Privacy Policy

NUMRO ("we", "us", "our") is a UK-based financial tool for self-employed people, operated at www.numro.co.uk. We are the data controller for the personal data collected through this service. We are registered with the Information Commissioner's Office (ICO).

For data protection enquiries, contact us at: privacy@numro.co.uk

• Account data: Email address, name, and profile picture (if you sign in with Google).
• Financial data you enter: Tax inputs, budget limits, savings goals, and bill amounts. This data is stored on our servers against your account ID.
• Transaction data (CSV uploads): When you upload a bank CSV, it is transmitted to our server for processing and is never stored or retained. It is held in memory only for the duration of the analysis and discarded immediately after.
• Expense classification: When you use the AI expense classifier, the expense description and amount you enter are sent to Google Gemini AI to determine HMRC allowability. This data is not permanently stored by NUMRO — see section 5.
• Error data: If the app encounters an error, anonymised technical information (browser type, error stack trace) is sent to Sentry for debugging. No financial data is included.
• Session data: Authentication cookies set by Supabase to keep you logged in.

We do not collect payment card details. We do not sell your data to third parties.

• Contract: Processing your account and financial data is necessary to provide the service you signed up for.
• Legitimate interests: Error monitoring to maintain a secure and working service.
• Consent: For any optional communications we may send in future (you can withdraw at any time).

• To provide and personalise the NUMRO service (tax calculations, budget tracking, etc.)
• To maintain your account and authenticate you securely
• To improve the app by fixing bugs and errors
• To respond to your support or data requests

We use the following third-party services that may process your data:

• Supabase — authentication, user account storage, and financial data (budgets, goals, bills) stored under row-level security. EU-based servers. Standard Contractual Clauses apply for any international transfers. Privacy policy
• Google Gemini AI — processes expense descriptions when you use the AI expense classifier to determine HMRC allowability. Under our API agreement, this data is not used to train Google's models. Google acts as a data processor on our behalf. Privacy policy
• Railway — hosts our backend server. Tax calculations and expense classification are processed on Railway's infrastructure but no personal data is persisted there. Standard Contractual Clauses apply. Privacy policy
• Sentry — error monitoring (anonymised, no financial data). Privacy policy
• Vercel — website hosting (no personal data stored). Privacy policy

We retain your account and financial data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Error logs are retained for 30 days by Sentry.

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time where consent is the legal basis

To exercise any of these rights, email us at privacy@numro.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

NUMRO uses strictly necessary cookies only — specifically authentication session cookies set by Supabase to keep you logged in. These cannot be disabled without breaking the login functionality. We do not use advertising, tracking, or analytics cookies.

We use industry-standard security measures including HTTPS encryption, secure authentication via Supabase, and access controls. Financial data entered into NUMRO is stored against your user ID and is not accessible to other users.

NUMRO is a tool for informational purposes. You should not enter more sensitive financial data than necessary. We recommend using strong, unique passwords.

NUMRO is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

We may update this privacy policy from time to time. Material changes will be notified via email or a notice on the site. Continued use of NUMRO after changes constitutes acceptance.

For any privacy-related questions: privacy@numro.co.uk