Nugget Newsletter — Privacy Policy

Effective date: September 28, 2025
Entity: Nugget Newsletter, a Milwaukee Wisconsin company ("Company," "we," "us").
Service: Nugget, a personalized, AI‑curated newsletter and insights service (the "Service").
Contact: [samuel.hodge@nuggetnewsletter.com] • [1635 N Water Street APT 613 Milwaukee Wisconsin 53202]

Summary: We collect account and usage information to run Nugget, personalize your newsletters, improve the Service, and (with your consent) send marketing communications. We do not sell personal information. We may share identifiers and internet activity with analytics/advertising partners for measurement and interest‑based advertising unless you opt out. You can manage preferences anytime and may exercise rights depending on where you live (e.g., CPRA in California; GDPR/UK GDPR in the EEA/UK). We honor Global Privacy Control (GPC) signals for opt‑out where required.

1) Scope

This Policy explains how we collect, use, disclose, and protect information about users of the Service. It applies to information we collect online (website, app, emails) and offline (if any). It does not apply to third‑party sites/services linked from the Service.

2) Personal Information We Collect

We collect the following categories of personal information ("PI"). Examples vary by your use of the Service.

Identifiers & contact data — name, email address, phone number (if you opt in to SMS), account IDs, and similar identifiers.
Commercial & subscription data — plan type, purchase history, trial status, promotions, coupon use.
Payment data — billing address, last four digits/brand/expiry (tokenized via our payment processor). We do not store full card numbers.
Profile & preferences — topics/tags, content categories, questionnaire responses, time zone, language, notification preferences.
Internet or network activity — device type, operating system, browser, IP address, unique identifiers, pages viewed, referring/exit pages, timestamps, newsletter open/click events, and similar usage data.
Approximate location — derived from IP address or user input (e.g., city/state/country).
Inferences — audience segments, content affinities, and personalization signals derived from other data.
User content — prompts, notes, feedback, and communications you send us.
Support records — messages, tickets, and related metadata.
Social/login data (optional) — if you use a social login, we receive your basic profile and an identifier from that provider.

We may de‑identify or aggregate data and use it for any purpose. We do not attempt to re‑identify de‑identified data except to test our processes.

3) Sources of PI

• Directly from you (account creation, forms, surveys, emails).

• Automatically from your devices and our emails (cookies, pixels, SDKs, server logs).

• From service providers and partners (payment processors, analytics, referral/affiliates).

• From publicly available sources where permitted.

4) How We Use PI

We use PI to:

• Provide, operate, maintain, and secure the Service.

• Personalize content and recommendations (including AI‑assisted summaries).

• Process transactions, payments, and account management.

• Communicate with you about the Service (transactional) and, with consent where required, send marketing communications.

• Measure performance (deliverability, opens, clicks), debug issues, and improve features.

• Detect, investigate, and prevent fraud, abuse, and security incidents.

• Comply with law, enforce terms, and protect rights.

AI processing. We may use third‑party AI/ML tools to generate summaries or recommendations. We instruct vendors to process PI only to perform services for us and not to train models on your data without our authorization. You can contact us to opt out of the use of your data to improve our models where applicable.

5) Legal Bases (EEA/UK only)

Where GDPR/UK GDPR applies, our legal bases include: Contract (to provide the Service); Legitimate interests (to secure and improve the Service, prevent fraud, and personalize within reasonable expectations); Consent (for marketing/SMS, certain analytics/ads, and cookies where required); and Legal obligation (record‑keeping, compliance requests).

6) Disclosures of PI

We disclose PI to:

• Service providers that process PI under contract (hosting, email delivery, analytics, customer support, payment processing).

• Analytics/advertising partners for measurement and interest‑based advertising (online identifiers, device data, internet activity, inferences). Where required, this is considered a "sale" or "sharing" of PI; you can opt out.

• Business transfers (merger, acquisition, financing, or sale of assets).

• Legal & safety purposes (to comply with law, respond to lawful requests, or protect rights, safety, and property).

• With your direction or consent.

We do not sell PI for money. We may share PI for cross‑context behavioral advertising or targeted ads as defined by certain U.S. state laws unless you opt out.

7) Cookies & Tracking

We and our partners use cookies, pixels, local storage, and similar technologies to operate the Service, remember preferences, prevent fraud, measure performance, and deliver/measure ads. You can manage preferences through our Cookie Banner/Settings and, where applicable, by enabling Global Privacy Control (GPC) in your browser; when we detect a valid GPC signal we treat it as an opt‑out of sale/share for that browser.

8) Your Choices

• Marketing emails. Click "unsubscribe" in any marketing email or adjust settings in your account. Transactional emails will still be sent.

• SMS. You can opt out by replying STOP or via settings. Message/data rates may apply.

• Cookies/ads. Use our Cookie Settings, your browser settings, and, where available, platform‑level ad settings.

9) Data Retention

We retain PI for as long as needed to provide the Service and for legitimate business or legal purposes (e.g., accounting, security, dispute resolution). When retention is no longer necessary, we delete or de-identify the data per our retention schedules.

10) Security

We use administrative, technical, and physical safeguards appropriate to the nature of the PI we process. No method of transmission or storage is 100% secure; you use the Service at your own risk. Promptly notify us of any suspected security incident.

11) Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect PI from them. If you believe a child under 13 provided PI, contact us to remove it. If you are between 13 and 16, do not opt in to sales/sharing of PI without consent where required by law.

12) International Data Transfers

We may transfer, store, and process your PI in countries other than where you live (including the United States). Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and rely on adequacy decisions.

13) Your Rights

Your rights vary by region and may include:

• Access, correction, deletion, and portability of your PI.

• Opt‑out of targeted advertising, sale, or profiling for significant effects (certain U.S. states).

• Restriction and objection (EEA/UK).

• Withdraw consent at any time where processing is based on consent.

• Appeal a denied request (certain U.S. states).

You (or your authorized agent) can submit requests at [samuel.hodge@nuggetnewsletter.com]. We will verify your identity and respond within the timeframe required by law. We will not discriminate against you for exercising your rights.

14) California (CPRA) Disclosures

Notice at Collection. We collect the categories listed in Section 2 for the purposes in Section 4. We disclose them to the parties in Section 6. We retain PI as described in Section 9. We do not collect or process sensitive PI for the purpose of inferring characteristics.
Sale/Share. We do not sell PI for money. We may share identifiers, internet activity, and inferences with advertising partners for cross‑context behavioral advertising; you may opt out via “Do Not Sell or Share My Personal Information” and through GPC.
Rights. California residents have rights to know/access, delete, correct, and opt out of sale/share, and to limit use/disclosure of sensitive PI where applicable.

15) Third‑Party Sites & Services

We are not responsible for the privacy practices of third‑party sites/services linked from the Service. Review their policies separately.

16) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you (e.g., by email or an in‑Service notice) and update the Effective Date. Your continued use after the update becomes effective means you accept the revised Policy.

17) Contact Us

[Nugget Newsletter]
Attn: Samuel Hodge
[1635 N Water Street APT 613 Milwaukee Wisconsin 53202]
Email: [samuel.hodge@nuggetnewsletter.com]

Appendix A — CPRA “Notice at Collection” (Summary)