NumeraLoop ("we," "our," or "us") is committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding your personal information.
NumeraLoop operates a cloud-based telecommunications management platform that enables users to manage Twilio phone numbers, send and receive SMS and MMS messages, conduct browser-based voice calls, run bulk SMS campaigns, and integrate telephony workflows into their business operations.
This Privacy Policy applies to all users of our website at numeraloop.com and our web application, including individuals accessing the platform on behalf of a business or organization.
By using NumeraLoop, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services.
Payment processing is handled exclusively by Stripe, Inc. We do not collect, store, or have access to your full credit card number, CVV, or other sensitive payment card data. We retain only:
When you upload contact lists, import CSV files, or input recipient phone numbers for campaigns, you are providing us with personal data belonging to third parties. You represent and warrant that you have obtained all necessary consents to provide such data and to contact those individuals using our platform.
We use the data we collect for the following purposes:
We do not sell your personal information to third parties, use your data for behavioral advertising, or share your data with data brokers.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contractual necessity (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Contractual necessity (Art. 6(1)(b)) |
| Operating telephony features | Contractual necessity (Art. 6(1)(b)) |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) |
| Service analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance and regulatory requests | Legal obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
We work with trusted third-party vendors who process data on our behalf under strict data processing agreements. See Section 6 for details on each integration.
We may disclose your information when required by law, court order, subpoena, or valid legal process. We will notify you of such requests where legally permitted to do so.
If NumeraLoop undergoes a merger, acquisition, or sale of all or substantially all assets, your data may be transferred to the acquiring entity. We will notify you prior to any such transfer, and the acquiring entity will be bound by this Privacy Policy.
We may disclose information where necessary to protect the rights, property, or safety of NumeraLoop, our users, or others, including for fraud prevention purposes.
All telephony services — including voice calls, SMS/MMS, and number provisioning — are delivered through Twilio. We transmit your Twilio credentials and configuration data to Twilio solely to execute your instructions. Your use of telephony features is additionally governed by Twilio's Acceptable Use Policy and Privacy Policy.
Data may be processed in the United States and other countries where Twilio operates. Twilio maintains Standard Contractual Clauses for EEA transfers.
Payment processing is handled exclusively by Stripe. When you enter payment information, it is transmitted directly to Stripe's servers over an encrypted connection. NumeraLoop never receives or stores your raw card data. Stripe is certified as a PCI DSS Level 1 Service Provider. Your use of payment features is governed by Stripe's Privacy Policy and Terms of Service.
Stripe processes payments globally. Stripe maintains Standard Contractual Clauses and a Data Processing Agreement for GDPR compliance.
We use Supabase for our database infrastructure, user authentication, and file storage. Your account data, telephony configuration, contacts, and message logs are stored in a Supabase-hosted PostgreSQL database. Supabase employs row-level security (RLS) to ensure data isolation between users.
Supabase infrastructure is hosted on AWS. Supabase is GDPR compliant and offers a Data Processing Agreement.
| Data Category | Retention Period |
|---|---|
| Account and profile data | For the duration of your active account |
| Call and SMS activity logs | 90 days (rolling), then automatically purged |
| Bulk campaign data | For the duration of your active account |
| Contact records | Until you delete them or close your account |
| Billing records and invoices | 7 years (legal and tax compliance requirement) |
| Security and access logs | 12 months for fraud prevention purposes |
| Data after account deletion | Permanently deleted within 30 days of request |
| Encrypted database backups | Up to 90 days before being overwritten |
To request account deletion, use the "Delete Account" option in your Settings page, or contact us at support@numeraloop.com. Billing records may be retained for the legally required period even after account deletion.
We implement industry-standard technical and organizational measures to protect your data:
Despite our best efforts, no system is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law (within 72 hours under GDPR).
NumeraLoop is operated from the United States. Your data is stored and processed primarily in the United States via Supabase and AWS infrastructure. If you are located in the EEA, UK, Switzerland, or other regions with data transfer restrictions, please be aware of the following:
By using NumeraLoop, you consent to the transfer of your data to the United States and other countries where we or our service providers operate.
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:
Right to Access (Art. 15)
Request a copy of your personal data. Use "Export My Data" in your account Settings, or contact us directly.
Right to Rectification (Art. 16)
Correct inaccurate or incomplete personal data through your account settings or by contacting us.
Right to Erasure / "Right to be Forgotten" (Art. 17)
Request deletion of your personal data. Use "Delete Account" in Settings. Note: billing records may be retained for legal compliance.
Right to Restriction of Processing (Art. 18)
Request that we limit how we process your data in certain circumstances (e.g., while a dispute is resolved).
Right to Data Portability (Art. 20)
Receive your personal data in a structured, machine-readable format (JSON/CSV) for transfer to another service.
Right to Object (Art. 21)
Object to processing based on legitimate interests, including profiling and direct marketing.
Right to Withdraw Consent (Art. 7(3))
Withdraw consent for processing based on consent at any time without affecting prior lawful processing.
Right to Lodge a Complaint
File a complaint with your national supervisory authority (e.g., the ICO in the UK, or your local DPA in the EU).
To exercise any of these rights, contact us at support@numeraloop.com. We will respond within 30 days. We may request identity verification before processing your request.
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:
To submit a CCPA request, email support@numeraloop.com with the subject line "CCPA Request." We will respond within 45 days. You may submit a request up to twice per 12-month period.
If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws grant you the following rights:
We collect, use, and disclose personal information only with your knowledge and consent, and only for purposes that a reasonable person would consider appropriate. Contact us at support@numeraloop.com to exercise these rights.
NumeraLoop is a business-oriented telecommunications platform intended exclusively for adults aged 18 and older. We do not knowingly collect personal information from individuals under 18 years of age.
If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information. If you believe we have collected data from a minor, please contact us immediately at support@numeraloop.com.
NumeraLoop does not record calls by default. If you enable call recording through your Twilio account configuration, recordings are stored by Twilio, not by NumeraLoop. You are solely responsible for complying with all applicable laws regarding call recording consent, including:
Browser calling uses the Twilio Voice SDK and WebRTC technology. Voice data is transmitted directly via Twilio's infrastructure. We store call metadata (duration, timestamps, status) but do not record or store audio content of browser-based calls.
Message content from inbound and outbound SMS/MMS is stored in your account database for operational purposes (inbox management, reporting). Message content is retained as described in Section 8. You are responsible for the content of all messages sent using our platform and for ensuring recipient consent.
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Your continued use of NumeraLoop after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree, please discontinue use and delete your account.
For any questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us:
This Privacy Policy is effective as of April 16, 2026 (Version 2.0). By using NumeraLoop, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.