Nudgely

Security and data protection

Nudgely handles recurring task information, recipient email addresses and completion records. Security and responsible data handling are built into how the product operates.

Account security

Dashboard users sign in with email and password. Passwords are stored as hashed credentials. Email verification and password reset flows are supported. Sessions can be ended on sign-out, and disabled or banned accounts cannot sign in. Two-factor authentication is not offered today.

Access control

Company and team roles control who can manage nudges, billing and members. Application queries are scoped to the signed-in user’s organisation so tenant data stays separated. Operational audit logging supports day-to-day administration where implemented.

Recipient links

Recipients complete tasks through secure tokenised URLs scoped to the relevant occurrence. Links expire. Unsubscribe links are scoped per company. Recipients do not need a Nudgely account.

Data and files

The marketing site and application are served over HTTPS. Company logos and completion attachments are stored with Supabase Storage. Uploads accept supported image and PDF types within application size limits. Card payments are processed by Stripe rather than stored in the Nudgely application database. Task history retention follows the active plan.

Reliability and monitoring

Application errors can be monitored with Sentry. Bounce and complaint signals help suppress undeliverable addresses. Scheduled reminder jobs require an authorised secret. Product and marketing analytics run only after visitors consent where required.

Security questions

Nudgely is an early-stage SaaS platform and does not currently advertise formal SOC 2 or ISO 27001 certification. If your organisation has specific security or procurement requirements, contact us before subscribing.

To report a suspected security issue, email mark@nudgelyapp.com with “Security disclosure” in the subject line.