Legal

Privacy Policy

Last updated: March 2026

NuMoon (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at app.numoon.ai and related services.

1. Information We Collect

Account information. When you register, we collect your name, email address, company name, and password. Passwords are never stored in plaintext.

Integration data. When you connect third-party tools (Stripe, HubSpot, QuickBooks, etc.) via OAuth, we receive read-only access tokens and the business data you authorize. We only request the minimum scopes required to deliver our service.

Usage data. We automatically collect information about how you interact with NuMoon, including pages visited, features used, timestamps, and device information.

2. How We Use Your Data

We use your data to:

  • Provide, operate, and improve NuMoon's intelligence modules
  • Generate AI-powered insights, recommendations, and actions specific to your business
  • Sync and unify data across your connected integrations
  • Send transactional notifications (alerts, reports, action confirmations)
  • Detect anomalies, fraud patterns, and performance issues
  • Improve our models and product experience in aggregate (never using your raw data for training)

3. Data Security

We implement industry-leading security practices to protect your data:

  • Password hashing: All passwords are hashed with Argon2id, the winner of the Password Hashing Competition, providing resistance against GPU-based and side-channel attacks.
  • Encryption at rest: Sensitive data fields (OAuth tokens, API keys) are encrypted using AES-256-GCM before being stored in our database.
  • Access control: Role-based access control (RBAC) ensures that only authorized users within a tenant can access their data. All queries are filtered by tenant ID.
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted via TLS 1.3.

4. Data Sharing

We do not sell, rent, or trade your data. We share data only in the following circumstances:

  • Service providers: We use trusted infrastructure providers (cloud hosting, database services) that process data on our behalf under strict contractual obligations.
  • AI processing: We send minimal, anonymized context to large language model providers to generate insights. Your raw business data is never sent to third-party AI APIs.
  • Legal requirements: We may disclose data if required by law, subpoena, or governmental request.

5. Data Retention

We retain your account and integration data for as long as your account is active. If you disconnect an integration, we delete the associated synced data within 30 days. If you delete your account, all personally identifiable information and business data is permanently deleted within 30 days, except where we are legally required to retain it.

6. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the right to:

  • Access the personal data we hold about you
  • Rectify any inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict processing of your data
  • Port your data in a machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hassanain@numoon.ai. We will respond within 30 days.

7. Cookies

NuMoon uses essential cookies to maintain your session and remember your authentication state. We do not use third-party tracking cookies or advertising pixels on our platform. If we introduce analytics cookies in the future, we will update this policy and request your consent before setting them.

8. Contact

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hassanain@numoon.ai

We aim to respond to all inquiries within two business days.