Home
Privacy Policy
Contact Us
Sign Up
Log In

Privacy Policy

Child-Safety-Standards
Privacy

Privacy Policy (NudgNudg)

Privacy Policy (NudgNudg)

Last updated: 23 September 2025

Controller (GDPR Art. 4(7))
James Cullen, trading as Ravenwood-Labs
User support: support@nudgnudg.com

Authorities (DSA) contact (DE/EN): support@ravenwood-labs.com

This policy applies to nudgnudg.com (web) and our Android app (iOS to follow).

1) Overview & purposes

We process personal data to provide a dating service. Key purposes:

Account & contract (registration, authentication, subscription management)

Matching & communication (profiles, category grids, likes, messages, video calls)

Safety & abuse prevention (spam/scam detection, reporting, blocks, enforcement)

Payments & administration (Stripe for web; Google Play Billing for Android)

Operation & improvement (reliability, performance; optional analytics)

Legal & DSA workflows (notice-and-action, regulator contact)

2) Legal bases (GDPR Art. 6) & special-category data (Art. 9)

Contract (Art. 6(1)(b)): providing the core service (profiles, likes, messages, video calls), account servicing, subscriptions.

Legitimate interests (Art. 6(1)(f)): security, fraud prevention, abuse mitigation, service improvement (we balance interests and minimize data).

Consent (Art. 6(1)(a)): optional analytics/marketing on the website, location sharing, device permissions (camera/mic) for video calls.

Special-category data (Art. 9 GDPR). From profiles and interactions, inferences about sexual orientation/sex life may arise. For EEA/UK users we obtain explicit consent under Art. 9(2)(a) (via a separate checkbox) before enabling dating features. You can withdraw at any time (see Section 10).

3) Categories of data (non-exhaustive)

Account/profile: email, display name, photos/albums, age; optional attributes (height, gender, relationship status, hobbies, bio), grid visibility/“Incognito”, video-call opt-in.

Location: approximate or precise (user-controlled).

Interactions: likes, matches; messages/media (including “disappearing” messages viewable once), timestamps, sender/recipient.

Subscription/billing (metadata): plan, status, source (Stripe or Play), term (we do not store full payment card data).

Usage/technical: device and browser info, log events, lastActive.

Reports/moderation: reports, blocks, action history and reasons.

Contact/support: emails, tickets, information submitted via forms (including /report).

4) Sources

Data comes directly from you (registration, profile, messages), is generated by your use (logs), or is received from payment platforms (Stripe web; Google Play Billing for Android purchases).

5) Recipients / processors

We use trusted providers under data processing agreements (Art. 28 GDPR), with sub-processors controlled:

Google/Firebase: Authentication, Firestore, Storage, Functions; optional Firebase/GA4 Analytics; Crash/Performance telemetry.

Stripe (web): subscription management, billing, fraud prevention.

Google Play Billing (Android): in-app subscriptions.

Email/notifications: transactional and service emails (SMTP or email service).

CDN/hosting/logging: secure delivery and error analysis.

6) International transfers

Where data is transferred to third countries (e.g., the USA) in connection with Google/Firebase or Stripe, we rely on Standard Contractual Clauses (SCCs) plus supplementary safeguards (TLS in transit, encryption at rest with providers, role-based access, minimization). We maintain a Transfer Impact Assessment (TIA).

7) Retention (summary plan)

Account/profile: while you use the service; after account deletion we generally remove active copies within 30–90 days; backups rotate on schedule.

Chats/media: according to account status; “disappearing” messages are designed for one-time viewing (short-lived technical traces may persist briefly).

Reports/moderation: typically 6–12 months after a case closes.

Billing/tax records: usually 10 years (legal obligation).

Security/logs: short- to medium-term, purpose-bound (e.g., 30–180 days).

We delete or anonymize when purposes end, subject to legal obligations.

8) Communications & DSA notice-and-action

User contact: support@nudgnudg.com

Authorities/regulators (DSA Art. 11, DE/EN): support@ravenwood-labs.com

Illegal-content or policy-breach reports (DSA Art. 16): via /report (form or email).
If we take action, affected users receive a statement of reasons; an internal complaint channel is available via email.

9) Cookies & tracking (website)

We use cookies, local storage, and SDKs.

Legal framework: Germany’s TDDDG §25 (formerly TTDSG) and the GDPR. Non-essential cookies/tags (e.g., analytics/marketing) are set only with your consent.

Categories

Necessary (no consent): security, login, payments (Stripe), consent storage, core WP/Elementor functions.

Functional/protection (consent where not strictly necessary): e.g., reCAPTCHA.

Analytics/performance (consent): e.g., Google Analytics 4 / Firebase Analytics.

Marketing/attribution (consent): e.g., Google Tag Manager / Ads.

Consent management platform (CMP): On first visit we show a banner with “Reject all / Settings / Accept all”. Non-essential tags are blocked until you choose.

Change choices / withdraw: The “Cookie settings” link in the footer opens the CMP at any time. We keep a consent record (timestamp, categories/vendor choices, policy version, and—where used—the IAB TC string under TCF v2.2).

10) Your rights (GDPR Arts. 12–22, 77)

You can exercise your rights to access, rectify, erase, restrict, port, and object (where applicable).
You can withdraw consent (Art. 7(3)) at any time, without affecting prior processing:

via email to support@nudgnudg.com
, and

(as available) in-app under Settings → Privacy & Consents.

You can lodge a complaint with a supervisory authority, e.g., the LDI NRW in Germany. We aim to respond within one month (extendable by up to two months for complex requests; we’ll notify you).

11) Children

The service is for adults (18+) only. We prohibit any content involving minors and promptly suspend reported accounts.

12) Security

Transport-layer encryption (TLS), provider-side encryption at rest, role-based access, logging/monitoring, Firebase Security Rules, secrets management, data-minimization and least-privilege. We review security measures on an ongoing basis.

13) Changes to this policy

We update this policy when our processing or legal requirements change. The latest version is available at /privacy-policy; we provide notice of material changes in a suitable form.

14) Contact

Support: support@nudgnudg.com

Authorities/regulators (DE/EN): support@ravenwood-labs.com