Privacy Policy

Introduction

Welcome to Numa Analytics ("we", "us", or "our"). We are committed to protecting your privacy and handling your personal information transparently and securely. This Privacy Policy explains what information we collect from you, how we use and share it, and your rights regarding that information. Our practices are designed to comply with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and relevant Indian data protection laws. In line with these regulations, we provide all required details in this Policy – such as who we are, what data we collect, why we collect it, how long we keep it, with whom we share it, and the rights you have as an individual.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our services. We may update this Policy from time to time (see the "Changes to this Policy" section below).

Information We Collect

We collect personal data you provide to us directly, as well as some information automatically when you interact with our website or services.

Information You Provide:

When you fill out forms on our site (such as a contact form or newsletter signup), or communicate with us by email/phone, you may provide personal information. This can include your name, email address, phone number, company/organization name, and any other details you choose to share (for example, the content of your message or inquiry). If you subscribe to our newsletter or other updates, we will collect your email address (and possibly your name) for that purpose. We will also collect any information you provide when registering for an account or service (if applicable).

Information Collected Automatically:

Like most websites, we use cookies and analytics tools to gather certain data automatically when you visit our site. This includes technical information such as your IP address, browser type, device identifiers, operating system, and usage information like the pages you viewed, the date/time of your visit, and how you navigated our site. We use Google Analytics (a web analytics service) to help us understand website traffic and usage patterns. Google Analytics may collect information such as your IP address, browser type, and pages visited on our site. This data is generally aggregated and does not directly identify you; we use it for statistical analysis and to improve our website's performance and content. (See "Cookies and Tracking Technologies" below for more details on how we use cookies and analytics.)

Information from Third Parties:

We may receive personal information about you from third-party sources that assist us in providing services. For example, if you interact with our social media pages or if you use an integrated service to log in, those services might share certain information with us according to their privacy policies (however, as of now, you must directly provide us information via our site for us to collect it). We also may obtain basic contact information from public databases or business directories for outreach purposes, but only where it is lawful to do so. Any such data from third parties will be treated according to this Policy and applicable laws.

We do not collect any special categories of sensitive personal data (such as government ID numbers, financial account details, health or biometric data, etc.) unless you explicitly provide it to us for a specific purpose. We ask that you only share personal data that is necessary for your interaction with us.

How We Use Your Information

We use the collected information for the following purposes, and we ensure that we have a valid legal basis for each use of your personal data (under laws like GDPR):

To Respond to Inquiries and Provide Services:

If you contact us via a form, email, or phone, we will use your information to respond to your questions or requests. For example, if you ask for a product demo or request information, we will use your contact details and message to address your needs. (Legal basis: our legitimate interest in responding to prospective customers or your consent/request, as well as to take steps at your request before entering into a contract.)

To Send Newsletters and Marketing Communications:

If you have subscribed to our newsletter or agreed to receive promotional emails, we will use your email (and name, if provided) to send you updates, news, and marketing materials about our products or services. You can opt out of these communications at any time by using the unsubscribe link in the emails or contacting us. (Legal basis: your consent. You have the right to withdraw consent at any time.)

For Analytics and Improvements:

We process usage data (collected via cookies and analytics tools) to understand how our website and services are used. This helps us troubleshoot issues, perform analysis on user behavior, and improve the functionality and user experience of our website. For instance, knowing which pages are most visited or how users navigate our site guides us in optimizing content. Wherever required by law, we obtain your consent for non-essential cookies (e.g., analytics cookies) before collecting this data. In other cases, we rely on our legitimate interest in improving our services, while ensuring such analysis does not override your data protection rights. (Legal basis: consent for analytics cookies in jurisdictions that require it; otherwise, our legitimate interests in service improvement.)

To Manage Customer Relationships:

If you become a customer of our services or engage in a business relationship with us, we will use your information for account setup, customer support, and general account management. This can include maintaining contact details in our Customer Relationship Management (CRM) system, sending service updates, and facilitating any transactions (such as invoicing or contract management). (Legal basis: performance of a contract with you, and our legitimate interest in providing and supporting our services.)

