Effective date: April 18, 2026
NudgeTable is local-first. Reminders, completion history, and most working state live on your device first. If you choose to sign in, we sync your tables and preferences so they can follow you across devices and shared households. We do not sell data, run ads, or use ad-tech trackers.
The app stores reminders, check-in history, table metadata, and preferences in your browser’s IndexedDB so the board keeps working offline. We also keep a minimal cached signed-in profile in browser session storage to help the app reopen quickly during an active session.
NudgeTable uses Google Identity Services for optional authentication. When you sign in, we receive your Google account identifier, email address, display name, and profile image URL. We do not receive your Google password or access the rest of your Google account.
After sign-in, the app keeps you signed in with a signed HttpOnly session cookie. That means the app session is not just a raw Google token parked in long-lived browser storage.
If you enable sync, we store the tables and reminders you can access, your synced preferences, sharing state, and related metadata on our server so your board can sync across devices and be shared with collaborators.
If you turn on the calendar feed, your reminders are served through a private tokenized URL as an RFC 5545 calendar stream. Anyone with that URL can read the feed, so treat it like a password. You can rotate the feed token from the app at any time.
If you enable web-push nudges, your browser shares a push endpoint and the cryptographic material needed to deliver encrypted push messages to that device. We use that only to send NudgeTable reminder nudges. Push subscription secrets are stored encrypted at rest.
If you use the in-app feedback form, we receive the category you chose plus the summary and details you submit, along with your signed-in email address so we know which account the feedback came from. Feedback is sent through our server-side feedback endpoint rather than a plain client-side mailto link.
The app may send a lightweight first-party telemetry beacon to our own API so we can understand app reliability and usage. That telemetry can include anonymous visit/session ids stored in local or session storage, page path or active view, referrer, device/browser basics, screen and viewport size, scroll depth, engagement time, and page performance signals like load time, TTFB, FCP, LCP, and CLS. If geolocation enrichment is enabled on the server, we may also derive coarse location data such as country, region, or city from your IP address through a cached HTTPS lookup; we do not store raw IP addresses in the telemetry records themselves. Telemetry respects Do Not Track, is not used for advertising, and is not shared with ad networks. We do not use third-party ad pixels or behavioral marketing trackers.
nudgetable.com) for typography.
You can clear this device’s local copy by clearing site data for nudgetable.app
or by using the app’s cache-clearing tools. Server-side synced data, push subscriptions,
feedback submissions, invite records, and calendar-feed state can be removed by deleting
your account in the app or by contacting us.
Questions about privacy or data handling? Email info@nudgetable.com.