🔒
Anonymous signals only
We see root domains and trust scores — never your URLs, searches, or page contents.
🧠
On-device first
Scoring runs locally. AI is only used for unknown pages — capped at 8 calls per day, per user.
🚫
Never sold. Ever.
No ads, no third-party trackers, no data brokers. Nudge is free because it's lean — not because you're the product.

The short version.

Nudge is a free browser extension for Chrome and Firefox that gives you real-time trust scores on websites, flags scams and phishing, scans links inside Gmail and Outlook, and adds trust indicators to your Google search results.

To do that well, Nudge needs to know one thing about each page you visit: the root domain. That's it. We don't need — and don't want — anything else.

This policy applies to the Nudge browser extension and the website at bynudge.com. If anything here is unclear, email us at hello@bynudge.com and we'll explain in plain English.

What we collect — and what we never touch.

We've split this into two columns so there's no ambiguity. The left side is everything that ever leaves your device. The right side is everything Nudge could technically see but deliberately does not collect.

What we collect
  • Root domain only. e.g. example.com — never the full URL, never query parameters.
  • Page type signal. A coarse label like "shopping", "email", "search results", or "article".
  • Trust score. The numeric score (0–100) Nudge calculated for that domain.
  • Timestamp. When the score was generated, in coarse precision.
  • Anonymous extension ID. A randomly generated identifier so we can enforce daily AI call limits. Not tied to you.
What we never collect
  • Browsing history. No log of what you visited, in what order, or when.
  • Full URLs or query strings. Just the root domain, never the path.
  • Email content. We scan link domains inside Gmail/Outlook — never message text, subjects, or attachments.
  • Search queries. We annotate search results, but your queries stay on Google.
  • Passwords, form data, or keystrokes. Never read. Never stored.
  • Personal info. No name, email, IP, location, device fingerprint, or account.
  • Cookies or third-party trackers. Nudge ships none and embeds none.

How AI fits in.

Most of Nudge's work happens on your device. When you load a page, the extension first checks the root domain against our offline database of 1.1 million+ verified domains and known scam patterns. For the vast majority of sites, that's the whole process — no network call, no AI, nothing leaves your browser.

When AI is used

If you land on a page Nudge has never seen before — an unknown domain with no cached score — we may send the root domain and a coarse page-type signal to our AI scoring service, which runs on Anthropic's Claude Haiku model. The AI returns a trust score. That's the entire exchange.

What's sent to the AI

  • The root domain (e.g. example.com).
  • The page-type label (e.g. "shopping", "email", "article").

What's never sent to the AI

  • Page contents, HTML, or text.
  • The full URL or any query parameters.
  • Anything you typed, selected, or clicked.
  • Anything that could identify you.

The 8-call daily cap

Each anonymous extension ID is limited to 8 AI scoring calls per day. This keeps Nudge fast, free, and minimal — and it caps the total amount of even-anonymous data that can flow out of your browser in any 24-hour period. Once you hit the cap, Nudge falls back to cached scores and on-device heuristics for the rest of the day.

How long we keep things.

We're deliberately stingy about storage. The less we keep, the less there is to worry about.

  • Anonymous domain + score records: retained for up to 90 days in aggregate form, used to improve our trust database. After that, individual records are deleted; only the resulting aggregate score for each domain is kept.
  • Anonymous extension ID + daily call count: reset every 24 hours. We do not maintain long-term logs tied to your extension ID.
  • Local data on your device: the extension caches recent scores in your browser's local storage so it can work offline. You can clear this at any time by uninstalling the extension or clearing your browser's extension storage.
  • Server logs: standard operational logs (timestamps, request counts, error rates) are kept for up to 30 days for debugging and abuse prevention, then deleted.

Who else sees this data?

Nobody. We do not sell, rent, trade, or share Nudge data with advertisers, data brokers, analytics companies, or anyone else.

The only third party in the loop is Anthropic, which hosts the Claude Haiku model we use for scoring unknown domains. Anthropic processes the inputs we send (root domain + page-type label) to return a score. Under Anthropic's API terms, this data is not used to train their models.

We may disclose data only if compelled by valid legal process — but since we don't collect anything that identifies you, there is effectively nothing personal to hand over.

What you can do.

Because Nudge doesn't tie data to your identity, traditional data-subject requests don't quite map onto how it works — but here's what's in your hands:

  • Uninstall at any time. Removing the extension stops all data flow immediately and clears all local Nudge data from your browser.
  • Clear local cache. In your browser's extension settings, you can wipe Nudge's local storage without uninstalling.
  • Opt out of AI scoring. In the Nudge settings panel, you can disable AI fallback entirely. Nudge will then only use on-device scoring and our offline database.
  • Request deletion. If you believe data tied to you is somehow held by us, email hello@bynudge.com and we'll investigate and delete anything we find.
  • Ask us anything. Same email. We respond to every privacy question we get.

Users in jurisdictions with stronger privacy laws (GDPR, CCPA, UK GDPR, and similar) have the right to access, correct, delete, or restrict processing of their data. We comply with these requests regardless of where you live.

Why the extension asks for what it asks for.

When you install Nudge, your browser will list the permissions it requires. Here's what each one is actually used for:

  • Access to website data: needed to read the domain of the page you're on so we can show its trust score. We read the domain — not the page contents.
  • Access to Gmail and Outlook tabs: needed to find link domains inside emails and label them. We do not read message text, subjects, senders, or attachments.
  • Access to Google search result pages: needed to add trust indicators next to result links. We read the link domains; we do not read your query.
  • Local storage: needed to cache scores so the extension is fast and works offline.

Children's privacy.

Nudge is not directed at children under 13. We do not knowingly collect data from anyone — but if you believe a child has somehow generated identifiable data through the extension, contact us and we'll delete it.

If this policy changes.

If we change anything material — what we collect, how we use it, who sees it — we'll update the "Last updated" date at the top of this page and post a notice in the extension itself. We won't quietly broaden the data we collect.

Got a privacy question?

Email a human. We answer every message — usually within a day or two.

Privacy contact
hello@bynudge.com

Protection that respects you.

If a privacy policy this short makes sense to you, you'll like the extension even more.