Numonic AI

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws. We are committed to protecting your privacy and ensuring the security of your personal data.

1. Data Controller Information

Numonic ("we", "us", or "our") is the data controller responsible for your personal data. We are committed to protecting and respecting your privacy in compliance with the UK GDPR and EU GDPR.

Contact Details:

Email: privacy@numonic.ai

Data Protection Officer: dpo@numonic.ai

2. Information We Collect

We may collect and process the following categories of personal data:

Identity Data: First name, last name, username or similar identifier
Contact Data: Email address, telephone numbers, billing address, delivery address
Financial Data: Payment card details (processed securely through our payment processors)
Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us
Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform
Profile Data: Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
Usage Data: Information about how you use our website, products and services
Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences
CRM Contact Data: Information about business contacts managed within our customer relationship management features, including names, email addresses, LinkedIn profile URLs, job titles, company names, pipeline stage, and engagement history. This may include data provided directly by you, collected through form submissions, or obtained from third-party enrichment providers (see Section 11)

3. Legal Basis for Processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract
Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests
Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject
Consent: You have given consent to the processing of your personal data for one or more specific purposes

4. How We Use Your Information

We use your personal data for the following purposes:

To register you as a new customer
To process and deliver your order
To manage your relationship with us
To enable you to participate in a prize draw, competition or complete a survey
To administer and protect our business and this website
To deliver relevant website content and advertisements to you
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
To make suggestions and recommendations to you about goods or services that may be of interest to you
To manage business relationships through our CRM features, including tracking pipeline stages, scheduling follow-up tasks, and maintaining contact interaction history
To link contact identities across channels (such as email addresses and LinkedIn profile URLs) into a unified contact profile for relationship management purposes
To calculate engagement scores based on interaction history (such as form submissions, email responses, and platform usage) to prioritise outreach and personalise communications
To enrich contact profiles using third-party data providers to supplement business contact information such as job title, company name, and professional details (see Section 11)

5. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

6. Your Rights Under GDPR

Under the UK GDPR and EU GDPR, you have the following rights:

Right of Access: You have the right to request copies of your personal data
Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete
Right to Erasure: You have the right to request that we erase your personal data, under certain conditions
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions
Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions
Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions
Right to Withdraw Consent: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time

To exercise any of these rights, please contact us at dpo@numonic.ai. We will respond to your request within one month as required by law.

7. International Transfers

We ensure that any transfer of personal data outside the UK or European Economic Area (EEA) is protected by appropriate safeguards, namely the use of Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) or European Commission, or other legally approved means.

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include:

Encryption of data in transit and at rest
Regular security assessments and audits
Access controls and authentication measures
Employee training on data protection
Incident response procedures

9. Cookies

Our website currently uses only strictly necessary cookies that are essential for the proper functioning of our Service. These cookies do not require your consent under GDPR and UK GDPR as they are necessary for security and authentication purposes.

Current Cookie Usage

We currently only use:

Authentication cookies: Essential cookies set by Supabase (our authentication provider) to maintain your login session and ensure secure access to your account. These include session tokens and security verification codes.

Future Cookie Usage

In the future, we may implement additional types of cookies to improve our Service. If we do so, we will update this Privacy Policy and implement appropriate consent mechanisms. These may include:

Analytical/performance cookies: To understand how visitors use our website and to improve our Service
Functionality cookies: To remember your preferences and provide enhanced features
Targeting/marketing cookies: To deliver relevant advertisements and measure their effectiveness

Managing Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse the strictly necessary authentication cookies, you will not be able to log in or access the Service.

For more information about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.

10. Web Analytics and Performance Monitoring

We use Vercel Web Analytics and Vercel Speed Insights to understand how visitors use our website and to monitor performance for improvement. These solutions are designed with privacy in mind and operate without the use of cookies.

