Privacy Policy

Overview

Nudge is a personal task-management tool that helps users focus on one day at a time. This Privacy Policy explains what information Nudge collects, how it is used, how it is protected, and the choices you have. This policy applies to the web application at https://nudge.tw and the companion mobile application.

Information We Collect

Account information

When you sign in with Google we receive your Google account name, email address, and profile picture. We use this information solely to create and identify your Nudge account.

Task and note content

Tasks, notes, cards, tags and other content you create inside Nudge are stored in our database so we can display them back to you across devices.

Google Calendar data (optional)

If you choose to connect your Google Calendar, we request the https://www.googleapis.com/auth/calendar.readonly scope. With this permission, Nudge fetches calendar events for the current day (or week) and displays them next to your tasks. We do not modify, create, delete, or export any calendar data.

How We Use Google User Data

Nudge's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• Google Calendar events are fetched on demand each time you view the Tasks screen. We read events for the displayed date range only.
• Events are rendered in the interface and are not stored in our database or logged.
• Google user data is never sold, shared with third parties for advertising, or used to train machine-learning models.
• Google user data is used only to provide the user-facing calendar view feature described above.

How We Store and Protect Information

• Google OAuth access tokens and refresh tokens are stored in our database encrypted with AES-256-GCM before being written to disk.
• Database connections use TLS. Application traffic is served over HTTPS.
• Access to production infrastructure is restricted to the developer and protected by two-factor authentication where available.
• We do not retain Google Calendar event content on our servers. Only the encrypted tokens persist so that future requests can be made on your behalf.

Sharing and Third Parties

Nudge does not sell your personal information. We do not share your Google user data with third parties. We use the following infrastructure providers to operate the service:

• Zeabur — application hosting and managed PostgreSQL database.
• Google Identity / Google Calendar API — sign-in and calendar data access.

These providers only receive the information strictly necessary to operate the service.

Your Choices and Rights

• Disconnect Google Calendar: you can disconnect at any time from Settings → Calendar → Disconnect. This deletes the stored OAuth tokens immediately.
• Revoke access directly from Google: visit https://myaccount.google.com/permissions to revoke Nudge's access.
• Delete your account: email us at gv88999@gmail.com and we will permanently delete your account and all associated data within 30 days.
• Access your data: email us at the address above to request a copy of the data we hold about you.

Data Retention

Tasks, notes, cards and other content you create remain in our database until you delete them or request account deletion. Encrypted Google OAuth tokens remain until you disconnect Google Calendar or delete your account.

Children's Privacy

Nudge is not directed at children under 13 and we do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Effective date" above. Continued use of Nudge after changes take effect constitutes acceptance of the revised policy.

Contact

Questions or requests about this Privacy Policy? Email gv88999@gmail.com.

隱私權政策（繁體中文摘要）

生效日期：2026 年 5 月 1 日

Nudge 是一款每日任務管理工具。本政策說明我們收集哪些資訊、如何使用、如何保護，以及你擁有的選擇。

我們收集的資訊

• Google 帳號資訊（姓名、email、頭像）— 用於建立與識別 Nudge 帳號
• 你在 Nudge 內建立的任務、日誌、卡片、標籤內容
• 若你選擇連結 Google Calendar，我們會以 calendar.readonly 權限讀取當日/當週事件顯示在任務頁面。我們不會修改、建立、刪除或匯出任何日曆資料。

Google 使用者資料的使用方式

Nudge 使用 Google API 所取得的使用者資料完全遵守 Google API Services User Data Policy，包含 Limited Use 條款。

• 日曆事件僅於你開啟任務頁面時即時取得，讀取顯示日期範圍內的事件
• 事件內容不會寫入我們的資料庫，也不會被記錄到日誌
• Google 使用者資料絕不用於廣告、出售、或訓練機器學習模型
• 僅用於使用者自己看到的「今日行事曆」面板功能

儲存與保護

• Google OAuth access / refresh token 使用 AES-256-GCM 加密後才寫入資料庫
• DB 連線使用 TLS，應用流量使用 HTTPS
• 我們不保留 Google Calendar 事件內容在伺服器上，只有加密後的 token 以便下次代為請求

你的權利

• 中斷 Google Calendar 連結：設定 → 行事曆 → 中斷連結，會立即從資料庫清掉 token
• 直接從 Google 撤銷授權：https://myaccount.google.com/permissions
• 刪除帳號：寄信到 gv88999@gmail.com，我們將於 30 天內永久刪除你的帳號及所有相關資料
• 取得資料副本：寄信到上述 email 索取

聯絡我們

關於本政策的任何問題，請寄信到 gv88999@gmail.com。