Privacy Policy

Last updated: 2025/12/10

This Privacy Policy describes how App Software Ltd (Company Registration Number: 07109450), trading as NumeroMoney ("we", "our", "us"), collects, uses, protects, and discloses your information when you use our website and services at https://numeromoney.com. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Data

When you register and use our service, we collect the following personal information:

  • Account Information: Name, email address, username, and password (encrypted)
  • Profile Information: User preferences, timezone, currency settings, and optional profile details
  • Payment Information: Billing address and payment method details (processed securely by our payment processor Stripe; we do not store full payment card numbers)
  • Communication Data: Emails, support requests, and feedback you send to us

1.2 Financial Data

  • Bank Statement Data: Bank statements, transaction records, account names, balances, and transaction descriptions you upload to our service
  • Categorization Data: Transaction categories, tags, notes, and analysis you create within the service
  • Usage Patterns: Information about how you use our categorization and analysis features

Important: We do NOT:

  • Have direct access to your bank accounts
  • Store your bank account login credentials
  • Have the ability to initiate transactions on your behalf
  • Share your financial data with third parties for marketing or analytics purposes

1.3 Technical and Usage Data

  • IP Address: Collected for security monitoring, fraud detection, and regional service optimization

    • Full IP addresses retained for 90 days for security purposes
    • Partially anonymized (last octet removed) for analytics after 90 days

  • Device Information: Browser type, version, operating system, device identifiers

  • Usage Analytics: Pages visited, features used, time spent, clickstream data

  • Log Data: Access times, error logs, system diagnostics

1.4 Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication, session management, and security
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Understand how you use our service to improve it
  • Security Cookies: Detect and prevent fraudulent activity

We do NOT use:

  • Third-party advertising cookies
  • Cross-site tracking cookies
  • Social media tracking pixels (except for optional login features)

2. How We Use Your Information

2.1 Service Provision

  • Provide, maintain, and improve our bank statement import and categorization services
  • Process and store your financial data to enable analysis and reporting
  • Generate insights, charts, and reports based on your transaction data
  • Provide customer support and respond to your inquiries

2.2 Security and Fraud Prevention

  • Monitor for suspicious activity and prevent unauthorized access
  • Detect and prevent fraud, abuse, and security incidents
  • Verify your identity and authenticate your account
  • Maintain audit logs for security purposes

2.3 Communication

  • Send service-related notifications (e.g., import completion, errors)
  • Provide customer support responses
  • Send account and billing information
  • Marketing Communications (with your consent):
    • Product updates and new feature announcements
    • Educational content about personal finance management
    • Promotional offers and subscription information
    • You may opt out of marketing emails at any time

2.4 Service Improvement

  • Analyze usage patterns to improve our features and user experience
  • Conduct research and development for new features
  • Generate aggregated, anonymized statistics about service usage
  • Test new features and functionality
  • Comply with legal obligations and regulatory requirements
  • Enforce our Terms and Conditions
  • Protect our rights and property
  • Respond to legal requests and prevent illegal activities

3. Data Sharing and Disclosure

3.1 Financial Data - NO Third-Party Sharing

We do NOT share your bank statements, transaction data, account balances, or financial information with any third parties except:

  • When explicitly authorized by you
  • When required by law or valid legal process
  • To our secure cloud infrastructure providers (who act as data processors under strict confidentiality agreements)

3.2 Personal Information - Limited Sharing

We may share your personal information (name, email address) with:

  • Service Providers: Trusted third parties who assist us in operating our service:

    • Email Service Providers: To send you service and marketing emails (e.g., SendGrid, Mailgun)
    • Payment Processors: To process subscription payments (Stripe)
    • Cloud Hosting: To store and process data securely (e.g., AWS, Azure)
    • Customer Support: To provide help desk services
    • Analytics Services: To understand service usage (Google Analytics with IP anonymization)

    All service providers are contractually obligated to keep your information confidential and use it only for specified purposes.