To Comply with Legal Obligations:

We may process and retain your personal information as needed to fulfill our legal and regulatory obligations. For example, we might keep records of communications or transactions as required by law, or use your data to comply with a court order or government enforcement request. We also use data to enforce our Terms of Service, prevent fraud or abuse, and protect our rights and the rights of other users. (Legal basis: compliance with legal obligations or our legitimate interests in maintaining lawful operations and security.)

We will not use your personal data for any purpose that is incompatible with the original purposes described above without first obtaining your consent, unless otherwise required or permitted by law. If we intend to process your information for a new purpose, we will provide you with notice and, if necessary, seek your permission.

Cookies and Tracking Technologies

Cookies are small text files placed on your device when you visit our website. We use cookies and similar tracking technologies to improve your experience and gather information about how visitors use our site. In particular:

Analytics Cookies:

We use third-party analytics tools (such as Google Analytics) which set cookies in your browser. These cookies collect information about your site usage (e.g., which pages you visit, how long you stay, how you got to our site) and aggregate it for us. This data helps us analyze website traffic and user behavior, enabling us to improve site content, navigation, and functionality. Google Analytics operates as our data processor, meaning it only processes data on our behalf and as we instruct. Google may process the data on servers in the United States or other countries. We have configured Google Analytics to anonymize IP addresses where possible (to enhance your privacy). No personally identifying information (like your name or email) is collected via analytics cookies – only website usage statistics.

Functional Cookies:

We may use certain cookies to remember your preferences and settings on our site (for example, if our site has a language preference, or to keep you logged in if we offer account features). These cookies make your experience more convenient by saving you from re-entering information.

Advertising Cookies:

Currently, we do not display third-party ads on our site. We also do not use advertising cookies or trackers for targeted marketing at this time. If this changes in the future, we will update this policy and (if required) obtain your consent before enabling such cookies. Our focus is on analytics and site functionality only.

Your Choices:

On your first visit to our site (if you are in a jurisdiction that mandates it, such as the EU), you will see a cookies notice or banner. You have the option to accept or decline non-essential cookies. Even after consenting, you can always manage your cookie preferences. Most web browsers allow you to refuse or delete cookies through their settings. For example, you can set your browser to block all cookies or to alert you when cookies are being sent. You can also delete cookies that have already been set. Note: If you disable cookies entirely, some features of our site (like certain preferences or analytics) may not function properly, but basic browsing will typically still be possible. For more information on controlling cookies, check your browser's help documentation. (By adjusting your browser settings, you can control or block cookies as you wish.)

Additionally, Google offers an opt-out browser add-on for Google Analytics (available at tools.google.com/dlpage/gaoptout) which you can install to prevent Google Analytics from collecting your data on any site. For our email newsletters, we may use embedded tracking technologies (such as a tiny image, often called a pixel) to know if you open an email or click on links. This helps us gauge the effectiveness of our communications. You can disable image loading in your email client if you prefer not to share this information, or simply unsubscribe from the newsletter.

How We Share Your Information

We treat your personal information with care and confidentiality. We do not sell or rent your personal data to third parties for their own marketing or commercial purposes. However, we do share certain information with third parties in the following circumstances, strictly for the purposes outlined below and in compliance with privacy laws:

Service Providers:

We use trusted third-party companies to support our operations and deliver our services to you. These service providers act under our instructions and are bound by appropriate confidentiality and data protection obligations (we sign Data Processing Agreements with them as required by GDPR). The types of third parties we engage include:

