Privacy Policy

Last updated: February 1, 2026

Privacy Policy

Last updated: February 1, 2026

This U.S. Privacy Policy (the “Policy”) describes how Numoloo LLC ("Numoloo", "Company", "we", "our", or "us"):

  • Collects information from our business customers (“Customers”), individuals acting on

behalf of our Customers (“Users”), and visitors to www.numoloo.com (the “Website”), participants at our events, and any other prospective customer, user or partner (together with Customers and Users, “you”), through our Website, our AI-driven SaaS platform, (the “Platform”), services that link to this policy (and all other communications between us and you through written and oral means, such as email or phone (together with the Website and Platform, the "Services");

  • Uses and discloses such information; and
  • Protects such information.

The Policy does not apply to information collected by:

  • Us through any other means, including on any other website operated by Company or any

third party (including our affiliates and subsidiaries) that does not link to this policy; or

  • Any third party (including our affiliates and subsidiaries), including through any

application or content (including advertising) that may link to or be accessible from or through the Services.

Please read this Policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this Policy. This Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Services after we make changes as described here is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children's and Minors' Data

Our Services are not intended for, and we do not knowingly collect any personal information from, children under the age of 18. If we learn we have collected or received personal information from a child under 18 years old without verification of parental consent, we will delete that information.

1. The Personal and Other Information That We Collect or Process

"Personal information" is information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your name, email address, telephone number, home address, or payment information (for example, account information such as name, postal address, and email address, credit card number or any other identifier we may use to contact you online or offline).

Our Services are primarily intended for Customers, Users and other third parties located in the United States and Canada. However, Customer Data processed through the Platform may include Personal Information of individuals located in other countries or you may be visiting our

Website from outside of the United States. If you are located outside of the United States, see Your Rights if You Are an EU, UK or Swiss Data Subject and International Data Transfers.

The types and categories of personal information we may collect or process include:

  • Account and contact information, including name, business name, address (such as

physical address, business address, or other address), email address, phone number, username, and other contact information you provide us. Our payment processing partner Stripe, Inc. may also collect your name, billing address, and payment information. Payment information is not shared with us and is maintained by Stripe.

  • Account history, including information about your subscription, account, transactions,

purchases, order history, or discounts.

  • Content and information you elect to provide as part of your profile or in any reviews you

make through the Services or emails, chats, or other communications sent to us.

  • General, non-precise location information derived from IP addresses (such as city, state,

region, province, country, or time zone), which may be used for purposes such as assigning default settings, supporting regional functionality, or optimizing your

experience while using the Services.

  • Third party information mentioned in communications through your use of the Services,

including client names, business names, phone numbers and email addresses.

  • Device information, including your IP address, device identifiers, operating system and

version, preferred language, hardware identifiers, browser type and settings, and other device information.

  • Information you collect through or upload to the Services as Customer Data, as defined in

our Terms and Conditions. This information includes but is not limited to sensory information such as call audio recordings and transcripts. Numoloo has no direct relationship with the individuals whose personal information it hosts as part of Customer Data, including information about a User that is uploaded as Customer Data. Each Customer is responsible for providing notice to its customers, employees and any other third persons concerning the purpose for which it collects their personal information and how this personal information is processed in or through the Services as part of Customer Data.

Personal information contained in Customer Data is provided by Customers or processed on their behalf and under their instruction (See Data Controller / Processor). This may include any of the types of personal information described above, in accordance with our Data Processing Addendum with the Customer.

If you are a California resident, see Additional Information for California Residents.

We also collect:

  • Statistics or aggregated information. Statistical or aggregated data does not directly

identify a specific person, but we may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the percentage of users accessing a specific Services feature.

  • Technical information. Technical information includes information about your internet

connection and usage details about your interactions with the Services, such as clickstream information to, through, and from our Services (including date and time), products that you view or search for; page response times, download errors, length of your visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from a page.

If we combine or connect non-personal statistical or technical information with personal information so that it directly or indirectly identifies an individual, we treat the combined information as personal information.

2. How We Collect Your Personal and Other Information

You Provide Information to Us

We collect information about you when you interact with our Services, such as when you create or update an account, configure your workspace, or communicating with support.

Automatically Through Our Services

As you use, navigate through and interact with our Services, we may use automatic data collection technologies to collect information that may include personal information. Information collected automatically may include usage details, IP addresses, operating system, and browser type, and information collected through cookies, web beacons, and other tracking technologies including details of your interactions with our Services, such as traffic data, general, non-precise location information derived from IP addresses (such as city, state, region, province, country, or time zone), logs, and other communication data, and which resources and Services features that you access and use. Automatically collected information does not include call audio, call transcripts, client names or business names. Those types of information exist in connection with calls and voicemails handled through the Platform as Customer Data and are not collected by cookies or other tracking technologies.

