Numerus logo
NUMERUS (beta)

Privacy Policy

Last updated: April 29, 2026

Overview

Numerus AI, Inc. ("Numerus," "we," "us," or "our") builds AI-native financial modeling tools for finance teams. This Privacy Policy describes what data we collect, how we use it, and the choices you have when you use Numerus and our related services (the "Service").

Scope

This policy covers everyone who interacts with Numerus through our websites, applications, APIs, and integrations.

Information We Collect

Personal Information

  • Name
  • Contact details (email and, where provided, phone number)
  • Company name and role, where applicable
  • Account credentials and information needed to operate your Numerus account
  • Billing information, handled by our payment provider — we do not store full card numbers ourselves

Automatically Collected Information

  • IP address, browser type, operating system, and device identifiers
  • Session and authentication data needed to keep you signed in and the Service running
  • Product usage telemetry (such as feature interactions and performance metrics)
  • Diagnostic and error logs

Information from Other Sources

  • Authentication data from identity providers you choose to connect (Google, Microsoft, SAML SSO)
  • Information you share when contacting support, joining research interviews, or applying for early access

Consent

Using the Service means you consent to the collection and processing described here. If you don't agree, please don't use the Service.

How We Use Your Information

We use your data to:

  • Run the Service: authenticate you, manage sessions, store your models, and execute the features you ask for
  • Communicate: transactional email, security and incident notifications, billing notices, and product updates
  • Support you: answer questions, troubleshoot issues, and improve our help content
  • Protect the Service: detect threats, monitor for anomalies, log audits, and enforce rate limits
  • Improve the Service: analyze aggregated and de-identified usage to understand what works and what doesn't
  • Train our AI models, where permitted: see the next section
  • Meet legal obligations: comply with laws, regulations, and contracts
  • Stay resilient: backups, disaster recovery, and infrastructure continuity

Model Training

Our policy on training depends on which plan you're on.

Paid plans (Pro): we do not use your User Content to train our AI models. This applies during trials of paid plans and across the full subscription. Your files, prompts, and AI interactions stay out of training pipelines, ours or our partners'.

Free tier: we may use your User Content — your files and DSL code, the prompts you submit, and your interactions with our AI — to train, evaluate, and improve our models and the Service. This may include sharing data with AI infrastructure partners under contractual confidentiality and data protection terms, strictly for training and improvement purposes. By using the free tier, you grant us the license described in our Terms and Conditions for these purposes.

If you don't want your content used for training, use a paid plan. If you've already submitted content on the free tier and want it removed from our systems, contact us using the details below — we'll delete the source content, though content already incorporated into trained model weights cannot be unlearned from those weights.

We may also use aggregated, de-identified, or fully anonymized telemetry from any plan to improve the Service. This kind of data does not include your model content.

Data Sharing

We share personal data only in the following situations:

  • Service Providers: vetted vendors that support hosting, AI inference, authentication, billing, analytics, and customer support, each bound by confidentiality and data protection obligations
  • Enterprise Integrations: with business partners or systems you authorize, under contract
  • Legal Authorities: where required by law, regulation, legal process, or government request
  • Corporate Transactions: in connection with a merger, acquisition, financing, or sale of assets, with appropriate confidentiality protections
  • With Your Consent: when you've explicitly authorized the sharing

We do not sell your personal data, and we do not share it for cross-context behavioral advertising.

A current list of subprocessors is available on request and is updated when material changes happen.

Data Transfers

  • Personal data is processed in data centers in the United States and, where applicable, the European Union
  • For users in the EU, UK, or other regions with cross-border data transfer rules, we rely on appropriate safeguards such as Standard Contractual Clauses
  • We notify customers ahead of material changes to processing locations
  • Vendors handling personal data are required to meet our security and data protection standards

Data Retention and Deletion

  • Account data (name, email, organization details): kept while your account is active and for a reasonable period afterward to meet legal, tax, and audit obligations
  • User Content (files, models, prompts): kept while your account is active; you can export or delete it at any time
  • Inference data sent to AI providers: subject to those providers' retention policies, typically up to 30 days for safety and abuse monitoring; Enterprise customers can opt into Zero Data Retention arrangements where supported
  • Free-tier training data: as described in the Model Training section, training inputs may be retained for the duration needed to train and evaluate models; source content can be deleted on request from our systems, though already-trained model weights cannot be reversed
  • Logs and telemetry: kept for limited periods needed for security, debugging, and product improvement
  • Backups: retained on a rolling schedule and overwritten in the ordinary course of operations

When you delete your account, we delete or de-identify your personal data within a reasonable period, except where retention is required by law.

Security Safeguards

We apply security practices appropriate for handling financial data, which may include:

  • Encryption: industry-standard encryption for data in transit and at rest
  • Authentication: secure password handling, session management, and protections against common web vulnerabilities (CSRF, brute-force attempts, rate limiting)
  • Single Sign-On: Google, Microsoft, and SAML SSO available for Team and Enterprise customers on request
  • Monitoring: audit trails and threat detection on production systems
  • Access Controls: role-based access and least-privilege principles for internal systems
  • Backups and Recovery: regular backups and tested recovery procedures
  • Incident Response: a defined process for handling security incidents and notifying affected customers

No security program is absolute. We continue to improve our practices as the platform matures and as we onboard customers with more demanding requirements.

Data Subject Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data ("right to be forgotten")
  • Restrict or object to certain processing
  • Receive your data in a portable format
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority (for users in the EU, UK, or similar jurisdictions)

To exercise any of these rights, contact us at the address below. We may need to verify your identity before responding.

California residents: under the California Consumer Privacy Act (CCPA), you have additional rights, including the right to know what personal information we collect about you and the right to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as defined under the CCPA.

Cookies and Tracking

We use cookies and similar technologies to operate the Service, remember your preferences, and understand how the product is used. You can manage non-essential cookies through your browser settings or, where available, our in-product consent controls.

Children

Numerus is not directed to children under 16, and we don't knowingly collect personal data from children. If we learn that we've collected data from a child without verified parental consent, we'll delete it promptly.

Compliance

We're building Numerus to meet the security and privacy expectations of a financial software provider. As we grow, we plan to pursue formal certifications such as SOC 2 and to expand our compliance program. Current status and any active certifications are available on request.

Updates to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email, and the updated policy will be posted with a new effective date. Continued use of the Service after that date means you accept the updated policy.

Contact Us

For questions, concerns, or data subject rights requests:

Numerus AI, Inc. vas@numerus.one