Plain-English summary: Nudgio collects your email to create an account, and the study data you generate (review scores, syllabus coverage) to run the spaced-repetition engine. We do not read your LLM chat history, track your browsing, or sell your data to anyone. Everything lives on AWS servers in London.
The Nudgio service is operated by ATech Adv Ltd, a company registered in England and Wales.
Contact: privacy@nudgio.co — we aim to respond within 30 days.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the Data Protection Act 2018.
Nudgio is a revision tool for GCSE, A-Level, and university students. It:
What Nudgio does not do:
| Category | What exactly | Why we need it |
|---|---|---|
| Account data | Email address; optional display name; authentication token (issued by us, stored locally in your browser) | To create your account, verify your identity via one-time code, and keep you signed in |
| Saved chat content | The LLM's response to the rating prompt injected at End | Rate, read solely to extract the numeric score (1–5) you provide | To extract key concepts and map them to your syllabus for the review queue |
| Study data | Syllabus selections; topics practised; self-assessment scores (1–5); session timestamps; derived coverage and mastery scores | To calculate your spaced-repetition schedule and show your syllabus progress |
| Idle signal | A coarse active/idle flag indicating whether you have been inactive on an LLM page — not what you typed, just whether activity occurred | To decide when to surface a review prompt without interrupting active work; processed locally, only the outcome (idle or not) is used |
| Server logs | IP address, request timestamps, HTTP status codes, error details | Security, fraud prevention, and debugging; retained for 30 days then deleted |
We use your data solely to provide and improve the Nudgio study experience:
We do not use your data for advertising, profiling for commercial purposes, or any purpose other than delivering the Nudgio service.
| Processing purpose | Legal basis |
|---|---|
| Creating and maintaining your account | Contract (Art. 6(1)(b)) — necessary to provide the service you signed up for |
| Running the spaced-repetition engine (storing ratings, scheduling reviews, tracking coverage) | Contract (Art. 6(1)(b)) |
| Sending one-time sign-in codes | Contract (Art. 6(1)(b)) |
| Processing saved chat content via LLM API for concept extraction | Contract (Art. 6(1)(b)) |
| Server logging for security and debugging | Legitimate interests (Art. 6(1)(f)) — keeping the service safe and functioning; we balance this against your privacy interests and retain logs for only 30 days |
| Responding to your data-rights requests | Legal obligation (Art. 6(1)(c)) under UK/EU GDPR |
We do not rely on consent for any core processing because we do not run analytics, advertising, or third-party tracking. If we add anything requiring consent in the future, we will ask you explicitly first.
Server-side data (account info, saved chats, review records, syllabus progress) is stored on AWS infrastructure in the eu-west-2 (London) region. Data is encrypted at rest and transmitted over HTTPS (TLS 1.2+). AWS acts as our data processor under a Data Processing Agreement and is UK/EU GDPR-compliant. Your data does not leave the UK in the normal course of providing the service.
Client-side data (authentication token, cached review items) is stored in chrome.storage.local — sandboxed to the Nudgio extension and not accessible by websites or other extensions.
We share your data only with service providers strictly necessary to run Nudgio:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, content delivery, and transactional email (sign-in codes) | eu-west-2, London |
| Google / OpenAI (LLM API) | Concept extraction from saved chat content. Only the saved chat text you explicitly choose to save is sent. We use these APIs under their respective data processing agreements; they do not retain or train on your data under standard API terms. | Varies (US-based); processed under SCCs / adequacy decisions |
We do not sell data, share with advertisers, or transfer data to any other third party. If we are ever legally compelled to disclose data (e.g. by court order), we will notify you unless legally prohibited.
| Data type | Retention period |
|---|---|
| Account data (email, display name) | While your account is active; deleted within 3 months of account deletion or 12 months of inactivity (no logins) |
| Saved chat content, review history, coverage scores | While your account is active; deleted within 3 months of account deletion |
| Server logs (IP, timestamps, errors) | 30 days |
| Authentication tokens | Until you log out, the token expires naturally, or you delete your account |
When you request account deletion, we begin erasure immediately and complete it within 3 months. The window allows for backup rotation and dispute resolution; after that point, no personal data tied to you remains in our systems.
Under UK/EU GDPR, you have the following rights regarding your personal data. To exercise any right, email privacy@nudgio.co. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice).
You can also control your data directly:
The Nudgio Chrome extension declares the following permissions. Each one is required to deliver core functionality — we do not request any permission we do not use.
| Permission | Why it is needed |
|---|---|
| activeTab | To insert a practice prompt into the chat input when the user clicks Start, and to insert a rating prompt and read the numeric score from the LLM's response when the user clicks End | Rate. The extension only accesses the active tab in direct response to these two user actions. |
| storage | To store your authentication token and cache the next batch of due review items in chrome.storage.local on your device, enabling the extension to work briefly if the network is unavailable. |
| alarms | To periodically check (every 5 minutes) whether you are idle on a supported LLM page and whether any reviews are due, enabling timely but non-intrusive review prompts. |
| sidePanel | To display the Nudgio dashboard (review queue, syllabus tracker, focus tools) in Chrome's native side panel, so it stays open alongside your LLM chat without requiring a separate tab. |
| scripting | To programmatically inject content scripts into supported LLM pages when needed (e.g. after an extension update resets static injection). This is used only on the four explicitly listed host domains. |
| Host access: chatgpt.com, chat.openai.com, claude.ai, gemini.google.com | Content scripts run only on these four domains to: (1) detect whether you are idle, (2) scrape the visible chat messages you choose to save, and (3) inject review prompts into the chat input. The extension does not access any other websites. These specific domains are the only AI chat interfaces Nudgio currently supports. |
Nudgio is designed for students aged 13 and over. We follow the ICO's Age Appropriate Design Code (Children's Code) for users under 18:
If you are under 13, please do not use Nudgio. If we learn we have collected data from a child under 13 without appropriate consent, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with data, contact privacy@nudgio.co and we will act immediately.
We protect your data with:
No system is perfectly secure. If we ever experience a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify you directly without undue delay, as required by UK/EU GDPR Article 33.
The Nudgio Chrome extension does not use cookies. It uses Chrome's chrome.storage.local API to store your auth token and UI preferences locally on your device. No data is sent to third parties via storage.
The Nudgio website (nudgio.co) does not use analytics or advertising cookies. Any essential storage (e.g. form state) is kept in your browser's local storage and is not shared with third parties.
If we make material changes to this policy, we will notify you via the extension UI and/or by email at least 14 days before the change takes effect. Minor changes (clarifications, updated contact details) will be reflected in the "Last updated" date at the top of this page without separate notice.
The current version of this policy always lives at nudgio.co/privacypolicy.html.
For any privacy question, data request, or concern:
Email: privacy@nudgio.co
Operated by: ATech Adv Ltd
If you are unhappy with how we handle your data, you have the right to complain to a supervisory authority. We would appreciate the chance to resolve your concern directly first — please contact us before complaining if you can.