Privacy Policy
Last updated: February 2025
BundleNudge ("we," "us," or "our") is operated by BundleNudge AB, a company registered in Sweden (org.nr: [YOUR ORG NUMBER]), with its registered address at [Your Address].
We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
1. Data Controller
For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is:
BundleNudge AB
[Your Address]
[City, Postal Code]
Sweden
Email: privacy@bundlenudge.com
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, and password when you create an account
- Billing Information: Payment details processed securely by Stripe (we do not store full card numbers)
- Profile Information: Company name, job title, and profile picture (optional)
- Communications: Messages you send us via email or support channels
2.2 Information Collected Automatically
- Usage Data: Features used, updates published, API calls made
- Device Information: Browser type, operating system, IP address
- Log Data: Access times, pages viewed, errors encountered
- Cookies: See our Cookie Policy for details
2.3 Information From Your Apps
When you use BundleNudge to deliver updates to your end users:
- Update Metrics: Number of downloads, update success/failure rates
- Device Identifiers: Anonymous device IDs to track unique installations (MAU)
- App Version Data: Which versions of your app are running
Important: We do not collect personal data from your end users. Device identifiers are anonymous and cannot be used to identify individuals.
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the service | Performance of contract |
| Process payments and billing | Performance of contract |
| Send service-related communications | Performance of contract |
| Provide customer support | Legitimate interest |
| Analyze usage and improve the service | Legitimate interest |
| Detect and prevent fraud or abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Send marketing communications (with consent) | Consent |
4. Data Sharing and Disclosure
We share your data with the following categories of recipients:
4.1 Service Providers (Subprocessors)
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA (EU-US DPF certified) |
| Cloudflare (R2) | Data storage and CDN | Global (EU data residency available) |
| Fly.io | Application hosting | EU/Global |
| Resend | Transactional emails | USA (EU-US DPF certified) |
All subprocessors are bound by data processing agreements that ensure GDPR compliance.
4.2 Other Disclosures
We may disclose your information:
- To comply with legal obligations or valid legal processes
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets (with notice)
- With your consent
We do not sell your personal data to third parties.
5. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework certification (for US providers)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
6. Data Retention
We retain your data for as long as necessary to provide the service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days |
| Billing records | 7 years (Swedish accounting law) |
| Usage logs | 90 days |
| Support communications | 2 years |
| Update/deployment data | Duration of account + 30 days |
After the retention period, data is securely deleted or anonymized.
7. Your Rights (GDPR)
As an EU resident, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for marketing at any time
To exercise these rights, contact us at privacy@bundlenudge.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at www.imy.se.
8. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
- Incident response procedures
See our Security Policy for more details.
9. Children's Privacy
BundleNudge is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy on our website
- Sending an email to your registered address
- Displaying a notice in the dashboard
Your continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: privacy@bundlenudge.com
Address: BundleNudge AB, [Your Address], [City], Sweden
For data protection inquiries, you may also contact our Data Protection contact at the same address.