Privacy Policy

Last updated: 22 May 2026

1. What we collect

When you use NudgeHost, we collect:

  • Account data: email address, optional name, hashed password.
  • Uploaded files: the content you upload for hosting, plus metadata like filename, size, and upload time.
  • Usage analytics: aggregated stats on which links are opened, when, and from roughly where (country level only). We do not record individual visitor IP addresses long-term.
  • Payment data: handled by Stripe. We never see or store your card number; we receive a token and the billing email.

2. How we use your data

We use your data to:

  • run the service (host files, generate links, render your dashboard)
  • send essential service emails (billing receipts, security alerts, breach notices)
  • improve the product based on aggregated usage patterns
  • comply with legal obligations

We do not sell your data, share it with advertisers, or use uploaded files to train AI models.

3. Cookies and analytics

We use Plausible Analyticsfor site usage stats. Plausible doesn't use cookies, doesn't track individuals across sites, and doesn't collect personally identifiable information.

We don't use Google Analytics. We don't run ad-tracking pixels (Meta, TikTok, Twitter, LinkedIn). The only cookies set on nudgehost.com are session cookies needed to keep you signed in.

4. Third-party services

NudgeHost runs on a small set of trusted services:

  • Cloudflare: CDN and DDoS protection. Cloudflare sees the IP addresses of visitors to your hosted files.
  • Stripe: payment processing for paid plans. Stripe holds your card data, not us.
  • Clerk: authentication and account management.
  • Plausible: privacy-respecting site analytics, as above.

Each of these has its own privacy practices. We pick partners that hold themselves to GDPR standards.

5. Data retention

  • Active accounts: we keep your data while your account is active.
  • Closed accounts: file content is deleted permanently 30 days after account closure.
  • Backups: we hold encrypted backups for up to 90 days for disaster recovery.
  • Billing records: retained for 6 years as required by UK tax law.
  • Analytics: aggregated analytics are retained indefinitely. Individual link-open events are deleted after 12 months.

6. Your rights under UK GDPR

If you're in the UK or EU, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and the personal data we hold (right to be forgotten)
  • Export your data in a portable format
  • Objectto processing for marketing (we don't do this, but the right exists)
  • Withdraw consent at any time where we rely on consent

To exercise any of these, email support@nudgehost.com. We'll respond within 30 days.

7. Children's privacy

NudgeHost isn't directed at children under 13. If we find we've collected data from someone under 13, we'll delete it. If you believe a child under 13 has signed up, please email us.

8. International transfers

NudgeHost is operated from the United Kingdom. Some of our service providers (Cloudflare, Stripe) operate globally. Data transfers outside the UK are protected by Standard Contractual Clauses or equivalent safeguards.

9. Security

We encrypt data in transit (TLS) and at rest. Passwords are hashed with bcrypt. We restrict internal access to user data and audit it regularly. No system is perfectly secure; we'll notify affected users within 72 hours of any confirmed breach involving personal data.

10. Changes to this policy

We may update this policy. Material changes are flagged by email to active accounts at least 14 days before they take effect.

11. Contact and supervisory authority

Privacy questions: support@nudgehost.com.

If you're in the UK and aren't satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. Visit ico.org.uk for details.