Last updated: 18 January 2026

This Privacy Policy describes how numerint.com (the "Site" or "we") collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as "Personal Information". See the list below for more information about what Personal Information we collect and why.

Device information

• Examples of Personal Information collected: version of web browser, IP address, time zone and cookie information.
• Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
• Source of collection: collected automatically when you access our Site using cookies and log files.
• Disclosure for a business purpose: we do not share the data.

Order Information

• Examples of Personal Information collected: name, billing address, payment information (including credit card numbers, email address, and phone number). Note that all card data and processing is performed via Stripe and not on this Site.
• Purpose of collection: to provide services to you, to process your payment information, provide you with invoices and/or order confirmations, communicate with you, screen orders for potential risk or fraud.
• Source of collection: collected from you.
• Disclosure for a business purpose: shared with our processor Stripe.

Customer support information

• Examples of Personal Information collected: as above.
• Purpose of collection: to provide customer support.
• Source of collection: collected from you.

Minors

The Site is not intended for individuals under the age of 16. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. Specifically:

• We use Stripe to power our payments. You can read more about how Stripe uses your Personal Information here: Stripe Privacy Center.
• We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive.

Using Personal Information

We use your personal Information to provide our services to you, which includes: providing our services and processing payments.

Security Measures

We implement appropriate technical and organisational security measures to protect your Personal Information, including:

• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher)
• Infrastructure: AWS cloud infrastructure in Ireland (eu-west-1) with ISO 27001 and SOC 2 Type II compliance
• Access Controls: Multi-factor authentication for administrators and OAuth 2.0 for customer authentication
• Monitoring: Continuous security monitoring and logging of security-relevant events

For complete details of our security measures, please see our Data Processing Agreement at https://numerint.com/dpa.

Personal Data Breaches

In the event of a personal data breach affecting your Personal Information, we will notify you without undue delay and in any event within 48 hours of becoming aware of the breach. The notification will include information about the nature of the breach, its likely consequences, and measures taken to address it.

Lawful basis

Pursuant to the General Data Protection Regulation ("GDPR"), if you are a resident of the European Economic Area ("EEA"), we process your personal information under the following lawful bases:

• Your consent;
• The performance of the contract between you and the Site;
• Compliance with our legal obligations;
• To protect your vital interests;
• To perform a task carried out in the public interest;
• For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

We retain different types of Personal Information for different periods:

Business Records (Invoices, Account Information): We retain your account information, transaction records, and invoices for 6 years from the end of the relevant financial year, as required by UK tax law. This includes your company name, email address, billing information, and payment history. We process this data as a data controller for legal compliance, fraud prevention, and to establish or defend legal claims.

Exported Accounting Data: For accounting data exported from your accounting system (e.g., Xero) and made available for download, we provide flexible retention options via the "Disconnect" function:

• Instant deletion upon request
• Deletion after a 2-week grace period
• Automatic deletion after 12 months of account inactivity (default)

Additionally, we automatically disconnect your accounting system connection after 2 weeks of inactivity. For more information on your right of erasure and data deletion options, please see the 'Your rights' section below and our Data Processing Agreement at https://numeriont.com/dpa.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Stripe uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary blacklist of IP addresses associated with repeated failed transactions or malicious actions against the Site.
• Temporary blacklist of credit cards associated with blacklisted IP addresses.

Your rights

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

For accounting data exported through our Services, you can exercise your right to erasure at any time using the "Disconnect" function, which provides options for immediate deletion, deletion after a grace period, or automatic deletion after 12 months of inactivity. For more details, see https://numerint.com/faq#security.

Your Personal Information will be processed in Ireland (EU/EEA region) using AWS infrastructure.

Cookies

We use cookies (with your explicit consent) as explained here cookie policy.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser's "Tools" or "Preferences" menu. More information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser's help file or through such sites as https://allaboutcookies.org/.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to "Do Not Track" signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@numerint.com.

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here.