• Analytics Providers: As noted, we use Google Analytics to collect usage data. Google acts as our analytics provider, processing site usage information on our behalf. They may receive your truncated IP address and other usage metrics. This information helps us analyze site traffic. (You can review Google's own privacy policy to learn how they safeguard such data.)
• Email Marketing Platforms: If you subscribe to our newsletter or marketing emails, your name and email address will be stored with our email service provider (for example, Mailchimp or a similar email marketing tool). That provider helps us design and send emails to you. They will process your data solely to send our communications and track engagement (e.g., open and click rates). We ensure any email vendor we use has strong privacy and security commitments.
• Customer Relationship Management (CRM) and Support Tools: We may use a CRM system (such as Salesforce, HubSpot, or Zoho CRM) to organize our contacts, leads, and customer information. If you are a customer or have been in contact with us, your name, contact details, and communication history might be stored in our CRM database. This helps us keep track of our interactions with you and provide better service. Likewise, if we use a support ticketing system or live chat service, any information you provide via those tools will be processed by that third-party platform on our behalf for the purpose of assisting you.
• Website Hosting and IT Infrastructure: Our website is hosted on third-party servers (for example, a cloud service like GCP, AWS, Azure, or a hosting provider). Therefore, any data you submit through the website (including personal information) will be stored on those servers. We ensure our hosting providers employ strong security measures. Similarly, we may use other IT services (like data backup, cybersecurity services, etc.) that incidentally handle personal data as part of their support of our infrastructure.

We only share the minimum information necessary with our service providers for them to perform their functions. They are not allowed to use your data for any unrelated purpose. For instance, our analytics and email providers cannot independently market to you or share your information with others except as needed to provide their services to us.

Business Transfers:

If we undergo a business transaction such as a merger, acquisition by another company, or sale of all or part of our assets, your personal information may be transferred as part of that deal. We will ensure that any acquiring organization is aware of the obligations under this Privacy Policy and that your information remains protected. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information under such circumstances.

Legal Compliance and Protection:

We may disclose personal information to third parties if we believe in good faith that such disclosure is necessary to: (a) comply with any applicable law, regulation, legal process, or valid governmental request (such as a subpoena or court order); (b) enforce our Terms of Service or other agreements, investigate potential violations, or protect the security or integrity of our services; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect our rights, property, and safety, or those of our users or the public. In these cases, we will only share the data that is relevant and necessary for the specific purpose (for example, providing information to law enforcement upon a verified request).

With Your Consent:

In situations other than those above, if we ever need to share your information with other third parties (for example, if we partner with another company for a special program and want to share contact info), we will notify you and obtain your explicit consent before doing so. You would have the choice to allow or refuse such data sharing.

Again, we do not sell your personal information. In CCPA terms, we do not exchange your data for money or other valuable consideration for the third party's independent use. All third parties who handle user data are service providers that use it only for our stated purposes. If this ever changes, we will update this Policy and provide a mechanism for you to opt out of the "sale" of your personal information, as required by law.

International Data Transfers

We operate from India, and we also use services and servers located in other countries (such as the United States). This means that your personal information may be transferred to, stored, or processed in a country different from your home country. For example, if you are located in the European Union (EU) or European Economic Area (EEA), note that your data will likely be transferred outside of the EEA – to India, the US, or other jurisdictions where our third-party service providers are based. These countries may have data protection laws that are different or less comprehensive than those in your jurisdiction.

However, we take appropriate safeguards to ensure that your personal data remains protected according to this Privacy Policy and applicable law when it is transferred internationally. For instance, for personal data of EU/EEA users, any transfer to a country without an adequacy decision (a recognition by the EU that the country provides adequate data protection) is governed by standard contractual clauses or other lawful mechanisms. These are legal contracts approved by the European Commission that impose strict data protection obligations on the recipient of the data. We have such agreements in place with our service providers (like our analytics, email, and hosting providers) to cover cross-border data transfers. We also rely on other appropriate safeguards as needed, such as requiring certification to international data protection frameworks or obtaining your consent for certain transfers.

Regardless of where your data is processed, we will ensure that a high level of protection is applied to it. We also comply with local requirements – for example, India's data export rules and US privacy regulations – when transferring and processing data. If you have questions about international data transfers or need more details about the safeguards we use, you can contact us (see "Contact Us" below).

