Privacy Policy
Last Updated: June 4, 2026 (v8)
This Privacy Policy describes how Nugget Technologies Incorporated, a Delaware corporation ("Company," "we," "us," or "our"), collects, uses, discloses, and handles information in connection with the Nugget application (the "Service"). This Privacy Policy is incorporated into and subject to our Terms of Service.
1. Information We Collect
1.1 Information You Provide
• Activation Information: Email address and invite code provided during activation. An authentication token is issued and stored locally on your device. Email addresses are used solely to issue activation tokens, communicate Service-related information, prevent abuse, and otherwise as described in this Privacy Policy. We do not sell or rent email addresses to third parties.
• API Keys and Credentials: If the Service requires you to provide your own API keys for any Third-Party Service, those keys are stored locally on your device using operating system security features.
• Session Planning Data: Context, agenda items, attached files, URLs, and other materials you upload or enter into the Service.
• Audio Data: Audio captured from your device's microphone and system audio during recorded sessions. Audio is streamed directly from your device to the transcription provider and does not transit through our servers.
• User Settings and Preferences: Configuration choices you make within the Service, such as a name for email sign-offs (if you choose to enter one) and feature settings.
• Custom Mode Content: Descriptions, reference URLs, compiled rules, configurations, and other content you create or provide when authoring Custom Modes. Custom Mode definitions are stored on our server infrastructure.
• Feedback and Communications: Any feedback, questions, or communications you send to us directly.
1.2 Information Generated by the Service
• Transcripts: Text transcriptions generated from audio by Third-Party transcription services. Stored locally on your device.
• AI-Generated Content: Coaching nudges, guidance cards, audits, summaries, email drafts, compiled Custom Mode rules, URL content summaries, and other outputs generated by AI models. To generate this content, transcript excerpts and session context are transmitted from your device through our server infrastructure to AI model providers. Our server relays these requests but is not designed to log, store, or retain the content. We do not use the content of these requests to train any model we own or control, and we use providers that we have configured or contracted to operate under terms that do not permit training on, or retention of, request content beyond what is necessary to return a response. These providers are independent third parties whose data practices we do not control. AI-generated outputs are stored locally on your device.
• Session Metadata: Timestamps, duration, speaker attribution data, and other technical metadata. Stored locally on your device.
1.3 Information Collected Automatically
• Installation Identifier: A persistent anonymous identifier (UUID) generated on first use of the Service. This identifier is used to associate usage metrics with an installation. It does not contain or link to your name, email, or other personally identifiable information. This identifier may constitute personal information under certain privacy laws (such as CCPA).
• Usage Metrics: If you have not opted out, anonymous usage metrics are collected, including feature usage events, session counts and durations, and general interaction patterns. Usage metrics do not include transcript content, nudge text, audit content, or any substantive session data. Metrics collection is enabled by default; you are presented with a disclosure on first use and may opt out by contacting us at howdy@nugget.rocks or through any opt-out mechanism provided in the Service.
• Device and Environment Information: Operating system, OS version, and application version.
• Error and Diagnostic Data: Crash reports, error logs, and performance data.
• Meeting Detection Data: The Service may scan window titles of active applications and active application processes on your device to detect whether a meeting application is active. This data is used solely for meeting detection, is processed locally, and is not stored or transmitted to our servers.
2. How We Use Your Information
We use the information we collect for the following purposes:
• Providing and Operating the Service: Processing audio, relaying AI requests through our server infrastructure, generating outputs, hosting and synchronizing Custom Modes, and enabling all features of the Service.
• Improving and Developing: Analyzing anonymous usage metrics to improve features, fix issues, and develop new functionality. We do not use transcript content, audio content, or AI request bodies to improve or develop the Service except through the De-Identified Data process described below.
• De-Identified Data: We may create de-identified, aggregated, or anonymized data from information we actually receive and hold (today, anonymous usage metrics, error and diagnostic data, and Custom Mode definitions, and not the content of your transcripts, audio, or AI requests, which is not retained on our servers). Such de-identified data may be used for any lawful commercial purpose, including improving the Service, training machine learning models, conducting research, developing new products, and providing data products to third parties. This is described more fully in Section 8.4 of our Terms of Service. You may opt out of the creation of de-identified data from your Content by contacting us at howdy@nugget.rocks, subject to any technical limitations.
• Communications: Responding to your inquiries and providing notices about the Service.
• Legal and Safety: Complying with legal obligations, enforcing our Terms, and protecting rights, property, or safety.
3. How Your Data is Processed and Stored
3.1 Data Storage
Session data — including transcripts, audits, nudges, guidance cards, and session metadata — is currently stored locally on your device. Custom Mode definitions are stored on our server infrastructure to enable sharing and synchronization. Anonymous usage metrics are transmitted to and stored on our server. Our data storage practices may evolve as the Service develops.
