Privacy Policy

Last updated: April 2026

1. Introduction

This Privacy Policy explains how Numro (“we,” “us”) collects, uses, and protects your personal data when you use Numro. This policy complies with Federal Decree-Law No. 45 of 2021 (UAE Personal Data Protection Law).

2. Data controller

Alphahold LLC FZ (operating as Numro) — contact@numro.io

3. What data we collect

  • Account data: email address, name (when you register)
  • Payment data: processed by Stripe — we do not store card numbers, CVV, or bank details
  • Business data: financial figures and operational details you input during the diagnostic (Free tier: processed in real-time, NOT stored. Paid tiers: stored securely for your access)
  • Usage data: pages visited, features used, timestamps (anonymized analytics)
  • Device data: browser type, operating system, IP address (for security)

4. How we use your data

  • To provide the diagnostic service (legal basis: contractual necessity)
  • To process payments (legal basis: contractual necessity)
  • To send transactional emails — report delivery, account updates (legal basis: contractual necessity)
  • To improve the Service (legal basis: legitimate interest — anonymized/aggregated)
  • Marketing communications — ONLY with explicit opt-in consent

5. Data sharing

  • Anthropic (Claude API): your business data is sent to Anthropic’s API for AI analysis. Anthropic does not store or use this data to train models under their API terms. Data is processed on servers outside the UAE.
  • Stripe: payment processing. Stripe’s privacy policy applies to payment data.
  • Vercel: website hosting. Standard server logs only.

We do NOT sell, rent, or share your personal data with any other third party for marketing purposes.

6. International data transfers

Business data sent to Anthropic’s API may be processed on servers in the United States. We rely on Anthropic’s data processing terms which include appropriate safeguards. Payment data is processed by Stripe globally under their data processing agreement.

7. Data retention

  • Free-tier diagnostic data: NOT stored. Processed in real-time and discarded.
  • Paid-tier diagnostic data: Stored securely for your access. Starter: 30 days. Pro: indefinitely while subscribed.
  • Account data (email, name): retained while your account is active, deleted within 30 days of account deletion request.
  • Payment records: retained for 5 years as required by UAE tax and commercial law.
  • Usage analytics: retained in anonymized/aggregated form only.

8. Your rights under PDPL

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure (deletion)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise these rights, contact contact@numro.io. We will respond within 30 days.

9. Data security

We implement encryption in transit (TLS 1.3), do not store sensitive financial data for free-tier users, use Stripe’s PCI-DSS compliant payment processing, and restrict access to personal data to authorized personnel only.

10. Cookies

  • Essential cookies (session management, security): required, no consent needed
  • Analytics cookies (Plausible): used to understand usage patterns. Privacy-first, cookieless analytics — no personal data collected.

We do NOT use advertising or marketing cookies.

11. Children’s privacy

The Service is not intended for individuals under 18. We do not knowingly collect data from minors.

12. Changes

We may update this policy. Material changes will be communicated via email.

13. Contact and complaints

Contact us at contact@numro.io. If you believe your data rights have been violated, you may file a complaint with the UAE Data Office.