Data Collected by Web Analytics

Vercel Web Analytics collects only anonymous, aggregated data that cannot be used to identify individual users:

Page URLs visited and referrer URLs
Geolocation (country, region, and city level—not precise location)
Device type (mobile, desktop, or tablet)
Operating system and browser type
Time of visit

Data Collected by Speed Insights

Vercel Speed Insights collects Core Web Vitals performance metrics to help us optimize page loading and user experience:

Largest Contentful Paint (LCP): Loading performance measurement
First Input Delay (FID): Interactivity measurement
Cumulative Layout Shift (CLS): Visual stability measurement
First Contentful Paint (FCP): Initial render time
Time to First Byte (TTFB): Server response time
Interaction to Next Paint (INP): Responsiveness measurement

Privacy-First Approach

Both Web Analytics and Speed Insights include the following privacy-protective measures:

No cookies: Visitor identification uses a hash of the incoming request, not persistent tracking cookies
No personal identifiers: No data is collected that could identify or track individual users across websites
24-hour data expiry: Session data is automatically discarded after 24 hours
No cross-site tracking: Analytics data cannot be used to track users across different applications or websites

Legal Basis

We process this analytics and performance data based on our legitimate interest in understanding website usage and performance to improve our Service (Article 6(1)(f) of GDPR). Given the privacy-protective nature of these solutions (no cookies, no personal identifiers, automatic data expiry), we have determined that this processing does not override your rights and freedoms.

11. Third-Party Data Sources and Enrichment

To support our CRM and business relationship management features, we may obtain professional and business contact information from third-party data providers. This enrichment supplements data you have provided to us or that we have collected through your interactions with our Service.

What Data We Obtain

Third-party enrichment is limited to professional and business information:

Job title and professional role
Company name, industry, and size
Business email address and phone number
Professional social media profile URLs
Company technology stack (for enterprise sales)

Enrichment Providers

We may use the following categories of data providers:

Business contact databases (such as Apollo.io) for broad professional contact information
People data platforms (such as People Data Labs) for in-depth professional profile data on high-priority business contacts

Legal Basis

We process enrichment data based on our legitimate interest in maintaining accurate business contact records and conducting effective B2B outreach (Article 6(1)(f) of GDPR). We limit enrichment to professional and business data, apply it only to contacts within active business relationships or pipeline prospects, and provide data subjects with the ability to request access, correction, or deletion of their data at any time (see Section 6).

12. Sub-Processors

We use the following third-party service providers (sub-processors) to help us deliver our Service. Each sub-processor processes personal data only as necessary for the purposes described below.

Provider	Purpose	Data Processed
Supabase	Authentication, database, storage	Account data, content, usage data
Vercel	Hosting, web analytics, performance monitoring	Technical data, anonymous usage metrics
Stripe	Payment processing	Financial data, transaction data
Resend	Transactional and marketing email delivery	Email addresses, message content
Apollo.io	Business contact enrichment	Professional contact identifiers (email, LinkedIn URL)
People Data Labs	Professional profile enrichment	Professional contact identifiers (email, LinkedIn URL)

We maintain data processing agreements with all sub-processors and ensure they provide adequate data protection safeguards. This list is updated when we add or change sub-processors.

13. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

14. Age Restrictions

Our Service is restricted to users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If you are under 18, you may not use this Service. If we learn that we have collected personal data from anyone under 18, we will take steps to delete that information.

If you are a parent or guardian and you are aware that someone under 18 has provided us with personal data, please contact us immediately at dpo@numonic.ai.

15. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with our legal obligations under the UK GDPR and EU GDPR.

16. Automated Processing and Engagement Scoring

Our CRM features use automated processing to calculate engagement scores for business contacts. These scores are based on interaction history (such as form submissions, email responses, website visits, and platform usage) and help us prioritise outreach and personalise communications.

How Scoring Works

Each interaction type is assigned a weight reflecting its significance (for example, a demo request is weighted higher than a newsletter signup)
Scores decay over time so that recent interactions are weighted more heavily than older ones
Scores are recalculated periodically and used to rank contacts for outreach prioritisation

What Scoring Does Not Do

Engagement scoring does not:

Produce legal effects or similarly significantly affect you
Determine your access to services, pricing, or eligibility for any offering
Make automated decisions without human review

Scoring is used solely as an internal tool to help us manage business relationships more effectively. All outreach decisions based on engagement scores involve human review. You may contact us at dpo@numonic.ai to request information about any scores associated with your contact record, or to object to this processing.

17. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

18. Complaints

If you have any concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:

For UK residents: Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

For EU residents: Your local data protection authority

Find your authority: edpb.europa.eu/about-edpb/board/members

19. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Numonic

Email: privacy@numonic.ai

Data Protection Officer: dpo@numonic.ai

Website: https://www.numonic.ai

When contacting us, please provide as much information as possible to help us address your query efficiently. We aim to respond to all privacy-related inquiries within 30 days.