Using automatic collection technologies helps us to improve our Services and to deliver a better and more personalized experience.

The technologies we use for this automatic data collection may include:

  • Cookies. A cookie is a small file placed on your device when you interact with the

Services. You may refuse to accept or disable cookies by activating the appropriate setting on your browser or device. However, if you select this setting, you may be unable

to access certain features of the Services.

  • Web Beacons. Some parts of the Services and our emails may contain small electronic

files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those parts or opened an email and for other related statistics (for example, recording the popularity

of certain content and verifying system and server integrity).

Numoloo does not use personal information for targeted advertising, profiling, or cross-site behavioral advertising. Any automatic data collection technologies used on our Services are limited to analytics, functionality, security, and performance purposes.

When you interact with the Services, there are third parties that may use automatic collection technologies to collect information about you or your device. These third parties may include:

  • Analytics companies.
  • Your device manufacturer.
  • Your internet or mobile service provider.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about these third party technologies, you may contact Numoloo at privacy@numoloo.com.

From Business Partners and Service Providers

We may receive personal information about you from other sources and combine that with information we collect directly from you. For example, we may obtain information about you from service providers that we engage to perform services on our behalf, such as email platform providers, payment processors, analytics, and security and anti-fraud services.

3. How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information, to:

  • Provide you with the Services and any contents, features, information, products, or

services that we make available through the Services.

  • Create and authenticate your account.
  • Fulfill and manage subscriptions, purchases, payments, and returns.
  • Fulfill any other purpose for which you provide it.
  • Communicate with you about your account/subscription, including expiration and

renewal notices.

  • Provide you with customer support.
  • To generate call summaries and follow-up actions and to automate email drafts.
  • Improve our Services, including by analyzing aggregated and anonymized information

and creating aggregated data derived from your information to develop, maintain, analyze, improve, optimize, measure, and report on our Services and their features and how users interact with them. Our analysis may include the use of technologies such as machine learning and large language models. Numoloo does not use identifiable call recordings, identifiable call data, or identifiable Customer Data to train any AI models.

  • Carry out our obligations and enforce our rights arising from any contracts entered into

between you and us, including for billing and collection.

  • Notify you when Services updates are available and about changes to any products or

services we offer or provide though them.

  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

The usage information we collect, whether connected to your personal information or not, helps us improve our Services and deliver a better and more personalized experience by enabling us to:

  • Enhance model performance and service reliability using aggregated and anonymized

information.

  • Estimate our audience sizes and usage patterns.
  • Store information about your preferences, allowing us to customize the Services

according to your individual needs and interests.

  • Recognize you when you return to our Services.
  • Maintain logs and audit trails for fraud detection, incident response and regulatory

obligations.

4. Who We Disclose Your Information To

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may also disclose personal information that we collect or you provide as described in this privacy policy:

  • To our subsidiaries and affiliates.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring,

reorganization, dissolution, or other sale or transfer of some or all of Numoloo LLC's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Numoloo LLC is among the assets transferred.

  • To contractors, service providers, and other third parties we use to support our

organization and who are obligated to keep personal information confidential and use it only for the purposes for which we disclose it to them.

  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.
  • To comply with any court order, law, or legal process, including to respond to any

government or regulatory request.

  • To enforce or apply our Terms and Conditions and other agreements, including for billing

and collection purposes.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or

safety of our organization, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

5. Your Rights and Choices About Your Information

This section describes mechanisms you can use to control certain uses and disclosures of your information and rights you may have under state law, depending on where you live.

Advertising, marketing, cookies, and other tracking technologies choices:

  • Cookies and Other Tracking Technologies. You can set your browser to refuse all or

some browser cookies or other tracking technology files, or to alert you when these files are being sent. If you disable or refuse cookies or similar tracking files, some Services features may be inaccessible or not function properly. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the online services you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our Services may not respond to all browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in this policy.

Location data choices:

  • Location Data. The Services do not collect real-time or precise device location. Location

information used by the Services is limited to general, non-precise location derived from IP addresses. You may block cookies or analytics technologies through your browser settings if you do not wish to allow this type of location estimation.

6. Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your personal information, including:

  • Access and Data Portability. You may confirm whether we process your personal

information and access a copy of the personal information we process. To the extent feasible and required by state law, depending on your state, data will be provided in a portable format. Depending on your state, you may have the right to receive additional

information and it will be included in the response to your access request.

