NudgeSign in →
Legal · Privacy

Privacy.

Last updated: July 3, 2026

Overview

Nudge Almanac ("Nudge", "we", "us") is a small business finance tracking application operated by Orynt Consulting. This privacy policy explains how we collect, use, and protect your information when you use nudgealmanac.com.

We built Nudge to help small business owners manage their finances clearly and simply. We take your privacy seriously and do not sell your data to anyone.

Information we collect

Account information — your username, email address, and hashed password when you create an account.

Business data — expenses, revenue, quotes, and receipts you enter into the app. This data belongs to you and is stored securely in our database.

Google Drive connection — if you choose to connect Google Drive, we store an OAuth refresh token that allows us to upload files to the specific folder you designate. We only access the files we create — we do not read, modify, or delete any other files in your Google Drive.

Usage data — basic server logs including IP addresses, browser type, and pages visited. We use this solely for security and debugging.

How we use your information

  • To provide and operate the Nudge Almanac service
  • To authenticate your identity and secure your account
  • To upload receipts and documents to your connected Google Drive folder
  • To send password reset emails when requested
  • To improve the application based on usage patterns

We do not use your financial data for advertising, analytics, or any purpose other than providing the service to you.

How Nudge uses Google user data

Nudge integrates with Google Drive so you can automatically file receipts and quote PDFs into folders in your own Drive. This section explains exactly how that works, in line with the Google API Services User Data Policy (including its Limited Use requirements) and the Google APIs Terms of Service.

Data accessed

When you connect Google Drive, Nudge requests only the following:

  • The drive.file OAuth scope — this grants access only to files and folders that Nudge itself creates. Nudge cannot see, list, or access any other file already in your Drive.
  • The basic Google Account profile information (your email address) needed to confirm which Google account you connected.

Nudge never requests broader Drive access, never browses your existing files or folders, and never accesses Gmail, Calendar, Contacts, or any other Google service.

Data usage

The Drive access granted to Nudge is used solely to:

  • Create folders inside the single Drive folder you choose, organized as Studio → Year → Category
  • Upload the receipt image, PDF, or quote document you attach in Nudge into that folder structure
  • Move a file to a different year/category folder if you later edit the date of the expense or quote it belongs to
  • Remove (trash) a file if you delete its receipt/PDF or the expense/quote record it belongs to
  • Let you open a file you've already uploaded, via a link back to it in Google Drive

We do not use Google user data for advertising, do not use it to train AI/ML models, and do not use it for any purpose beyond providing this file-organization feature to you.

Data sharing

We do not sell, rent, or share your Google user data (including OAuth tokens or any file contents) with any third party, advertiser, or data broker. Your Google OAuth tokens are used exclusively by Nudge's own backend servers to make authorized calls to the Google Drive API on your behalf. No Google user data is transmitted to any service other than Google's own APIs.

Data storage & protection

Your Google OAuth refresh and access tokens are stored in our PostgreSQL database (hosted on Neon, encrypted at rest by our hosting provider) and are never exposed to the browser, to client-side JavaScript, or to any other user of the app. Only our server-side application code can read them, and only to make the specific Drive API calls described above. All communication with Google's APIs happens over TLS-encrypted connections.

Data retention & deletion

We retain your Google OAuth tokens only for as long as your Drive connection stays active. You can disconnect Google Drive at any time from Settings → Integrations — doing so immediately deletes your stored OAuth tokens from our database. Files already uploaded to your Drive are your files, in your Drive; Nudge keeps no separate copy of them and disconnecting does not delete anything already in your Drive — that remains fully in your control. If you delete your Nudge account entirely, all associated data, including any stored Google tokens, is deleted within 30 days. You may also request immediate deletion at any time by emailing oryntconsulting@gmail.com.

Google Drive integration — summary

  • Only the drive.file scope — the minimum required to create files in your chosen folder
  • Never reads, modifies, or deletes files Nudge did not create
  • Never shares your Google Drive tokens with third parties
  • You can disconnect Google Drive at any time from Settings → Integrations

Data storage and security

Your data is stored in a PostgreSQL database hosted on Neon (neon.tech) in the United States. Passwords are hashed using PBKDF2 with SHA-256 — we never store passwords in plain text. All connections use TLS encryption in transit.

We retain your data for as long as your account is active. If you close your account, contact us and we will delete your data within 30 days.

Third-party services

We use the following third-party services to operate Nudge:

  • Neon — database hosting (neon.tech)
  • Vercel — application hosting (vercel.com)
  • Upstash — caching (upstash.com)
  • Resend — transactional email for password resets (resend.com)
  • Google Drive API — optional file storage when you connect your Drive

Each of these services has its own privacy policy. We only share the minimum data necessary for each service to function.

Your rights

You have the right to:

  • Access all data we hold about you
  • Export your data (use the Export buttons on each screen)
  • Correct inaccurate data
  • Delete your account and all associated data
  • Disconnect Google Drive at any time from Settings → Integrations

Cookies

Nudge uses a single session cookie (nudge_session) to keep you logged in. This is an httpOnly cookie and is not accessible to JavaScript. We do not use advertising cookies or third-party tracking.

Contact

Questions about this privacy policy? Contact us at oryntconsulting@gmail.com

Orynt Consulting
nudgealmanac.com