Security & Privacy

1. Our Privacy-First Philosophy

We treat your financial information as yours, not ours. We do not sell it, share it for advertising, or monetize it in any other way.

We do not use your data to train AI models, and we do not profile you for ads. What you build in Numeric stays focused on helping you plan — not on feeding someone else's business model.

We collect only what we need to run the product: enough to authenticate you, deliver the service, bill subscriptions where applicable, and keep the platform reliable and secure.

2. How We Protect Your Data

Encryption everywhere

All data is encrypted in transit and at rest. Every connection to Numeric uses industry-standard encryption, and your stored data is protected at the database level.

Passwords we cannot read

Passwords are securely hashed using industry-standard one-way algorithms. We never store them in readable form, and no one at Numeric can ever view or recover your password — only you can reset it through a secure flow.

Keeping the stack current

We apply regular security patches and updates across our application and its dependencies so known vulnerabilities are addressed promptly.

3. Authentication & Access Control

How you sign in

You can use a traditional email and password, or sign in with Google for a passwordless experience. Sessions use short-lived, signed tokens so your identity is validated without exposing long-lived credentials in the browser.

Who can see what

Access is scoped to your workspace. You should only ever see your own plans and data — our authorization model is built around that boundary, not around "everyone with a link."

4. Abuse & Threat Prevention

We employ multiple layers of automated protection to guard against unauthorized access. These defenses work continuously in the background — stopping brute-force attempts, blocking automated abuse, and filtering illegitimate traffic — without disrupting your experience.

We also monitor for unusual activity patterns across the platform and maintain detailed audit trails so our team can investigate and respond to security events quickly.

5. Payment Security

Paid plans are processed by Paddle, who acts as our Merchant of Record. That means Paddle handles card data and compliance-heavy payment flows — we never store credit card numbers or full payment credentials on our systems.

Paddle is PCI-DSS compliant. For the full picture of how they handle personal and payment data, please refer to Paddle's Privacy Policy.

6. Your Data, Your Control

Export

You can export your financial plans and related data whenever you want — your numbers should be portable.

Delete your account

You can delete your account from Settings at any time. When you do, we comprehensively remove your personal data so it is no longer tied to you.

Rights that map to GDPR-style expectations

Where applicable, you can ask for access, correction, deletion, objection, or restriction of processing. If you are not sure which applies, email us — we will help you through it.

Cookies

We use cookie consent with granular categories (necessary, analytics, marketing). You can change your preferences anytime from the site footer or from Settings.

7. Infrastructure & Hosting

Numeric runs on trusted, hardened infrastructure with around-the-clock monitoring and incident response procedures in place. Security is not a one-time checklist — it is part of how we operate the product day to day.

8. Our Commitment

Numeric is built with security practices that align with industry frameworks like SOC 2 and GDPR — including encrypted data storage, workspace-level access isolation, comprehensive audit logging, and a dedicated security test suite that covers authentication exploits, injection attacks, and cross-tenant access attempts.

We have not yet completed formal certification audits, and we will not claim compliance until we have. What we can tell you is that security is engineered into the product, not bolted on after the fact — and we are actively working toward formal verification of that.