Privacy Policy

Last updated: February 28, 2026

Nudge for Sonos (“Nudge”) is developed by Bolton LLC. This policy describes how Nudge handles your data.

The Short Version

Nudge is local-first by design. Your Sonos data stays on your devices and never leaves your home network. We do collect anonymized usage analytics and crash reports to improve the app, but we do not track your listening habits, we do not use advertising identifiers, and we do not sell your data.

What Nudge Accesses

Local network: Nudge discovers and communicates with Sonos speakers on your local Wi-Fi network. Playback control and status updates happen directly between your Apple Watch, your iPhone, and your speakers. Your Sonos data (speaker names, playback state, volume levels, Favorites) is displayed in the app and is never transmitted to external servers.

Wi-Fi network identification: Nudge requests Location permission on your iPhone solely to identify your Wi-Fi network name (SSID) and network identifier (BSSID). This is required by Apple’s operating system to access Wi-Fi network information — Nudge does not use GPS or track your geographic location. Your Wi-Fi network identifiers are stored securely on your device and are used only to ensure Nudge connects to the correct Sonos speakers on your network. If you use Nudge’s multi-household feature, your network identifiers may be stored in encrypted form (AES-GCM) on a Cloudflare Worker; this data is encrypted on your device before transmission and cannot be read by the server.

Analytics and crash reporting: Nudge uses Firebase Analytics and Google Analytics (GA4) to collect anonymized usage events such as playback actions, volume changes, and search interactions. Nudge uses Firebase Crashlytics to collect crash reports. These services receive an anonymous app instance ID and event data. They do not receive personally identifiable information, advertising identifiers, or your Sonos content.

Push notifications: If you enable push notifications, your device’s APNs token is stored on a Cloudflare Worker to deliver notifications. This token is not linked to your identity and is used solely for notification delivery.

Apple Music: If you use the Apple Music search feature, search queries are sent to the Apple Music API. This is governed by Apple’s privacy policy.

Spotify: Nudge uses the Spotify API for catalog search. This uses application-level credentials only — no Spotify account login or user data is involved. This is governed by Spotify’s privacy policy.

Sonos Cloud: If you connect your Sonos account for playback and advanced features such as Favorites and playlist access, authentication is handled via Sonos OAuth. This is optional and governed by Sonos’s privacy policy.

What Nudge Collects

• Anonymized usage analytics — app interactions such as playback events, volume changes, and search actions, collected via Firebase Analytics and GA4
• Crash reports — diagnostic data collected via Firebase Crashlytics to identify and fix bugs
• App instance ID — an anonymous identifier generated by Firebase, not linked to your identity
• Push notification tokens — stored on a Cloudflare Worker to deliver notifications if you opt in
• Wi-Fi network identifiers — your network name (SSID) and identifier (BSSID) are stored securely on your device for speaker discovery; optionally stored in encrypted form on a Cloudflare Worker for multi-household support
• User properties — anonymized attributes such as authentication level and speaker count, used to understand aggregate usage patterns

What Nudge Does NOT Collect

• No advertising identifiers (IDFA)
• No device fingerprinting
• No GPS or geographic location data — Location permission is used solely to read your Wi-Fi network name for speaker discovery, not to track where you are
• No health, financial, or contact information
• No listening history transmitted externally
• No Sonos content, speaker names, or playback data sent to analytics services
• We do not sell your data to any third party, ever

Data Storage

All Sonos data, preferences, and speaker configurations are stored locally on your Apple Watch and iPhone. Sensitive identifiers including Wi-Fi network data are stored in the device Keychain. Analytics and crash data are processed by Firebase and Google in accordance with their privacy policies. Push notification tokens are stored on Cloudflare infrastructure and are not linked to your identity.

Token Beaming

When you share access with guests using Token Beaming, a temporary encrypted key is transmitted over your local network. No credentials or passwords are shared. Keys expire automatically.

Third-Party Services

Nudge integrates with the following services:

• Google Firebase Analytics & GA4 — anonymized usage analytics — google.com/policies/privacy
• Google Firebase Crashlytics — crash reporting — firebase.google.com/support/privacy
• Cloudflare — push notification token storage — cloudflare.com/privacypolicy
• Sonos — local network API and optional cloud OAuth — sonos.com/legal/privacy
• Apple Music — search API — apple.com/legal/privacy
• Spotify — catalog search API — spotify.com/legal/privacy-policy

Children’s Privacy

Nudge does not knowingly collect data from children under 13 beyond the anonymized analytics and crash reporting described in this policy. The app collects no personally identifiable information from any user. If you believe a child under 13 has provided personal information, please contact us and we will take appropriate steps.

Changes to This Policy

If we update this policy, we will post the revised version here with an updated date.

Contact

Questions about this policy? Email: support@bolton.llc

Bolton LLC
Massachusetts, USA