privacy security

How Nudge Keeps Your WhatsApp Messages Private

5 min read

Privacy isn’t a feature you bolt on at the end. It’s a decision you make at the start — about what data you collect, where it lives, and who gets to see it. When we built Nudge, we started with a question: what’s the minimum amount of data that needs to leave your device for this to work?

The answer turned out to be surprisingly little.

Why Privacy Matters More for Messaging Apps

Your WhatsApp conversations are among the most personal data on your phone. They contain things you’d never say publicly — vulnerable moments, family logistics, financial details, medical updates, romantic exchanges. When an app asks to access your messages, the stakes are different from, say, a weather app asking for your location.

Most AI-powered messaging tools take the path of least resistance: upload everything to the cloud, process it on remote servers, store it in a database somewhere. It’s easier to build that way. It’s also a privacy nightmare.

We took the harder path. Not because we’re saints, but because we’d want to use the product ourselves — and we wouldn’t trust an app that uploaded our WhatsApp history to someone else’s server.

Local-First Architecture

Nudge is built around a principle we call “local by default.” Everything that can stay on your device, does. Here’s what that looks like in practice.

Your Messages Stay on Your Mac

When you connect Nudge to WhatsApp, your message history is stored in a local SQLite database at ~/Library/Application Support/Nudge/nudge.db. This file sits on your hard drive, encrypted by your Mac’s FileVault if you have it enabled. Nudge never uploads this database anywhere.

Your contact list, conversation metadata, draft history, app settings, priority scores — all local. If you uninstall Nudge and delete that file, every trace of your data goes with it.

How WhatsApp Connection Works

Nudge connects to WhatsApp through an open-source library called whatsapp-web.js. The pairing process is identical to WhatsApp Web: you scan a QR code, and the session is established directly between your Mac and WhatsApp’s servers. The session credentials are stored locally using the library’s LocalAuth strategy.

No WhatsApp credentials pass through our servers. We never see your phone number. We never have access to your WhatsApp account.

What Happens When You Request a Draft

This is the one part where data briefly leaves your device — and it’s worth explaining exactly what happens.

When you tap “Generate draft” for a conversation, Nudge sends up to 20 recent messages from that specific conversation to our server at yournudge.app/api/proxy/generate. Here’s the full flow:

  1. Your app sends the request — containing the conversation context and your authentication token.
  2. Our server verifies your identity — checking your JWT token and daily usage limit.
  3. The context is forwarded to Anthropic — Claude generates a draft reply based on the conversation.
  4. The draft comes back — our server returns it to your app and discards the message context.

The key detail: we don’t store your message content. It passes through our server — which exists only to protect our API key and enforce rate limits — and is immediately discarded. No logging, no database writes, no caching.

Anthropic, the AI provider, has a clear policy: they don’t use API inputs to train their models. Your conversation context is processed, the reply is generated, and the data is gone. (Curious how the AI actually produces drafts that sound like you? We wrote a detailed breakdown of the tone matching.)

Your messages deserve better than “trust us.” Nudge keeps conversations local and only sends the minimum data needed for AI drafts.

Join the waitlist

What Never Leaves Your Device

It’s worth being explicit about this:

  • Your full chat history — only the specific conversation you’re drafting a reply for is sent, and only up to 20 messages.
  • Media files — photos, videos, voice messages, documents are never accessed or transmitted.
  • Your contacts list — Nudge reads contact names locally for display but never uploads them.
  • Your social graph — we don’t know who you talk to, how often, or about what (beyond the single draft request).
  • Your draft history — generated drafts are stored locally and never sent back to our servers.
  • App settings and preferences — everything stays in your local database.

How This Compares to Cloud-Based Alternatives

Most messaging productivity tools follow a cloud-first model. Your messages get uploaded to their servers, processed, stored, indexed, and used to build features. Some of them are explicit about this. Others bury it in a privacy policy.

The cloud approach has advantages — it’s easier to sync across devices, build collaborative features, and run complex analytics. But it fundamentally requires trusting a company with your most private conversations.

Nudge’s local-first approach has trade-offs too. You can only use it on the Mac where it’s installed. Syncing across devices would require rethinking the architecture. Some features are harder to build without server-side access to your data.

We think those trade-offs are worth it. Your messages are yours. They should stay that way.

What We Do Collect

Transparency means being honest about what we do collect, not just what we don’t:

  • Email address — when you join the waitlist or sign in. Stored by Resend, our email provider.
  • Device identifier — a random UUID for authentication. Stored in your local JWT token.
  • Daily usage counts — how many drafts you’ve requested today. Stored in Redis, auto-deleted after 24 hours. No message content.
  • Anonymous analytics — page views via Plausible, which uses no cookies and collects no personal data.

That’s the complete list. If you want the full legal version, our privacy policy has every detail.

Privacy as a Product Decision

We could have built Nudge differently. A cloud-based approach would have been faster to develop, easier to maintain, and simpler to scale. We chose the harder path because we believe privacy isn’t a nice-to-have — it’s a prerequisite for a product that accesses your most personal conversations.

Every architectural decision in Nudge flows from this principle. Local database, not cloud storage. Proxy server that discards data, not one that logs it. Usage counts, not message analytics. The question is always the same: does this data need to leave the device? If not, it doesn’t.

If that approach resonates with you, join the waitlist. We’re building Nudge for people who care about both productivity and privacy — and don’t think they should have to choose.

Be first in line.

Private beta launches Q2 2026. Get early access and shape the product.

How many unreplied messages do you have right now?

No spam. Unsubscribe anytime. We respect your inbox (ironic, we know).