- The date and time of the open
This data is displayed only to you (the ChaseNudge user who sent the follow-up) on your dashboard. We do not build profiles of recipients, sell this data, or use it for advertising.
Your responsibility: As the sender of follow-up emails, you are the data controller for your clients' data. You are responsible for ensuring that your use of email tracking complies with the laws applicable in your and your recipients' jurisdictions. In some EU member states, tracking pixels may require prior consent from the recipient under the ePrivacy Directive (2002/58/EC).
9. Data Retention
We retain your data for as long as your account is active, plus:
- Account data: Deleted within 30 days of account deletion.
- Proposal & follow-up data: Deleted within 30 days of account deletion.
- Email tracking data: Deleted within 30 days of account deletion.
- OAuth tokens: Revoked and deleted immediately when you disconnect an email account or delete your account.
- Payment records: Retained for 7 years as required by Irish tax law.
10. Your Rights (GDPR)
Under the GDPR, you have the right to:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Restriction: Request we restrict processing of your data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email adam@chasenudge.com. We will respond within 30 days.
11. Data Security
We implement appropriate technical and organisational measures to protect your data, including: encryption of OAuth tokens at rest, HTTPS for all data in transit, access controls, and regular security reviews. No system is 100% secure, but we take commercially reasonable steps to protect your information.
12. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Irish Data Protection Commission within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.
13. Children's Privacy
ChaseNudge is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service at least 30 days in advance. The "Last updated" date at the top reflects the most recent revision.
15. Complaints
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with:
Irish Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
Phone: +353 (0)1 765 0100
16. Contact
For any privacy-related questions, email adam@chasenudge.com.