Privacy Policy

Who we are

Numi is a sales call intelligence platform operated by Marememo UG (in formation), based in Germany. We record, transcribe, and AI-coach sales calls so reps and managers can close the coaching loop after every conversation.

For GDPR purposes, Marememo UG (in formation) is the data controller for personal data processed through numigtm.com and the Numi application. Questions or requests: privacy@numigtm.com.

What we collect and why

Category	Examples	Legal basis (GDPR Art. 6)
Account data	Name, work email, password hash	Contract performance (Art. 6(1)(b))
Call recordings	Audio files from integrated dialers	Contract performance; legitimate interest
Transcripts	Text of recorded calls	Contract performance
Coaching data	AI-generated coaching cards, scores, notes	Contract performance
Practice sessions	Role-play recordings and feedback	Contract performance
Usage data	Feature interactions, session metadata	Legitimate interest (product improvement)
Billing records	Invoice amounts, payment provider references	Legal obligation (Art. 6(1)(c))

Call recordings are processed exclusively on our own infrastructure in Germany. Audio does not leave our servers for transcription. We use self-hosted Whisper for speech-to-text. No audio is sent to third-party AI providers.

Where your data lives

All production data is stored on Hetzner Cloud servers in Frankfurt, Germany (EU). We do not transfer personal data outside the European Economic Area.

Audio files and exports are stored in MinIO object storage on the same infrastructure. The Numi application database runs on PostgreSQL, also hosted in Frankfurt.

Your right to data portability (Art. 20 GDPR)

You have the right to receive a copy of all personal data we hold about you in a structured, machine-readable format.

How to request an export

Log in to your Numi account, go to Settings → Data → Export my data, and confirm the request. You can also email privacy@numigtm.com and we will prepare the export manually within 30 days.

What the export contains

Your export is delivered as a ZIP archive containing:

• Your account profile and settings (JSON)
• All call records: metadata, transcripts, and coaching cards (JSON)
• All call recordings (original audio files)
• Practice session recordings and feedback (JSON + audio)
• Billing history (JSON, if applicable)

Your right to erasure (Art. 17 GDPR)

You have the right to request deletion of your account and all associated personal data.

How to delete your account

Go to Settings → Account → Delete account and confirm. You will receive an email confirmation. You can also contact privacy@numigtm.com.

7-day cancellation window

After initiating deletion, your account enters a 7-day grace period. During this window you can log back in and cancel the deletion. After 7 days, deletion is permanent and irreversible.

What gets deleted

When your account is permanently deleted, we remove:

• Your account profile and all settings
• All call records, metadata, and transcripts
• All call recordings (audio files)
• All AI-generated coaching cards and scores
• All practice session recordings and feedback
• Any previously generated data export files

What we retain

After deletion we keep only:

• An anonymous deletion record containing a salted hash of your email address. This record contains no personal data and exists solely to detect and prevent fraud (e.g., repeated free-trial abuse). It cannot be reversed to identify you.
• Billing invoices, if any transactions occurred, for the period required by German commercial and tax law (currently 10 years under § 147 AO). Invoices are stored with the minimum identifiers required by law.

Your other GDPR rights

Under the GDPR you also have the right to:

• Access (Art. 15): Request a copy of the personal data we hold about you.
• Rectification (Art. 16): Correct inaccurate or incomplete data. Most fields can be updated directly in account settings.
• Restriction (Art. 18): Ask us to restrict processing while a dispute is resolved.
• Object (Art. 21): Object to processing based on legitimate interest.
• Complaint: Lodge a complaint with your local data protection authority. In Germany: Bundesbeauftragte fur den Datenschutz (BfDI).

To exercise any of these rights, email privacy@numigtm.com. We respond within 30 days.

Third-party services

Service	Purpose	Data transferred
Hetzner Cloud (DE)	Infrastructure hosting	All data, stored in Frankfurt (EU)
Sentry (EU endpoint)	Error monitoring	Stack traces, request metadata (no audio or transcripts)
PostHog (EU)	Product analytics	Anonymised usage events (no audio or transcripts)
Google Analytics	Landing page analytics	Anonymised page view data

We do not sell your data. We do not share your audio recordings, transcripts, or coaching data with any third party except as required by law.

Security

Passwords are stored as salted hashes (bcrypt). All data in transit is encrypted via TLS. Data at rest is encrypted on Hetzner's infrastructure. Access to production systems is restricted to authorised personnel and logged.

If we become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours where required by Art. 33 GDPR.

Changes to this policy

We may update this policy when the product or applicable law changes. Material changes will be communicated by email to registered users at least 14 days before they take effect. The effective date at the top of this page will always reflect the latest revision.

Contact

For any privacy questions, data requests, or complaints:

Marememo UG (in formation)
Germany
privacy@numigtm.com