  • Legal Requirements: When required by law, court order, or governmental request

  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

  • With Your Consent: When you explicitly authorize sharing with specific third parties

3.3 Aggregated Data

We may share anonymized, aggregated statistical data that cannot identify you personally (e.g., "X% of users categorize transactions weekly") for:

  • Business analysis and reporting
  • Academic research
  • Industry publications

4. Data Security

4.1 Security Measures

We implement industry-standard security measures including:

  • Encryption: All data transmitted using TLS 1.3 or higher; sensitive data encrypted at rest
  • Access Controls: Role-based access controls and multi-factor authentication
  • Security Monitoring: 24/7 monitoring for suspicious activity
  • Regular Audits: Periodic security assessments and penetration testing
  • Secure Development: Following secure coding practices and regular security updates
  • Data Isolation: Your financial data is logically isolated from other users

4.2 Your Security Responsibilities

To protect your account:

  • Use a strong, unique password
  • Enable two-factor authentication (when available)
  • Never share your password with anyone
  • Log out from shared devices
  • Keep your contact email secure
  • Report suspicious activity immediately

4.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

  • Notify you within 72 hours of discovery
  • Inform relevant authorities as required by law
  • Provide details about the breach and our response
  • Offer guidance on protective measures you can take

5. Data Retention

  • Active Accounts: We retain your data for as long as your account is active
  • Inactive Accounts: After 12 months of inactivity, we may delete your data with prior notice
  • Deleted Accounts: Data is permanently deleted within 90 days of account deletion
  • Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements)
  • Backups: Deleted data may persist in encrypted backups for up to 90 days

6. Your Data Protection Rights

Depending on your location, you have the following rights:

6.1 Access and Portability

  • Right to Access: Request copies of your personal and financial data
  • Data Portability: Export your data in a commonly used format (CSV, JSON)

6.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing communications at any time
  • Automated Decisions: Not be subject to decisions based solely on automated processing (we don't make automated decisions that significantly affect you)

6.4 Exercising Your Rights

To exercise these rights:

  • Access your account settings for many preferences
  • Use our data export feature for data portability
  • Contact us at [email protected] for other requests
  • We will respond within 30 days

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interest: Security monitoring, fraud prevention, service improvement
  • Consent: Marketing communications, optional features, cookies
  • Legal Obligation: Compliance with applicable laws and regulations

8. International Data Transfers

  • Data Location: Your data is primarily stored in secure data centers in the European Economic Area (EEA)
  • Transfers: If data is transferred outside the EEA, we ensure appropriate safeguards such as:
    • Standard Contractual Clauses (SCCs)
    • Adequacy decisions by the European Commission
    • Your explicit consent

9. Children's Privacy

  • Age Restriction: Our service is not intended for individuals under 18 years of age
  • No Knowingly Collecting: We do not knowingly collect personal data from children
  • Parental Notice: If you believe a child has provided us with personal data, please contact us immediately for deletion
  • External Links: Our service may contain links to third-party websites (e.g., banks, financial institutions)
  • No Responsibility: We are not responsible for the privacy practices of third-party sites
  • Review Policies: We encourage you to review the privacy policies of any third-party services you use

11. Marketing Communications

  • Opt-In: We will only send marketing emails if you have consented
  • Opt-Out: You can unsubscribe from marketing emails at any time via:
  • Service Emails: Essential service notifications (e.g., password resets, billing) cannot be opted out of

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, contact us at [email protected].

13. Changes to This Privacy Policy

  • Updates: We may update this Privacy Policy from time to time
  • Notification: Material changes will be notified via email or prominent notice on our website
  • Effective Date: Changes become effective on the "Last updated" date
  • Review: We encourage you to review this policy periodically

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

App Software Ltd (Trading as NumeroMoney)
Data Protection Officer
Company Registration: 07109450
Email: [email protected]
General Contact: [email protected]
Website: https://www.appsoftware.com

Supervisory Authority (UK):
Information Commissioner's Office (ICO)
Website: https://ico.org.uk

By using NumeroMoney, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.