Privacy Policy

1. Introduction

NumeraLoop ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our phone number management platform.

2. Information We Collect

2.1 Personal Information

• Email address (for authentication)
• Name (for your user profile)
• Payment information (processed securely through third-party processors)

2.2 Twilio Credentials

To provide our services, we store:

• Twilio Account SID
• Twilio Auth Token (encrypted at rest using AES-256 encryption)
• Twilio API Keys (encrypted at rest using AES-256 encryption)
• TwiML Application SIDs

Security: All sensitive credentials are encrypted using industry-standard encryption (AES-256) and are never transmitted to your browser or exposed in any client-side code.

2.3 Phone Number Data

• Connected Twilio phone numbers
• Forwarding configurations (destination numbers)
• Phone number settings and preferences

2.4 Activity Data

• Call and SMS forwarding logs (phone numbers, timestamps, status)
• Usage statistics and analytics
• Browser calling session data

2.5 Technical Data

• IP addresses (for security purposes)
• Browser type and version
• Device information
• Access times and dates

3. How We Use Your Information

• To provide and maintain our phone number management services
• To process call and SMS forwarding requests
• To authenticate and authorize access to your account
• To communicate with you about service updates and support
• To monitor and analyze usage patterns to improve our services
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with the following third parties to provide our services:

• Twilio: For telephony services (call and SMS forwarding). Your credentials are used to interact with your Twilio account on your behalf.
• Supabase: For database hosting and authentication services.
• Payment Processors: For processing subscription payments (we do not store credit card details).

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests from authorities.

4.3 What We Don't Do

• We do NOT sell your personal information to third parties
• We do NOT use your data for advertising purposes
• We do NOT share your credentials with anyone except the services you explicitly configure

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption at Rest: Sensitive credentials are encrypted using AES-256 encryption
• Encryption in Transit: All data transmission uses TLS/SSL encryption
• Access Controls: Role-based access control (RLS) ensures users can only access their own data
• Secure Authentication: Industry-standard authentication with secure password hashing
• Audit Logging: All sensitive operations are logged for security monitoring

6. Data Retention

• Activity Logs: Retained for 90 days
• Account Data: Retained while your account is active
• Deleted Account Data: Permanently deleted within 30 days of account deletion request
• Backup Data: May be retained in encrypted backups for up to 90 days

7. Your GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of your personal data (use "Export My Data" in Settings)
• Right to Rectification: Update incorrect or incomplete data through your account settings
• Right to Erasure: Request account deletion (use "Delete Account" in Settings)
• Right to Restrict Processing: Request limitations on how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, visit your Settings page or contact us directly.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

9. Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect information from children.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us: