Privacy Policy

NUMRO ("we", "us", "our") is a UK-based financial tool for self-employed people, operated at www.numro.co.uk. We are the data controller for the personal data collected through this service. We are registered with the Information Commissioner's Office (ICO).

For data protection enquiries, contact us at: privacy@numro.co.uk

• Account data: Email address, name, and profile picture (if you sign in with Google).
• Financial data you enter: Tax inputs, budget limits, savings goals, and bill amounts. This data is stored on our servers against your account ID.
• Transaction data (CSV uploads): When you upload a bank CSV, it is transmitted to our server for processing and is never stored or retained. It is held in memory only for the duration of the analysis and discarded immediately after. If you then use the AI assistant to analyse your spending, the CSV content is also sent to Google Gemini AI for that analysis — see section 5.
• Chat messages: Messages you send to the AI assistant are processed by Google Gemini AI and are not permanently stored by NUMRO. If you share transaction data within the chat, that data is also passed to Gemini.
• Error data: If the app encounters an error, anonymised technical information (browser type, error stack trace) is sent to Sentry for debugging. No financial data is included.
• Session data: Authentication cookies set by Supabase to keep you logged in.

We do not collect payment card details. We do not sell your data to third parties.

• Contract: Processing your account and financial data is necessary to provide the service you signed up for.
• Legitimate interests: Error monitoring to maintain a secure and working service.
• Consent: For any optional communications we may send in future (you can withdraw at any time).

• To provide and personalise the NUMRO service (tax calculations, budget tracking, etc.)
• To maintain your account and authenticate you securely
• To improve the app by fixing bugs and errors
• To respond to your support or data requests

We use the following third-party services that may process your data:

• Supabase — authentication and user account storage (EU-based servers). Standard Contractual Clauses apply for any international transfers. Privacy policy
• Google Gemini AI — processes AI chat messages and, where you choose to use the spending analysis feature, transaction data from your uploaded CSV. Under our API agreement, this data is not used to train Google's models. Google acts as a data processor on our behalf. Privacy policy
• Railway — hosts our backend server and stores your financial data (budget, goals, bills). Data is processed and stored on Railway's infrastructure. Standard Contractual Clauses apply. Privacy policy
• Sentry — error monitoring (anonymised, no financial data). Privacy policy
• Vercel — website hosting (no personal data stored). Privacy policy

We retain your account and financial data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Error logs are retained for 30 days by Sentry.

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time where consent is the legal basis

To exercise any of these rights, email us at privacy@numro.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

NUMRO uses strictly necessary cookies only — specifically authentication session cookies set by Supabase to keep you logged in. These cannot be disabled without breaking the login functionality. We do not use advertising, tracking, or analytics cookies.

We use industry-standard security measures including HTTPS encryption, secure authentication via Supabase, and access controls. Financial data entered into NUMRO is stored against your user ID and is not accessible to other users.

NUMRO is a tool for informational purposes. You should not enter more sensitive financial data than necessary. We recommend using strong, unique passwords.

NUMRO is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

We may update this privacy policy from time to time. Material changes will be notified via email or a notice on the site. Continued use of NUMRO after changes constitutes acceptance.

For any privacy-related questions: privacy@numro.co.uk