Our Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.

Last Updated on Jul, 7, 2025

Introduction

Welcome to Numia GmbH ("Numia," "we," "us," or "our"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, process, and safeguard your information when you visit our website and use our services.

Numia GmbH is a company registered in Switzerland with its registered office at Bahnhofstrasse 20, 6300 Zug. Our company registration number is CHE-249.054.713.

This Policy is governed by the laws of Switzerland and, where applicable, the EU General Data Protection Regulation (GDPR). Our current services, which include inventory synchronization between enterprise resource planning systems and online platforms, do not involve the collection of personal data from end-users of our customers. This policy primarily addresses data collected from visitors to our website and our direct business contacts.

Information We Collect

We adhere to the principle of data minimization and collect only the information necessary to provide our services, respond to your inquiries, and comply with our legal obligations.

We may collect the following types of information:

Website Usage Data: Our website is built and hosted on Framer. When you visit, we may automatically collect technical information about your device and browsing activity. This may include your IP address, browser type, operating system, referral URLs, pages visited, and the dates/times of your visits. This data is processed by our website platform (Framer) and web infrastructure partners like Cloudflare for security, performance monitoring, and analytics.

Business Contact and Service Request Information: When you request access to our services or fill out a contact form, you provide us with information voluntarily. This includes your work email, company name, and other details about your company such as its size, e-commerce platform, and other tools you use. We process this information to respond to and fulfill your request.

Marketing Information: If you provide your explicit consent (for example, by ticking a dedicated checkbox on a form), we will collect your contact information, such as your email address, to send you marketing communications.

Employee and Contractor Data: We process personal data of our employees and contractors for administrative, payroll, and operational purposes, as detailed in our internal data protection policies.

Currently, our services do not process any personally identifiable information (PII) from our customers' end-users. All data processed through our inventory-sync services is limited to product, inventory, and ERP data.

How We Use Your Information

We take data security seriously and employ industry-standard measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

How We Share Your Information and Our Sub-Processors

We do not sell your personal data. We may share your information with trusted third-party service providers (sub-processors) who perform services on our behalf. We conduct due diligence on all our vendors and have contractual agreements in place to ensure they meet our stringent security and data protection standards.

Our key sub-processors include:

  • Cloud Hosting and Infrastructure:

    • Framer: For website hosting and content management.

    • Google Cloud Platform (GCP): For cloud computing, storage, and operational tools.

    • Hetzner: For dedicated server and cloud hosting.

    • Cloudflare: For content delivery, security (WAF, DDoS mitigation), and network performance.

  • AI and Machine Learning Services:

    • Anthropic & OpenAI: Used for internal development and service features.

  • Business Operations Tools:

    • Google Workspace: For email, documents, and internal collaboration.

    • Linear.app & Incident.io: For project and incident management.

We may also disclose your information if required by law, in response to a valid legal process, to protect our rights or property, or in the event of a merger, acquisition, or sale of assets.

Data Security

Protecting your information is a top priority. We have implemented a comprehensive security program based on industry best practices to safeguard your data. Our security measures include:

  • Encryption:

    • In Transit: All data transmitted to and from our services is encrypted using TLS 1.2 or higher.

    • At Rest: All stored data, including backups, is encrypted using strong AES-256 encryption.

  • Access Control:

    • We enforce a strict least-privilege principle and role-based access control (RBAC).

    • Multi-Factor Authentication (MFA) is mandatory for all internal systems that store or process sensitive data.

    • Access rights are reviewed quarterly to ensure they remain appropriate.

  • Network Security:

    • Our network is segregated into distinct environments (e.g., development, staging, production) to prevent unauthorized access between systems.

    • We utilize Web Application Firewalls (WAF), DDoS protection, and Intrusion Detection Systems (IDS) to protect our perimeter and inspect traffic.

  • Managing Security Vulnerabilities:

    • We conduct regular vulnerability scans (quarterly) and annual penetration tests.

    • Critical vulnerabilities are remediated within 72 hours.

  • Responding to Security Incidents:

    • We have a formal Incident Response Plan and use incident.io to manage security events. Our goal is to detect incidents in under one hour and recover within four hours.

    • In the event of a data breach involving personal data, we will notify affected individuals and relevant regulators within 72 hours of detection.

Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

  • The right to access: You can request a copy of the personal data we hold about you.

  • The right to rectification: You can ask us to correct any inaccurate or incomplete data.

  • The right to erasure (Right to be forgotten): You can request that we delete your personal data, subject to our legal and contractual retention obligations.

  • The right to restrict processing: You can ask us to limit the processing of your personal data under certain conditions.

  • The right to data portability: You can request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

  • The right to withdraw consent: Where we rely on your consent for processing (e.g., for marketing), you have the right to withdraw it at any time.

To exercise any of these rights, please contact us at the details provided below.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with our legal obligations.

  • Business Contact Data: Information you provide through our contact or access request forms will be retained for as long as we have a business relationship with you, or until you ask us to delete it, subject to legal requirements.

  • Employee/Contractor Records: Retained for 7 years after termination of the relationship.

  • System Logs: Audit and security logs are retained for a minimum of one year, with some logs retained for up to three years for security analysis.

Once data is no longer needed, it is securely disposed of using methods such as cryptographic wiping or physical shredding.

International Data Transfers

As a Swiss company utilizing global cloud providers, your data may be processed in countries other than your own. We ensure that all data transfers comply with legal requirements and that your data is protected to the same high standards, regardless of where it is processed. We rely on adequacy decisions, Standard Contractual Clauses (SCCs), and other legal mechanisms to safeguard international transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post any changes on this page and update the "Last Updated" date at the top. We encourage you to review this policy periodically.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact our Data Protection Officer:

Numia GmbH Bahnhofstrasse 20 6300 Zug, Switzerland Email: rafa@numia.xyz