3.2 Data in Transit
The following data flows occur during normal use of the Service:
• Audio streams directly from your device to the transcription provider. Audio does not pass through our servers.
• AI requests containing transcript excerpts and session context are relayed through our server to AI model providers. Our server routes these requests but is not designed to log, store, or retain the content. We do not use the content of these requests to train any model we own or control, and we use providers that we have configured or contracted to operate under terms that do not permit training on, or retention of, request content beyond what is necessary to return a response. As described below, these providers are independent third parties whose data practices we do not control.
• Custom Mode compilation requests (containing your mode description and ingested URL summaries) are processed on our server and transmitted to AI model providers.
• Anonymous usage metrics (if not opted out) are transmitted to our server.
All data in transit is transmitted using encryption (TLS). We select Third-Party Service providers that we believe maintain reasonable data handling practices, but we do not control and are not responsible for the data handling, security, or retention practices of any Third-Party Service provider.
3.3 Data Retention
Session data stored locally on your device is retained until you delete it. Custom Mode definitions on our server are retained until you delete them or your access is terminated. Anonymous usage metrics and de-identified data may be retained indefinitely.
4. How We Share Your Information
We may share information in the following circumstances:
• Third-Party Service Providers: We transmit data to third-party transcription and AI providers as necessary to operate the Service, as described in Section 3.2.
• Custom Mode Sharing: If you choose to share a Custom Mode, the mode's headline metadata (name, emoji, one-liner) is accessible via a preview endpoint. Full rule content is accessible to users who subscribe. Your identity is not exposed unless you include identifying information in the mode content.
• De-Identified Data: We may share, license, sell, or otherwise commercialize de-identified data as described in Section 2.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect rights, property, or safety.
• Business Transfers: In connection with any merger, acquisition, reorganization, financing, or sale of all or substantially all of our assets, your information may be transferred to the acquiring or successor entity.
• With Your Consent: We may share information with your explicit consent for purposes not described in this Privacy Policy.
5. Data Security
We implement commercially reasonable security measures appropriate to the nature of the data we handle. These include encryption of data in transit, use of operating system security features for credential storage, and exclusion of the coaching overlay from screen capture to prevent session data from being visible during screen shares. No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your device.
6. Your Rights and Choices
• Data Access and Control: Session data is currently stored locally on your device. You have direct access to and control over this data, including the ability to delete sessions through the application.
• Custom Mode Control: You may edit, delete, or stop sharing any Custom Mode you have created at any time through the Service.
• Usage Metrics Opt-Out: You may opt out of anonymous usage metrics collection by contacting us at howdy@nugget.rocks or through any opt-out mechanism provided in the Service.
• De-Identified Data Opt-Out: You may opt out of the creation of de-identified data from your Content by contacting us at howdy@nugget.rocks, subject to any technical limitations.
• Data Deletion: You may contact us at howdy@nugget.rocks to request deletion of any data we hold about you on our servers (such as usage metrics, activation records, email addresses, or Custom Mode definitions). We will process such requests within a commercially reasonable timeframe.
7. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have certain rights under the California Consumer Privacy Act, as amended. These include the right to know what personal information we collect and how we use it, the right to request deletion of your personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, and the right to not be discriminated against for exercising your privacy rights. The persistent installation identifier described in Section 1.3 may constitute personal information under CCPA. We may create and commercialize de-identified data as described in this Privacy Policy. To exercise your rights, contact us at howdy@nugget.rocks or at Nugget Technologies Incorporated, 2810 N Church St STE 88415, Wilmington, DE 19802.
8. International Users
The Service is operated from the United States. If you access the Service from outside the United States, you understand and consent to the transfer and processing of your information in the United States and other jurisdictions, which may have different data protection laws than your jurisdiction. The transcription and AI model providers we use to operate the Service may process data (including transcript excerpts and session context transmitted for AI processing) on infrastructure located in the United States or in other countries, and those providers may be subject to the laws of the jurisdictions in which they operate. We will identify the categories of providers we use, and, where we maintain a current list of named providers, will make that list available on request or through the Service. You are responsible for determining whether your use of the Service, and the resulting processing of any Recorded Person's information by these providers, is consistent with the laws applicable to you and to those persons.
9. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will use commercially reasonable efforts to notify you of material changes through the Service or other available means. Your continued use of the Service after any such modification constitutes acceptance of the updated Privacy Policy.
11. Contact Us
If you have any questions regarding this Privacy Policy, please contact us at: howdy@nugget.rocks
The Service is operated by Nugget Technologies Incorporated, a Delaware corporation, which is the entity responsible for the processing of personal information described in this Privacy Policy. You may contact us at: Nugget Technologies Incorporated, 2810 N Church St STE 88415, Wilmington, DE 19802, or howdy@nugget.rocks.
See also the Terms of Service. Questions: howdy@nugget.rocks.