This Policy explains what we collect, why we collect it, how we use it, with whom we share it, and your choices and rights. It applies to our website, apps, and related services (the "Services").

Account & Billing (Pro): email; payment/billing info handled by Stripe (we do not store full card numbers).

Usage: view/save counts, collection actions, feature interactions.

Technical: device/browser type, IP address (may be hashed or truncated), timestamps, basic event logs, cookies or similar.

Optional communications: your messages to us (support, feedback).

We do not seek sensitive data. Please don't submit it.

• Provide & secure the Services: account management, usage caps/fair-use, fraud/abuse prevention, troubleshooting.
• Improve & analyze: performance, A/B tests, product decisions, diagnostics.
• Communicate: transactional emails (receipts, notices), support replies, and—where permitted—NuggetsAI service updates.
• Compliance & enforcement: legal obligations, rights protection, and responding to lawful requests.

We process personal data on: contract (providing the Service), legitimate interests (security, analytics, improvement), consent (non-essential cookies/marketing where required), and legal obligation (tax, compliance).

We use essential cookies (security, session) and non-essential analytics. In the EU/EEA/UK, we show a consent banner for non-essential cookies; your choice is honored. You can manage cookies in your browser.

We share data with service providers that help us operate the Services, under contracts that limit their use:

• Hosting & delivery: e.g., Vercel.
• Database & auth: e.g., Supabase (PostgreSQL).
• Analytics: e.g., Google Analytics (basic usage metrics).
• Payments: Stripe (PCI-compliant).

We may disclose information if required by law, to protect rights and safety, or in a merger/transaction. We do not sell personal information.

Data may be processed in countries outside your own. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) with our processors.

We keep personal data only as long as necessary for the purposes above (e.g., account lifecycle, tax/compliance). When no longer needed, we delete or de-identify data consistent with our retention policies and legal obligations.

We use administrative, technical, and organizational measures appropriate to the risk (e.g., HTTPS/TLS, provider-level encryption at rest, access controls). No system is 100% secure; transmission is at your own risk.

Depending on your location, you may have rights to access, correct, delete, object/restrict, and port your personal data, and to withdraw consent where processing is based on consent. We aim to respond within 30 days.

Request via team@nuggetsai.com. We'll verify your identity before acting.

California/US state privacy: You may have rights to know, delete, correct, and to opt out of certain sharing. We do not sell personal information. If applicable, we honor Global Privacy Control signals where required by law.

The Services are not for children under 13 (or older where local law sets a higher age). If you believe a child provided data, contact team@nuggetsai.com and we will delete it.

The Services may link to third-party sites/services. Their privacy practices are their own; review their policies.

We may update this Policy; we'll post the new version with the "Last updated" date. Material changes may be notified in-app or by email.