Table of Contents
1. Who We Are
Nudge Field Sales ("we", "our", or "us") is a mobile customer relationship management application designed for pharmaceutical and medical device sales teams. The app is operated by Abdullah ("the developer") and is available on Android (package name com.khazer.nudgecrm) and on iOS (bundle identifier com.abdullah.nudge).
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Nudge Field Sales mobile application and associated services.
2. What Data We Collect
We collect only the data necessary to provide the core features of Nudge Field Sales. This includes:
Account & Identity Data
- Full name and email address (provided at account creation by your administrator)
- Firebase Authentication UID
- Assigned role (Rep, Supervisor, or Admin)
- Profile photo URL (optional, if you upload an avatar)
- FCM token (for push notifications — refreshed automatically)
Activity Data
- Visit reports: doctor visited, date/time, products discussed, notes, check-in/check-out timestamps
- Orders: products ordered, quantities, status, supervisor comments, payment terms
- Stock levels: per-product, per-clinic inventory records
- Doctor and clinic records you create or interact with
Location Data
- A one-time GPS reading captured when you tap "Start Work"
- A one-time GPS reading captured when you save each visit
- A one-time GPS reading captured when you tap "End Work"
- Your last recorded position shared with your direct supervisor (rep presence)
Foreground-only location: Nudge Field Sales uses location only while the app is open and in active use, and only at the moments listed above (starting work, saving a visit, ending work). The app does not access your location in the background, does not track you continuously, and does not use geofencing. Location is used solely to record where your field work takes place, and never for advertising, profiling, or any tracking unrelated to your work.
Device & Technical Data
- Device type, OS version (collected automatically by Firebase)
- App crash reports (via Firebase Crashlytics)
- Anonymous usage analytics (via Firebase Analytics, if enabled)
We do not collect payment card details, national ID numbers, health or medical records of patients, or any data unrelated to your sales activities.
3. How We Use Your Data
We use the data we collect exclusively to provide and improve Nudge Field Sales:
- Authenticate you and enforce role-based access controls
- Display your visit reports, orders, and KPIs to you and your assigned supervisor
- Enable supervisors to review and approve submissions from their team
- Send push notifications for approval events, rejections, and stock alerts
- Record one-time GPS readings at work start/end and visit save for attendance verification and visit validation
- Generate KPI reports and performance summaries
- Diagnose crashes and fix bugs via Firebase Crashlytics
- Sync offline data to the cloud when connectivity is restored
We do not use your data for advertising, profiling, or sale to third parties.
4. Data Sharing & Third Parties
We share data only with the following trusted infrastructure providers, strictly to operate the app:
Google Firebase (Google LLC)
- Firebase Authentication — identity management
- Cloud Firestore — real-time database
- Firebase Cloud Messaging — push notifications
- Firebase Crashlytics — crash reporting
- Firebase Hosting — public web pages
Google's privacy policy: policies.google.com/privacy
Within your organisation
- Your visit reports and orders are visible to your assigned supervisor and company administrators
- Your location data is visible to your assigned supervisor and administrators only
- No data is shared with other companies, reps, or organisations
We may disclose data if required by law or to protect the rights and safety of our users.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide the service. Specifically:
- Account data is retained until your account is deleted by you or an administrator
- Visit reports and orders are retained for business audit purposes for up to 3 years from creation, unless deletion is requested
- Location logs are retained for up to 12 months
- Crash logs are automatically purged by Firebase Crashlytics after 90 days
6. Security
We take data security seriously and implement the following measures:
- Firestore Security Rules — server-side rules ensure users can only read and write their own authorised data. No client-side trust.
- Firebase Authentication — industry-standard token-based authentication with secure session management
- TLS encryption — all data in transit is encrypted via HTTPS/TLS
- At-rest encryption — all Firestore data is encrypted at rest by Google Cloud
- Role-based access control — three distinct access levels (Rep, Supervisor, Admin) with strict data isolation between territories
While we use best-in-class infrastructure, no system is 100% immune. If you suspect a security issue, please contact us immediately.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and associated personal data
- Portability — request your data in a structured, machine-readable format
- Objection — object to specific types of processing (e.g. foreground location capture during visits)
To exercise any of these rights, contact us at Nudge@vantaq.net or use our Account Deletion Request page.
8. Account & Data Deletion
You have the right to request complete deletion of your account and all associated personal data at any time. This includes your profile, visit reports, orders, location history, and notification records.
To submit a deletion request, visit our Account Deletion Request page. We will process your request within 30 days and send a confirmation to your registered email address.
Note: Some data may be retained for a limited period where required by law or legitimate business audit obligations.
9. Children's Privacy
Nudge Field Sales is intended for use by employed sales professionals aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify users via the app.
Continued use of Nudge Field Sales after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:
Nudge Field Sales — Data Privacy
Email: Nudge@vantaq.net
App package: com.khazer.nudgecrm (Android) · com.abdullah.nudge (iOS)
Response time: within 5 business days