Privacy Policy

Last updated: 28th May 2026 at 20:40PM

This privacy policy explains how Nagged LTD ("we", "us", "our") collects, uses and protects your personal information when you use our website at nagged.ai or otherwise interact with our service.

We are committed to handling your data responsibly and giving you clear control over it.


1. Who we are

Nagged LTD is a private limited company registered in England and Wales.

We are the data controller for the personal information described in this policy.

2. What personal information we collect

Information you give us:

Information we collect automatically:

3. Why we use your information (lawful bases)

PurposeLawful basis (UK GDPR)
Generate your AI website sketch from your inputsPerformance of a service you requested (contract)
Email you the link to your sketchPerformance of a service you requested (contract)
Bot/spam protection and rate limiting (IP logs)Legitimate interest in preventing abuse
Process a deposit paymentPerformance of a service you requested (contract)
Send service-related notificationsPerformance of a service you requested (contract)
Send marketing emails about Nagged servicesSoft opt-in under PECR Regulation 22(3), with opt-out at every step
Respond to your contact / support enquiriesLegitimate interest in providing customer service
Comply with legal obligations (e.g. HMRC tax records)Legal obligation

You can object to any processing based on legitimate interest by emailing [email protected].

4. Who we share your information with

We share your personal information with the following third-party data processors. Each is bound by a Data Processing Agreement (DPA) under UK GDPR Article 28.

ProcessorWhat we sharePurposeWhere
Anthropic (Claude API)Business name, quiz answers, brand inputsGenerates the AI sketch contentUSA (UK/EU adequacy safeguards)
StripeEmail, name, payment detailsProcessing deposit paymentsUK / Ireland
CloudflareIP, request data, uploaded logo files, bot signalsDNS, CDN, R2 storage, bot protectionGlobal (Cloudflare network)
Hetzner CloudAll data stored on our serverHosting our application and databaseGermany or Finland (EU)
ResendEmail address and email contentSending transactional and marketing emailsUSA (UK/EU adequacy safeguards)
Google WorkspaceInbound emails sent to @nagged.aiInbound mailbox hostingUSA (UK/EU adequacy safeguards)
PexelsNo personal data sharedStock image library for sketchesN/A

We do not sell, rent or trade your personal data with anyone for marketing purposes.

5. International data transfers

Some of our processors (notably Anthropic, Resend and Google) are based in the United States. Where personal data is transferred outside the UK, we rely on the UK adequacy regulations (where applicable, e.g. UK-US Data Bridge), Standard Contractual Clauses with the UK addendum, and/or the processor's Binding Corporate Rules — all of which are UK GDPR-recognised safeguards.

6. How long we keep your information

DataRetention period
Lead information (where no purchase made)24 months from last interaction, then deleted
Generated preview pages (/p/{slug} links)7 days from creation, then expired
Callback requests24 months from last interaction, then deleted
Paid deposit records and Stripe data7 years from transaction (HMRC requirement)
Server logs (including IPs)30 days, then rotated
Marketing opt-out recordsIndefinitely (so we know not to email you again)

After the retention period, data is permanently deleted or anonymised.

7. Your rights

Under UK GDPR you have the right to:

To exercise any of these rights, email [email protected] with "GDPR request" in the subject line. We aim to respond within 30 calendar days as required by UK GDPR.

8. Cookies

We use a minimal number of cookies, all strictly necessary for the website to function:

CookiePurposeLifetime
nagged_sessionMaintains your browser session so the form works across page loads2 hours
XSRF-TOKENPrevents cross-site request forgery attacks (security)2 hours
cf_clearance (Cloudflare)Bot protection challenge resultUp to 30 minutes

We do not currently use analytics cookies, marketing pixels or any third-party tracking. If that changes, we will update this policy and add a cookie consent banner.

9. Security

We protect your data with industry-standard safeguards including HTTPS encryption, encrypted storage of uploaded files, access controls on the admin interface, rate limiting and bot protection, and regular security updates.

No system is 100% secure. If we ever experience a personal data breach that poses a risk to your rights, we will notify the ICO within 72 hours and, where required, notify you directly.

10. Children

Our service is intended for UK business owners. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Marketing

If you've given us your email through our preview funnel, we may occasionally email you about new templates, features, case studies, marketing tips and updates from Nagged.

This is on the basis of PECR soft opt-in — we got your email during a sales enquiry for our service, and we only market our own similar services. You can unsubscribe from any marketing email with one click, or by emailing [email protected]. Service emails (e.g. your sketch link, deposit receipts) are not affected by an unsubscribe.

12. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top will reflect the latest changes. For significant changes we will notify users by email.

13. How to contact us

For any questions about this privacy policy, or about how we handle your personal data:

If you're unhappy with how we've handled your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk/concerns or by calling 0303 123 1113.