  • Correction. You may request that we correct inaccuracies in your personal information

that we maintain, taking into account the information's nature and processing purpose.

  • Deletion. You may request that we delete personal information about you that we

maintain, subject to certain exception under applicable law.

  • Opt Out Rights. We currently do not use your Personal Information for targeted

advertising or sales. If we change our practices in the future, we will implement an opt-

out policy as required under certain state laws.

Important: The exact scope of these rights vary by state. There are also several exceptions where we may not have an obligation to fulfill your request.

To exercise any of these rights, please submit requests to privacy@numoloo.com. You may submit an appeal by contracting us at privacy@numoloo.com.

Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to process your request to opt out from certain types of data processing, including data "sales" as defined under certain laws. When we detect such a signal, we will make

reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.

If you are a California resident, additional information applies to you. See Additional Information for California Residents.

7. Additional Information for California Residents

If you are a California resident, the CCPA grants you the rights outlined in this section regarding your personal information. Please see below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Policy and you are a California resident, the portion that is more protective of your Personal Information shall control.

Where we are acting as a service provider to our Customers in our processing of your personal information, we may refer requests to our Customers.

Right to Know and Data Portability Requests

You have the right to request that we disclose certain information to you about our collection and use of your personal information (the "right to know"), including the specific pieces of personal information we have collected about you (a "data portability request"). Our response will cover the 12-month period preceding the request. You may exercise your right to know twice within any 12-month period. Once we receive your request and confirm your identity, we will disclose to you:

  • The categories of:
  • personal information we collected about you; and
  • sources from which we collected your personal information.
  • The business or commercial purpose for collecting your personal information.
  • If applicable, the categories of persons, including third parties, to whom we disclosed

your personal information, including separate disclosures identifying the categories of your personal information that we:

  • disclosed for a business purpose to each category of persons.
  • When your right to know submission includes a data portability request, a copy of your

personal information subject to any permitted redactions.

For more on exercising this right, see Exercising the Rights to Know, Delete or Correct.

Right to Delete and Right to Correct

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations (the "right to delete"). Once we receive your request and confirm your identity, we will delete your personal information from our systems unless an exception allows us to retain it. We will also notify our service providers, contractors, and other recipients to take appropriate action.

You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the "right to correct"). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is

inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service providers, contractors, and other recipients to take appropriate action.

For more on exercising these rights, see Exercising the Rights to Know, Delete, or Correct.

Disclosure Regarding Sensitive Personal Information

Numoloo does not collect, use, or disclose sensitive personal information.

Personal Information Sales or Sharing Opt-Out Rights

You have the right to request that businesses stop selling or sharing your personal information at any time (the "right to opt-out"), including through a user-enabled opt-out preference signal.

As we do not sell or share consumers' personal information as defined under California law, we do not currently provide these consumer rights.

Right to Non-Discrimination

You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under the CCPA.

Exercising the Rights to Know, Delete, or Correct

To exercise the right to know, data portability, delete, or correct described above, please submit a verifiable request to us by either:

  • Emailing us at privacy@numoloo.com; or
  • visiting https://numoloo.com/contact.

Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice within a 12-month period.

Verification Process and Authorized Agents

Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your personal information. To designate an authorized agent, you must email us at privacy@numoloo.com with a signed, written authorization, which may be provided as an attachment or in the body of the email. We may request specific information from you or your authorized representative to confirm your or their identity before we can process your right to know, delete, or correct your personal information.

We cannot respond to your request to know, delete, or correct if we cannot verify your identity or authority to make the request and confirm the personal information relating to you. We will only use personal information provided in the request to verify the requestor's identity or authority to make the request.

Upon our receipt of a request, we may ask for additional information necessary to complete the request, which may include, for example, the consumer's name, email address, or account username.

Responding to Your Requests to Know, Delete, or Correct

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the ten-day timeframe, please contact us at privacy@numoloo.com.

We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address. Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations.

Any disclosures we provide will cover information for the 12-month period preceding the request's receipt date.

For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

8. Your Rights if You Are an EU, UK or Swiss Data Subject

This section applies if you are an EU, UK or Swiss data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland). The term “Personal Information” as used in this Policy means “personal data” as defined under Regulation (EU) 2016/679 (General Data Protection Regulation, or “GDPR”).

Under GDPR, Numoloo is both a “Controller” and a “Processor”. Numoloo is the Controller of Personal Information you provide to us about yourself as a Customer or when requesting information about our products and services. For data provided to Numoloo or that we collect from you as part of using our Services, including but not limited to the Personal Information we collect through Customer Data, we are a Processor for our Customers, who are the Controllers that determine the purposes and means of the processing of your Personal Information by Numoloo.

