Skip to main content

Legal & Compliance

Operating a community means handling user data responsibly. Nudj provides the tools you need to comply with global privacy laws (like GDPR and CCPA) while assuring your members that their information is safe.
Time to Complete: 10 minutes Required: Links to your company’s official legal documents.
Navigate to Control Room > Settings > Security & Compliance. Users will be required to agree to these policies during sign-up. You should provide links to:

Terms of Service

The “Rules of the Road” for your community. What behavior is allowed?

Privacy Policy

How you collect, store, and use member data.

Cookie Policy

Specifically which tracking technologies you use (e.g., PostHog, Google Analytics).

Acceptable Use

Specific rules for content generation and community interaction.
Important: All URLs must use https://. Ensure these pages are “Publicly Accessible” and not behind a login.

2. GDPR & CCPA Readiness

Nudj handles the heavy lifting of data infrastructure, but you are the “Data Controller.”

Data Processing Agreement (DPA)

If you are based in the EU, you can download and sign our standard DPA directly from the settings page. This document outlines how Nudj (the “Processor”) handles data on your behalf.

Right to be Forgotten

Users can request account deletion via the Profile Settings.
  • User Action: When a user clicks “Delete Account,” their PII (Personally Identifiable Information) is scrubbed from our database within 30 days.
  • Admin Action: You will receive an automated email notification when a deletion request is processed so you can remove them from your external CRM or email lists.

3. Data Residency (Where is the data?)

Your data location is determined when you Create your Organization.
  • US Region: Hosted on AWS/Vercel in the United States.
  • EU Region: Hosted on AWS/Vercel in Frankfurt, Germany.
Pro Tip: If you serve users in the UK or EU, we strongly recommend choosing the EU Region to simplify your compliance requirements.

4. Platform Security Credentials

We maintain industry-leading standards so you don’t have to worry about the “Infrastructure” layer of security:
  • SOC 2 Type II: Certified for security, availability, and confidentiality.
  • ISO 27001: The international standard for information security management.
  • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Template: Privacy Policy Clause

If you’re updating your company’s privacy policy to include Nudj, you can use this sample language:
“We use Nudj (nudj.cx) to provide our community engagement platform. By participating in challenges and earning rewards, some of your data (Username, Email, and Engagement activity) is processed by Nudj on our behalf. Nudj is committed to high standards of data protection and security.”
Next Step: Learn how to Connect your own Login system (SSO).