Privacy Policy
Last updated: 2026-05-12 Version: 1.0
This Privacy Policy explains how Numinor Systems Limited ("Numinor", "we", "us", or "our"), a company incorporated in Hong Kong, collects, uses, shares, and protects your personal data when you use our Platform at numinor.io and related services (together, the "Platform").
This Policy supplements our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.
1. Who is responsible for your data
Numinor Systems Limited is the data controller for the personal data collected through the Platform.
Contact: tyl@numinor.io
2. What data we collect
2.1 Information you provide
- Account data: email address, name, and authentication identifiers, collected through our identity provider (Clerk) when you sign up.
- User Content: questions you submit to the AI helper, sandbox inputs, code or text you supply to the Platform.
- Communications: information you send when you contact us by email or other channels.
2.2 Information we collect automatically
- Usage data: the pages you view, the research you access, the features you use, timestamps, and approximate duration of interaction.
- Device data: browser type, operating system, device identifiers, screen size, and language preference.
- Network data: IP address (from which we may infer approximate location at the country/city level), referrer URL, and request metadata.
- Cookies and similar technologies: small data files stored in your browser. See Section 6.
2.3 Information from third parties
- Identity provider: when you sign in with Google or GitHub via Clerk, we receive your name, email, and a stable identifier from those providers.
- Payment processors (when applicable): if you subscribe to a paid tier, payment metadata (but not full card numbers) is shared with us by our payment processor.
3. How we use your data
We process your personal data for the following purposes:
- To provide the Platform — authenticate you, render the Content, run the AI helper, execute sandbox code, and otherwise deliver the features you request.
- To improve the Platform — analyze usage patterns, identify retrieval gaps, prioritize research, and debug issues.
- To communicate with you — respond to support requests, send service notices, and (with your consent where required) share product updates.
- To enforce these Terms and protect the Platform — detect, prevent, and respond to fraud, abuse, scraping, security incidents, and breaches of our Terms.
- To comply with legal obligations — respond to lawful requests, retain records as required, and protect rights of third parties.
3.1 Legal bases (for users in jurisdictions requiring them)
We process personal data on the legal bases of:
- Performance of a contract (to provide the Platform you requested);
- Legitimate interests (to operate, improve, and secure the Platform, and to prevent abuse);
- Consent (where required by law, e.g. for certain marketing communications);
- Compliance with legal obligation (when required by law).
4. Who we share your data with
We share personal data only as follows:
4.1 Service providers (sub-processors)
We rely on the following service providers to operate the Platform:
| Provider | Purpose | Data shared |
|---|---|---|
| Clerk (clerk.com) | Authentication, sign-up, account management | Email, name, identity-provider tokens |
| Anthropic (anthropic.com) | LLM inference for the AI helper | Your questions, retrieved knowledge-base context, conversation history (within a session) |
| OpenAI (openai.com) or Voyage AI (voyageai.com) | Embedding generation for retrieval | Content being indexed; not your personal data |
| Vercel (vercel.com) | Hosting, deployment, and cookieless Web Analytics (aggregate page-views, referrers, country/device — no IPs stored) | Network metadata, request logs |
| Amazon Web Services (aws.amazon.com) | Database and storage in Asia Pacific (Seoul) region | All Platform data |
| Cloudflare (cloudflare.com) | DNS, caching, bot protection | Network metadata; encrypted traffic |
| e2b.dev (planned, when sandbox launches) | Per-user sandbox containers for code execution | Your sandbox code and outputs |
| Stripe (planned, when paid tiers launch) | Payment processing | Billing details (Stripe is the controller for full card data) |
Each sub-processor processes data on our instructions and is contractually bound to safeguard it.
4.2 Legal disclosures
We may disclose your data when required by law, court order, or governmental request, or to protect the rights, property, or safety of Numinor, our users, or others.
4.3 Business transfers
If Numinor undergoes a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will give notice and seek your consent where required.
4.4 We do not sell your data
We do not sell, rent, or trade your personal data to third parties for their independent marketing purposes.
5. International data transfers
Numinor is based in Hong Kong. Our database and primary storage are located in Amazon Web Services' Asia Pacific (Seoul) region. Some sub-processors (e.g. Clerk, Anthropic, OpenAI, Vercel, Stripe) operate in the United States or other jurisdictions and may receive your data there. By using the Platform, you acknowledge that your data may be transferred to and processed in jurisdictions whose data-protection laws may differ from yours. We rely on standard contractual clauses and other lawful transfer mechanisms where required.
6. Cookies and similar technologies
We use cookies and similar technologies for the following purposes:
- Strictly necessary — to authenticate you and remember your session (set by Clerk).
- Functional — to remember preferences such as theme and language.
- Analytics — to measure how the Platform is used in aggregate. We minimize the use of analytics cookies and prefer first-party logging.
You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from signing in.
7. How long we keep your data
- Account data: while your Account is active, plus up to 30 days after termination to allow recovery, then deleted or anonymized.
- Usage data: retained for up to 24 months to support analytics, security, and improvement.
- Q&A logs: retained for up to 24 months. We may retain anonymized derivatives indefinitely to improve retrieval and inform research.
- Billing and tax records (when applicable): retained for as long as required by Hong Kong law (typically 7 years).
- Backups: retained for up to 35 days in encrypted form.
8. How we protect your data
We implement appropriate technical and organizational safeguards, including:
- TLS encryption in transit and at rest where supported;
- Role-based access controls; engineers access production data only when necessary and via audited paths;
- Network isolation; vector store and application database reside in private subnets where feasible;
- Backups with point-in-time recovery; regular restore testing;
- Vulnerability monitoring and timely application of security patches.
No system is 100% secure. We will notify affected users and authorities of material data breaches as required by applicable law.
9. Your rights
Depending on your jurisdiction, you may have the following rights:
- Access to the personal data we hold about you;
- Correction of inaccurate data;
- Deletion of your data (subject to retention obligations);
- Restriction of certain processing;
- Objection to processing based on legitimate interests;
- Portability of your data in a structured, machine-readable format;
- Withdrawal of consent where consent is the legal basis for processing.
To exercise these rights, email tyl@numinor.io. We respond within 30 days. If we cannot fulfill your request fully (for example, because we are required by law to retain certain records), we will explain why.
You also have the right to lodge a complaint with your local data-protection authority.
10. Children
The Platform is not directed to individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact tyl@numinor.io and we will delete it.
11. Automated decision-making
The Platform does not make automated decisions that produce legal or similarly significant effects on you. The AI helper generates responses, but those responses are informational and do not result in any binding action affecting your rights.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated by posting an updated version on the Platform and, where reasonably feasible, by email. Your continued use of the Platform after an updated Policy takes effect constitutes your acceptance.
13. Contact
For privacy questions or to exercise your rights:
Numinor Systems Limited
Attn: Tom Liu
tyl@numinor.io
Numinor Systems Limited, Hong Kong