Numoloo is based in the USA. Personal Information and data processed by Numoloo is transferred to our servers in the USA. When transferred, we take all reasonable steps to protect your Personal Information, including encryption during data transit and storage. For more information, see International Data Transfers below.

How We Use EU Personal Information

For data for which we are the Controller, we collect and use your Personal Information to respond to your enquiries or provide the products and services that you have purchased or take steps to purchase from Numoloo, as described previously.

For data for which we are the Processor, we do not transfer Personal Information to third parties except to the companies on the list of sub-processors in our Data Processing Addendum, and then only in order to provide the services requested by our Customer. When we are acting as a Processor for a Customer, you should contact the Customer (as Controller) with any questions you may have about how your Personal Information is being used. If you contact us directly when we are acting as a Processor, we may refer your request to the appropriate Customer who is the Controller of your Personal Information. If concerns remain, you may contact us as directed in the Contact Information section below.

We rely on the following legal bases for processing your Personal Information:

  • Processing of your Personal Information based on your consent for such processing. You

have the right to withdraw your consent, as further described below.

  • Processing of your Personal Information that you provide to us (such as your name, email

address, postal address, telephone number, company name and role) when you request information about the Numoloo Services or when you otherwise send inquiries about our Services and processing of this data is necessary to respond to or implement your request prior to entering into a contract with us or a Controller that is using our Services.

  • We use account-related data to set up accounts for Users in the Services and to administer

and support those accounts (such as usernames and email address), provide you with access to the Services, contact you regarding your use of the Services or to notify you of important changes to the Services. Such use is necessary for the performance of the contract between you and our Customers, or, where you are our Customer, between you and Numoloo.

  • Our use of data relating to your use of the Website and/or the Services, described above,

is necessary for our legitimate interests in understanding how the Website and the Services are being used by you, to improve your experience on it and our Service offerings.

  • We also have a legitimate interest in aggregating and/or anonymizing or de-identifying

the information that we collect through our Website and/or the Services and using this information for our business purposes, as described above.

  • When we process your Personal Information for our legitimate interests, we make sure to

consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate business interests do not automatically override your interests — we will not use your Personal Information for activities where our interests are overridden by the impact on you, unless we have your consent for our processing activities or those activities are otherwise required or permitted by law. You have the right to object to processing that is based on our legitimate interests, as further described below.

Rights of EU, UK and Swiss Data Subjects

Subject to applicable law and reasonable steps that we may take to verify your identity with respect to your requests, you have the following rights in relation to your Personal Information. As noted above, where we are acting as a Processor for our Customer, we may refer your requests to our customer for response.

  • Right of access: If you ask us, we will confirm whether we are processing your Personal

Information and, if so, provide you with a copy of that Personal Information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.

  • Right to rectification: If your Personal Information that we control is inaccurate or

incomplete, you are entitled to have it rectified or completed. Note that we may not be able to rectify data obtained from a third party such as a governmental agency or other data that we do not control, and you will need to contact that third party directly. If we have shared your Personal Information with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.

  • Right to erasure: You may ask us to delete or remove your Personal Information and we

will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion, for example if we are required by law to keep it). If we have shared your Personal Information with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.

  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your

Personal Information in certain circumstances, such as where you contest the accuracy of that Personal Information or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Information with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.

  • Right to data portability: You have the right to obtain your Personal Information from us

that you consented to give us or that is necessary to perform a contract with you, to the extent it is available. We will give you your Personal Information in a reasonable format given the nature of the information requested and complexity of providing it.

  • Right to object: You may ask us at any time to stop processing your Personal

Information, and we will do so if we are processing your Personal Information for the Services, or otherwise. However, if we are relying on a legitimate interest to process your Personal Information and we demonstrate compelling legitimate grounds for the processing we may continue; or you may exercise your rights by contacting us as directed in the Contact Information section below. Note you will be asked to verify your identity when submitting a request.

  • Rights in relation to automated decision-making and profiling: You have the right to be

free from decisions that we make based solely on automated processing of your Personal Information, including profiling, which produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us, or with your explicit consent.

  • Right to withdraw consent: If we rely on your consent to process your Personal

Information, you have the right to withdraw that consent at any time. Your withdrawal of consent will not apply to or affect prior processing of data that was processed prior to our receipt of your withdrawal of consent.

  • Right to lodge a complaint with the data protection authority: If you have a concern about

our privacy practices, including the way we have handled your Personal Information, you can report it to the data protection authority that is authorized to hear those concerns.

If you have an account with us, we may instruct you to exercise some of your rights above through account settings or features, or by deleting your account.

