Privacy Policy

Numro ("we", "us", "our") is a UK-based financial tool for the self-employed, operated at www.numro.co.uk. The service is operated by Ojonugwa Egwuda, a sole trader based in Oxford, who is the data controller for personal data collected through the service.

We are registered with the UK Information Commissioner's Office.

• ICO registration reference: ZC134542
• Registered: 28 April 2026
• Expires: 27 April 2027

For data protection enquiries, contact us at privacy@numro.co.uk

Account data: Email address, name, and profile picture if you sign in with Google.

Financial data you enter: Tax inputs, budget limits, savings goals, allowable expense classifications, and bill amounts. This data is stored on our servers against your account ID and is only accessible to you when authenticated.

Transaction data (CSV uploads): When you upload a bank CSV, it is transmitted to our server for processing and is never stored or retained. It is held in memory only for the duration of the analysis and discarded immediately after.

Expense classification: When you use the AI expense classifier, the expense description and amount you enter are sent to Google Gemini to determine the HMRC category and allowability. This data is not permanently stored by Numro. See section 5 for details on how Google processes this data.

Error data: If the app encounters an error, anonymised technical information (browser type, error stack trace) is sent to Sentry for debugging. No financial data is included.

Session data: Authentication cookies set by Supabase to keep you logged in.

We do not collect payment card details. We do not sell your data to third parties. We do not use advertising or analytics tracking on the site.

Contract: Processing your account and financial data is necessary to provide the service you signed up for (Article 6(1)(b)).

Legitimate interests: Error monitoring to maintain a secure and working service (Article 6(1)(f)).

Consent: For any optional communications we may send in future (Article 6(1)(a)). You can withdraw at any time.

• To provide and personalise the Numro service (tax calculations, expense classification, budget tracking).
• To maintain your account and authenticate you securely.
• To improve the app by fixing bugs and errors.
• To respond to your support or data subject requests.

We do not use your data to train AI models. We do not profile users for marketing purposes.

Numro uses the following processors that handle your data on our behalf:

Supabase: Authentication, user account storage, and financial data (budgets, goals, bills, classifications) stored under row-level security. Servers located in the EU. Standard Contractual Clauses apply for any international transfers. Privacy policy at supabase.com/privacy.

Google Gemini:Processes expense descriptions when you use the AI expense classifier to determine the HMRC category and allowability. Under Numro's paid-tier API agreement with Google, this data is not used to train Google's models. Google acts as a data processor on Numro's behalf. Privacy policy at policies.google.com/privacy.

Railway:Hosts our backend server. Tax calculations and expense classification requests are processed on Railway's infrastructure but no personal data is persisted there. Standard Contractual Clauses apply. Privacy policy at railway.app/legal/privacy.

Sentry: Error monitoring with anonymised payloads, no financial data. Privacy policy at sentry.io/privacy.

Vercel: Website hosting. No personal data stored on Vercel. Privacy policy at vercel.com/legal/privacy-policy.

We retain your account and financial data for as long as your account is active. If you delete your account, your personal data is removed from our systems within 30 days, except where we are legally required to retain specific records for longer (such as HMRC-mandated retention periods, where applicable).

Error logs are retained for 30 days by Sentry and then automatically deleted.

CSV uploads are not retained at any point. They exist in memory only for the duration of processing.

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Receive your data in a portable, machine-readable format
• Withdraw consent at any time where consent is the legal basis

To exercise any of these rights, email privacy@numro.co.uk. We will respond within 30 days as required under UK GDPR.

You also have the right to lodge a complaint with the Information Commissioner's Office:

• ICO, Wycliffe House, Water Lane
• Wilmslow, Cheshire SK9 5AF
• Telephone: 0303 123 1113
• Website: ico.org.uk

Numro uses strictly necessary cookies only. Specifically, authentication session cookies set by Supabase to keep you logged in. These cannot be disabled without breaking the login functionality. We do not use advertising, tracking, or analytics cookies.

We use industry-standard security measures including HTTPS encryption, secure authentication via Supabase, row-level security on user data, and access controls. Financial data entered into Numro is stored against your user ID and is not accessible to other users.

Numro is a tool for informational purposes. We recommend not entering more sensitive financial data than necessary to use the service. Always use strong, unique passwords.

Numro is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us at privacy@numro.co.uk and we will delete it promptly.

We may update this privacy policy from time to time. Material changes will be notified via email or a notice on the site. Continued use of Numro after changes constitutes acceptance.

For any privacy-related questions or data subject requests: privacy@numro.co.uk