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific duration for which we keep your data can vary depending on the type of data and the use case:

Contact and Inquiry Data:

If you contact us with a question or request, we will retain that correspondence and your contact details for as long as needed to respond and follow up, and for a short period thereafter in case you have additional questions. Typically, routine inquiries are kept for around 1 year. If your inquiry leads to a business relationship or contract, we may retain it as part of our customer records (see below).

Customer Account Data:

For customers who use our services or products, we retain personal information for as long as the account is active or services are provided. Even after you stop using our services, we may retain certain data for contract enforcement, to resolve disputes, or as required by law. For example, we may keep records of transactions or communications for a number of years to meet tax, audit, or legal compliance requirements. These retention periods are determined by applicable laws (e.g., financial regulations might require 7 years retention of invoices in some jurisdictions) or by our legitimate business needs (e.g., to have proof of consent or communications to defend against future claims, typically for the statute of limitations period).

Newsletter Subscription Data:

If you have signed up for our newsletter or marketing emails, we will retain your email address and related info until you unsubscribe or until we discontinue our newsletter program. If you unsubscribe, we will promptly remove you from our mailing list (though we may keep a record of your email to ensure we respect your opt-out going forward).

Analytics Data:

Usage data collected via Google Analytics and similar tools is stored in aggregated form. Google Analytics retains individual user-level data (associated with cookies or other identifiers) for a limited period (commonly 14 months by default, unless we configure otherwise). After that period, the data may be deleted or anonymized automatically. We use aggregated analytics reports for longer to analyze trends over time, but those reports do not personally identify individuals.

Legal & Security Records:

In certain cases, we may need to retain data for longer to comply with legal obligations or for security reasons. For example, information relating to legal matters (such as records of consent, contracts, dispute correspondence) might be kept until the issue is resolved and for a period thereafter as required or prudent. Also, server logs and security logs are kept for a period (e.g., a few months up to a year) to monitor for malicious activity and ensure the integrity of our systems.

Once the retention period expires or the purpose of processing has been fulfilled, we will either delete your personal data or anonymize it (so it can no longer be associated with you) in a secure manner. If deletion or anonymization is not immediately feasible (for example, because the data is stored in backup archives), we will isolate the data and protect it from further use until deletion is possible.

Data Security

We take the security of your personal information seriously. We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, misuse, or alteration. These measures include, for example:

Encryption:

Where applicable, we use encryption to protect sensitive data in transit and at rest. Our website has HTTPS enabled, which means the data you submit is encrypted while traveling over the internet. We also employ encryption or hashing for passwords and other sensitive fields in our databases.

Access Controls:

We limit access to personal data to those employees, contractors, and service providers who have a business need to know such information. They only process your data on our instructions and are subject to a duty of confidentiality. We use authentication mechanisms and access control lists to ensure only authorized personnel can access systems that contain personal data.

Security Practices:

We maintain reasonable security practices and procedures as required under Indian law and other regulations. This includes firewalls, anti-malware protection, regular software updates, and monitoring of our systems for potential vulnerabilities or attacks. We also conduct periodic reviews and audits of our security measures. Employees are trained on data protection best practices and we have internal policies to handle data safely and respond to any potential security incidents.

Third-Party Security:

When we entrust your data to third-party service providers (such as our hosting company or analytics provider), we ensure they have robust security measures as well. We review their security and privacy certifications or standards (for example, many of our providers maintain certifications like ISO 27001 or SOC 2). We also include contractual clauses requiring them to protect your data.

While we strive to protect your information, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we regularly assess and upgrade our security measures to address new threats and vulnerabilities. In the unlikely event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

Your Privacy Rights

You have certain rights regarding your personal information, which you can exercise under applicable data protection laws. We are committed to honoring your rights and have processes in place to facilitate their exercise. These rights include:

Right to Access:

You have the right to request confirmation of whether we are processing personal data about you, and if so, to access the personal data and certain related information. This allows you to understand what data we have about you. Upon request, we will provide a copy of your personal data undergoing processing, in a commonly used electronic format.