Data subjects may contact us as directed in the Contact Information section below.

9. International Data Transfers

Visiting our Website and Using our Services from Outside of the United States

Our Website and Services are hosted and managed in the USA, so the Personal Information we process will be transferred to and processed in the USA. The USA may have data protection laws that are different than the laws of your country, but we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Policy. In particular, regarding the transfer to and processing in the United States of Personal Information from the European Economic Area (EEA) member countries, the United Kingdom (UK) and Switzerland, Numoloo and its Customers generally rely on the Standard Contractual Clauses (SCCs) to help safeguard such Personal Information and as our lawful transfer mechanism under GDPR.

Numoloo commits to resolve complaints about your privacy and our collection or use of your Personal Information. European Union, UK or Swiss individuals with inquiries or complaints regarding this Privacy Notice are encouraged to first contact Numoloo at the contact information provided in the Contact Information section below. You may refer any unresolved privacy or data use concern that we have not addressed satisfactorily to your local data protection authority, and we will work with them to resolve your concern.

When Numoloo transfers Personal Information about EU, UK or Swiss individuals to other third parties, it will do so in accordance with the requirements of GDPR applicable to such transfers, including for onward transfers of Personal Information to third parties in other countries that are not covered by an adequacy decision, such as the USA. In these cases, Numoloo is potentially liable if such third parties do not provide the same level of protection as GDPR.

Retention of EU Data

For information on our data retention practices, see the How We Retain Your Personal Information section below, which applies to Personal Information of EU data subjects.

10. How We Protect Your Personal Information

Data is encrypted in transit via TLS 1.2+ and at rest using AES-256. User credentials and identity management are handled through Auth0, with role-based internal access controls limiting employee data visibility. Customers’ payment information is processed exclusively through Stripe. We do not store or process full payment information.

We have implemented appropriate administrative, physical, and technical measures designed to protect your personal information from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure.

We understand the importance of privacy and security of personal information to our users and have made them a priority. However, despite our safeguards, no website, mobile application, system, electronic storage, or online service is completely secure. Therefore, we cannot 100% guarantee the security of your personal information transmitted to, through, using, or in connection with the Services. In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us via such communications channels. Although we will do our best to protect your personal information, any transmission of personal information in connection with our Services is at your own risk.

The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal information against unauthorized use, disclosure, and access.

11. How We Retain Your Personal Information

We keep the categories of personal information described in this policy for as long as reasonably necessary to fulfill the purposes described herein or for as otherwise legally permitted or required, such as maintaining the Services, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal information.

We will delete or anonymize your personal information when it is no longer needed for the purposes for which it was collected, or if required by state law, when you request us to do so. Please note that we may be required by law or other legal obligations to retain some of your personal information, even after your request for deletion. However, once those requirements are no longer in place, we will promptly delete your personal information in accordance with your request. For Customer Data processed on behalf of a Customer, Numoloo retains and deletes such data in accordance with the Customer’s instructions and our Data Processing Addendum.

12. Data Controller / Processor

Certain data protection laws and regulations, such as the EU GDPR, UK GDPR, and the CCPA distinguish between two main roles for parties processing personal information: the “data controller” ( or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA “service provider”), who processes the data on behalf of the business.

With respect to Customer Data, Numoloo is the “data processor”. We process Customer Data on behalf of our Customer (who is the “data controller” of such data); and our Service Providers who process such Customer Data on our behalf are the “sub-processors” of such data.

Accordingly, Numoloo processes Customer Data strictly in accordance with our Customer’s reasonable instructions and as further stipulated in our Data Processing Addendum and other commercial agreements with such Customer.

Our Customers are solely responsible for determining whether and how they wish to use our Platform, and for ensuring that all individuals using the Platform on the Customer’s behalf or at their request, as well as all individuals whose personal information may be included in Customer

Data processed through the Platform, have been provided with adequate notice and given informed consent to the processing of their personal information, where such consent is necessary or advised, and that all legal requirements applicable to the collection, recording, use or other processing of data through our Platform are fully met by the Customer, including specifically in the context of an employment relationship. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Users and other individuals whose information they process through the Platform.

13. Changes to Our Privacy Policy

We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page. We will notify you of changes to this policy by updating the "last updated" date and posting the updated policy on the Services. We may email or otherwise communicate reminders about this policy, but you should check our Services periodically to see the current policy and any changes we have made to it.

14. Contact Information

To exercise your rights or ask questions or comment about this privacy policy or our privacy practices, contact us by emailing us at privacy@numoloo.com or submitting a request through the Contact Us form on our website at https://numoloo.com/contact.