Nudge is built to protect you without watching you. No browsing history. No personal data. No tracking. No ads. This page explains exactly how that works.
Nudge is a free browser extension for Chrome and Firefox that gives you real-time trust scores on websites, flags scams and phishing, scans links inside Gmail and Outlook, and adds trust indicators to your Google search results.
To do that well, Nudge needs to know one thing about each page you visit: the root domain. That's it. We don't need — and don't want — anything else.
This policy applies to the Nudge browser extension and the website at bynudge.com. If anything here is unclear, email us at hello@bynudge.com and we'll explain in plain English.
We've split this into two columns so there's no ambiguity. The left side is everything that ever leaves your device. The right side is everything Nudge could technically see but deliberately does not collect.
Most of Nudge's work happens on your device. When you load a page, the extension first checks the root domain against our offline database of 1.1 million+ verified domains and known scam patterns. For the vast majority of sites, that's the whole process — no network call, no AI, nothing leaves your browser.
If you land on a page Nudge has never seen before — an unknown domain with no cached score — we may send the root domain and a coarse page-type signal to our AI scoring service, which runs on Anthropic's Claude Haiku model. The AI returns a trust score. That's the entire exchange.
Each anonymous extension ID is limited to 8 AI scoring calls per day. This keeps Nudge fast, free, and minimal — and it caps the total amount of even-anonymous data that can flow out of your browser in any 24-hour period. Once you hit the cap, Nudge falls back to cached scores and on-device heuristics for the rest of the day.
We're deliberately stingy about storage. The less we keep, the less there is to worry about.
Nobody. We do not sell, rent, trade, or share Nudge data with advertisers, data brokers, analytics companies, or anyone else.
The only third party in the loop is Anthropic, which hosts the Claude Haiku model we use for scoring unknown domains. Anthropic processes the inputs we send (root domain + page-type label) to return a score. Under Anthropic's API terms, this data is not used to train their models.
We may disclose data only if compelled by valid legal process — but since we don't collect anything that identifies you, there is effectively nothing personal to hand over.
Nudge is free, and it always will be. To keep the lights on without selling ads or your data, we participate in affiliate marketing programs with some of the retailers and services we verify as safe.
When you visit a website that Nudge has independently verified as safe and you go on to make a purchase, we may earn a small commission from the retailer. This costs you nothing extra — the price you pay is the same as it would be without Nudge.
This is the part that matters most: affiliate relationships never influence trust scores. A site is only marked safe based on objective signals — domain age, certificate validity, scam-database matches, structural patterns, AI assessment of unknown domains, and the other criteria described elsewhere in this policy. Whether or not we have a commercial relationship with a retailer plays no role in whether it's flagged green, amber, or red.
If a site we have an affiliate relationship with starts showing signals of being unsafe, its score drops. If a site we have no commercial relationship with is genuinely trustworthy, it's marked safe. The two systems are completely separate, and the people building the trust engine don't have access to which partners are on the commercial list.
You can browse to any retailer directly without going through any Nudge surface, and no affiliate attribution will occur. Trust scoring works the same either way. We'd never penalize a site, or you, for taking that route.
Because Nudge doesn't tie data to your identity, traditional data-subject requests don't quite map onto how it works — but here's what's in your hands:
Users in jurisdictions with stronger privacy laws (GDPR, CCPA, UK GDPR, and similar) have the right to access, correct, delete, or restrict processing of their data. We comply with these requests regardless of where you live.
When you install Nudge, your browser will list the permissions it requires. Here's what each one is actually used for:
Nudge is not directed at children under 13. We do not knowingly collect data from anyone — but if you believe a child has somehow generated identifiable data through the extension, contact us and we'll delete it.
If we change anything material — what we collect, how we use it, who sees it — we'll update the "Last updated" date at the top of this page and post a notice in the extension itself. We won't quietly broaden the data we collect.
Email a human. We answer every message — usually within a day or two.
If a privacy policy this short makes sense to you, you'll like the extension even more.