Right to Rectification:

If any of your personal information that we hold is inaccurate or incomplete, you have the right to ask us to correct or update it. We encourage you to keep your details with us up-to-date so we can serve you better. We will make the corrections as soon as possible upon verification.

Right to Erasure:

You have the right to request the deletion of your personal data ("right to be forgotten") in certain circumstances. If you no longer want us to have your information, you can ask us to erase it, and we will do so provided that we do not have a legal obligation or overriding legitimate interest to retain it. For example, we may not be able to delete data that is required to comply with a legal retention obligation or that is necessary to complete an ongoing contract with you, but we will inform you if such a situation arises. When we no longer need your information, we will delete or anonymize it.

Right to Restrict Processing:

You can ask us to restrict or pause the processing of your personal data in certain scenarios – for instance, if you contest the accuracy of the data or object to our processing, we will restrict processing until the issue is resolved. Restriction means we will store your data, but not actively process it until the restriction is lifted.

Right to Object:

You have the right to object to our processing of your personal data when such processing is based on our legitimate interests (or those of a third party) and you have a specific situation that makes you object to processing on this ground. You also have the absolute right to object if we were to process your personal data for direct marketing purposes (we will always honor opt-out requests for marketing). In cases where you object to processing, we will stop processing your data unless we have compelling legitimate grounds to continue (e.g., a legal requirement or an overriding interest).

Right to Data Portability:

For data that you provided to us and that we process by automated means based on your consent or a contract, you have the right to request a copy of such data in a structured, commonly used, machine-readable format (for example, CSV or JSON). You also have the right to request that we transmit this data directly to another data controller, where technically feasible. This right is designed to make it easier for you to transfer your personal data between different service providers.

Right to Withdraw Consent:

In cases where we rely on your consent to process your personal information (such as for sending newsletters or certain cookie use), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw consent, we will stop the specific processing that was based on consent (for example, we will stop sending you the newsletter), but may continue other processing based on other legal grounds if applicable.

Rights Related to Automated Decisions:

We do not typically use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. However, if that changes and we engage in such activity, you have the right not to be subject to a decision based solely on automated processing (including profiling) that significantly affects you, without human intervention. You would also have the right to express your point of view and contest the decision.

In addition to the general rights above (which largely derive from GDPR and similar laws), California residents have specific rights under the CCPA (California Consumer Privacy Act) and its amendments (such as CPRA):

Right to Know:

California residents can request that we disclose what personal information we have collected about them in the past 12 months, including the categories of personal information, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties with whom we shared that information. Essentially, you can ask for both the specific pieces of personal data we have about you and broader information about our data practices.

Right to Delete:

California residents can request deletion of their personal information that we have collected and retained, subject to certain exceptions (for example, if the information is needed to complete a transaction, detect fraud, exercise free speech, comply with legal obligations, etc., deletion may not be available). As described above, we will honor valid deletion requests to the fullest extent required by law.

Right to Opt-Out of Sale/Sharing:

California law gives residents the right to opt out of the "sale" of their personal information or the sharing of their personal information for cross-context behavioral advertising. As noted, we do not sell personal information to third parties. We also do not share personal information for targeted advertising purposes at this time. Therefore, there is no need for you to submit a "Do Not Sell or Share My Info" request, as we don't engage in those practices. If this ever changes, we will implement a mechanism for you to opt out and prominently inform you of that change. We do recognize and respond to Global Privacy Control (GPC) signals in browsers; if we were selling data, a detected GPC signal would be treated as a valid opt-out request.

Right to Non-Discrimination:

We will never discriminate against you for exercising any of your privacy rights. This means we will not deny you services, charge you a different price, or provide a different level or quality of service just because you exercised your rights under CCPA or any other law. Any financial incentive or benefit we may offer in exchange for your personal data (if applicable) will be permitted by law and explained to you in advance, and you can opt in to or out of such programs.

