Back to Home

Privacy Policy – NudgeCheck

Last Updated: 6 March 2026

CVPK Digital Studio LLC ("Company", "we", "our", or "us") operates the NudgeCheck platform ("Service"), a WhatsApp-based check-in and client engagement tool for coaches, therapists, and wellness professionals.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our Service.

If you do not agree with this Policy, please do not use our Service.

1. Information We Collect

We collect only the data necessary to operate and deliver the Service.

1.1 Account Information

  • Name and email address (for account registration)
  • Login credentials (securely hashed)

1.2 Client Information

  • Client names and phone numbers (provided by coaches)
  • Check-in responses (text and voice messages)
  • Voice note transcriptions
  • AI-generated summaries of check-in sessions

1.3 WhatsApp Data

  • Message content sent and received via WhatsApp Business API
  • Message delivery status and timestamps
  • Voice notes and audio files (temporarily stored for transcription)

1.4 Payment Information

  • Payment details (processed securely by Stripe)
  • We do not store full credit card numbers or financial data on our servers.

1.5 Technical Information

  • IP address, browser type, device type, and usage timestamps
  • Anonymous logs for debugging and performance improvement

2. How We Use Information

We use your data to:

  • Facilitate WhatsApp-based check-ins between coaches and clients
  • Transcribe voice messages using AI (OpenAI Whisper)
  • Generate AI-powered summaries of check-in sessions
  • Schedule and send automated check-in reminders
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Improve our Service and AI models
  • Ensure compliance with applicable laws and our Terms of Service

We do not use client messages or health-related data for marketing or resale.

3. Legal Basis for Processing (GDPR)

If you are located in the EU or EEA, we process your data under the following lawful bases:

  • Contractual necessity – to deliver the check-in and messaging Service.
  • Legitimate interest – to improve the Service, ensure security, and prevent misuse.
  • Consent – when coaches add clients and clients respond to check-ins.
  • Legal obligation – for accounting and regulatory compliance.

You may withdraw consent at any time by contacting legal@cvpkdigitalstudio.com.

4. Sharing of Information

We share data only with trusted third-party providers required to operate the Service:

PurposeProviderLocation
Database & AuthSupabaseEU/US
MessagingMeta WhatsApp Business APIUS/EU
AI Transcription & SummariesOpenAIUS
Payment ProcessingStripeUS/EU
HostingVercel / Fly.ioUS/EU
AnalyticsGoogle Analytics 4US/EU

We do not sell or rent personal data to advertisers or third parties.

5. Data Retention

  • Check-in data and transcriptions are stored for up to 2 years or until account deletion.
  • Voice audio files are deleted within 30 days after transcription.
  • Payment data is retained for up to 7 years for legal and accounting obligations.
  • AI-generated summaries may be anonymized for service improvement.

You can request early deletion at any time by emailing legal@cvpkdigitalstudio.com.

6. Data Location and Transfers

Data may be stored and processed in the United States and European Union.

For transfers outside the EU/EEA, we rely on EU Standard Contractual Clauses (SCCs) to ensure adequate protection.

7. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (HTTPS / TLS 1.3)
  • Secure database access controls
  • Row-level security policies
  • Periodic security audits
  • Principle of least privilege for all internal access

No system is 100% secure, but we continuously review and update our protections.

8. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Withdraw consent for processing
  • Object to certain processing (e.g., marketing)
  • Request a copy of your data in portable format (data portability)
  • File a complaint with your local supervisory authority

Requests can be sent to legal@cvpkdigitalstudio.com.

We will respond within 30 days.

9. Cookies and Tracking

NudgeCheck uses the following cookies and analytics tools:

  • Google Analytics 4 — collects anonymized usage data (page views, session duration, device type) to help us improve the Service. Uses cookies (_ga, _ga_*) that expire after 13 months.
  • Vercel Analytics & SpeedInsights — privacy-friendly, cookie-free web analytics for performance monitoring.
  • Essential session cookies — used by Supabase Auth to maintain your login session. These are strictly necessary and do not require consent.

For visitors in the EU/EEA and UK, analytics cookies (Google Analytics) are only loaded after you give explicit consent via our cookie banner. If you decline, no analytics cookies are set. Visitors outside the EU/EEA see analytics loaded automatically.

We do not use advertising, retargeting, or third-party tracking cookies.

10. Children's Privacy

NudgeCheck is not directed at individuals under 18 years of age.

We do not knowingly collect data from minors.

11. Changes to this Policy

We may update this Privacy Policy periodically.

Material changes will be communicated via email or on our website, with an updated "Last Updated" date.

12. Contact Information

Data Controller:

CVPK Digital Studio LLC
3164 21st St #1098, Astoria, NY 11106, United States
Email: legal@cvpkdigitalstudio.com

N
NudgeCheck
PrivacyTermsContact

© 2026 NudgeCheck

Made with 💪 by Digital Kitchen