Privacy Policy - Numi | AI Sales Call Intelligence

// 01

Who we are

Numi is a sales call intelligence platform operated by Ron Junior van Cann, a sole proprietor (Einzelunternehmer) under German law, trading as "Numi" and based in Germany. We record, transcribe, and AI-coach sales calls so reps and managers can close the coaching loop after every conversation.

For GDPR purposes, Ron Junior van Cann (Einzelunternehmer trading as "Numi") is the data controller for personal data processed through numigtm.com and the Numi application. Questions or requests: privacy@numigtm.com.

// 02

What we collect and why

Category	Examples	Legal basis (GDPR Art. 6)
Account data	Name, work email, password hash	Contract performance (Art. 6(1)(b))
Call recordings	Audio files from integrated dialers	Contract performance; legitimate interest
Transcripts	Text of recorded calls	Contract performance
Coaching data	AI-generated coaching cards, scores, notes	Contract performance
Practice sessions	Role-play recordings and feedback	Contract performance
Usage data	Feature interactions, session metadata	Legitimate interest (product improvement)
Billing records	Invoice amounts, payment provider references	Legal obligation (Art. 6(1)(c))

Call recordings are processed exclusively on our own infrastructure in Germany. Audio does not leave our servers for transcription. We use self-hosted Whisper for speech-to-text. No audio is sent to third-party AI providers.

// 03

Where your data lives

All production data is stored on Hetzner Cloud servers in Frankfurt, Germany (EU). We do not transfer personal data outside the European Economic Area.

Audio files and exports are stored in MinIO object storage on the same infrastructure. The Numi application database runs on PostgreSQL, also hosted in Frankfurt.

Backup retention

We maintain 30-day rolling backups of both the PostgreSQL database and MinIO object storage. If you delete your account, the deletion propagates to all active backups within 30 days. After that window, no backup containing your personal data will exist.

// 04

Your right to data portability (Art. 20 GDPR)

You have the right to receive a copy of all personal data we hold about you in a structured, machine-readable format.

How to request an export

Log in to your Numi account, go to Settings → Data → Export my data, and confirm the request. You can also email privacy@numigtm.com and we will prepare the export manually within 30 days.

What the export contains

Your export is delivered as a ZIP archive containing:

Your account profile and settings (JSON)
All call records: metadata, transcripts, and coaching cards (JSON)
All call recordings (original audio files)
Practice session recordings and feedback (JSON + audio)
Billing history (JSON, if applicable)

Download link expiry

The download link for your export is valid for 24 hours from the time it is generated. If the link expires before you download the file, return to Settings and generate a new one.

// 05

Your right to erasure (Art. 17 GDPR)

You have the right to request deletion of your account and all associated personal data.

How to delete your account

Go to Settings → Account → Delete account and confirm. You will receive an email confirmation. You can also contact privacy@numigtm.com.

7-day cancellation window

After initiating deletion, your account enters a 7-day grace period. During this window you can log back in and cancel the deletion. After 7 days, deletion is permanent and irreversible.

What gets deleted

When your account is permanently deleted, we remove:

Your account profile and all settings
All call records, metadata, and transcripts
All call recordings (audio files)
All AI-generated coaching cards and scores
All practice session recordings and feedback
Any previously generated data export files

What we retain

After deletion we keep only:

An anonymous deletion record containing a salted hash of your email address. This record contains no personal data and exists solely to detect and prevent fraud (e.g., repeated free-trial abuse). It cannot be reversed to identify you.
Billing invoices, if any transactions occurred, for the period required by German commercial and tax law (currently 10 years under § 147 AO). Invoices are stored with the minimum identifiers required by law.

Backup propagation

Active backups are rotated on a 30-day rolling window. Your personal data will no longer exist in any backup within 30 days of your deletion being processed.

// 06

Your other GDPR rights

Under the GDPR you also have the right to:

Access (Art. 15): Request a copy of the personal data we hold about you.
Rectification (Art. 16): Correct inaccurate or incomplete data. Most fields can be updated directly in account settings.
Restriction (Art. 18): Ask us to restrict processing while a dispute is resolved.
Object (Art. 21): Object to processing based on legitimate interest.
Complaint: Lodge a complaint with your local data protection authority. In Germany: Bundesbeauftragte fur den Datenschutz (BfDI).

To exercise any of these rights, email privacy@numigtm.com. We respond within 30 days.

// 07

Third-party services

We engage a small set of vetted sub-processors to deliver the Service. Each one is bound by a data processing agreement and processes only the data needed for its purpose. The complete, up-to-date list (with legal entity, country, data categories, and transfer safeguards) is published at numigtm.com/legal/subprocessors.

We do not sell your data. We do not share your audio recordings, transcripts, or coaching data with any third party except as required by law or as instructed by you through a connected integration.

Data Processing Agreement (AVV)

If you are a business customer in the EU, you can sign our pre-signed Data Processing Agreement (Auftragsverarbeitungsvertrag) at numigtm.com/legal/dpa. It is also available from Settings → Legal inside your Numi account. For questions, email privacy@numigtm.com.

// 08

Security

Passwords are stored as salted hashes (bcrypt). All data in transit is encrypted via TLS. Data at rest is encrypted on Hetzner's infrastructure. Access to production systems is restricted to authorised personnel and logged.

If we become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours where required by Art. 33 GDPR.

// 09

Changes to this policy

We may update this policy when the product or applicable law changes. Material changes will be communicated by email to registered users at least 14 days before they take effect. The effective date at the top of this page will always reflect the latest revision.

// 10

Contact

For any privacy questions, data requests, or complaints:

Ron Junior van Cann
Einzelunternehmer, trading as "Numi"
Germany
privacy@numigtm.com