Right to Correct:

(Effective starting 2023 under CPRA) California residents have the right to request correction of inaccurate personal information. This is similar to the general right to rectification mentioned above, and we will gladly correct information upon request.

Exercising Your Rights:

You may contact us at any time to exercise the applicable rights. Please see the "Contact Us" section below for how to reach us (typically via email is easiest). For your privacy and security, we will take steps to verify your identity before fulfilling your request – for example, by asking you to provide information that matches our records or to use a known email/phone number on file. If you have an authorized agent making a request on your behalf (for California residents), we will require proof of the agent's authority and verification of the request's authenticity.

We will respond to your request as soon as possible and in any event within the timeframe required by law (under GDPR, generally within one month; under CCPA, within 45 days, with the possibility of a 45-day extension). There is no fee for making a request, though if requests become excessive or unfounded, we reserve the right to refuse or charge a reasonable fee as allowed by law.

Finally, if you are in the EU/EEA (or other jurisdictions with similar oversight), you also have the right to complain with your country's data protection supervisory authority if you believe we have infringed your privacy rights. We encourage you to first reach out to us so we can address your concerns directly, but you are entitled to contact the authority at any time. In India, if you have grievances, you may contact the designated Grievance Officer (if applicable) or the Data Protection Board of India once established. In California, you can reach out to the California Attorney General or the California Privacy Protection Agency for concerns. We are committed to resolving any issues fairly and transparently.

Children's Privacy

Our website and services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 13 (and in certain jurisdictions, under the age of 16) without parental consent. In particular, we do not knowingly solicit or collect data from anyone under 13 years old in the United States, in compliance with the Children's Online Privacy Protection Act (COPPA). If you are under 13, please do not submit any personal information to us.

For users in the EU, the age of consent for online data processing is typically 16 (though it can be lower in some countries, but we choose to require 16. Therefore, if you are under 16 years old, you should only use our site with the involvement of a parent or guardian and should not provide your personal data without parental consent.

Under Indian law, a "child" is defined as anyone under 18 years of age, and processing a child's data requires verifiable parental consent. While our services are generally business-oriented and not aimed at minors, if you are under 18 and an Indian resident, you should seek parental consent before sharing any personal information with us or using our services. We do not offer any services that by their nature would be of interest to children, and we strictly avoid processing data of minors in any way that could be harmful or for targeted advertising purposes.

If we learn that we have inadvertently collected personal information from a child without proper consent, we will take steps to delete that information as soon as possible. If you believe that a child under the above ages may have provided us with personal data without parental consent, please contact us immediately so that we can investigate and address the issue.

Changes to this Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the "Last Updated" date at the top of this Policy. If the changes are significant, we will provide a more prominent notice – for example, by posting a notice on our homepage or by directly sending you a notification (via email if we have your email on file) – to inform you of the update.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any modification to the Policy will constitute your acknowledgment of the changes and agreement to be bound by the updated Policy. If you do not agree with the changes, you should stop using our services and inform us if you wish to have your data removed (consistent with your rights as described above).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We value your feedback and rights, and we are here to help.

Contact Information:

• Email: contact@numaanalytics.com
• Postal Address: Bengaluru, Karnataka, India.

When you contact us, please provide sufficient information for us to verify your identity (if you are making a data access, correction, or deletion request) and to understand the nature of your inquiry. We will respond as promptly as possible, and no later than required by law.

If you have any grievances or complaints about data privacy, you may also reach out to our Grievance Officer (for Indian users) at the above contact details. We will work with you to address and resolve your concerns. Additionally, as noted in the Your Privacy Rights section, individuals in the EU have the right to contact their supervisory authority, and California residents can contact the California Attorney General or California Privacy Protection Agency, but we ask that you allow us to address your concerns first.

Thank you for reading our Privacy Policy. We are dedicated to safeguarding your personal information and being transparent about our data practices.