NumarioSign in

Numario Privacy Policy

Effective date: [DATE] Last updated: [DATE]

Draft prepared for initial site launch and Intuit App Partner production key approval. Placeholders in brackets need to be filled in before this goes live, and this should get a real legal review before Numario connects to any production QuickBooks Online company holding real client data — not just before public launch.

1. Who we are

Numario ("Numario," "we," "us," or "our") is a practice management platform for bookkeeping and accounting firms, operated by Timp Software LLC, located at 775 E 1300 N, Pleasant Grove, UT 84062. This policy explains what information we collect, how we use it, and the choices available to you.

This policy applies to numario.app, getnumario.com, and any Numario mobile applications (collectively, the "Service").

2. Who this policy covers

Numario is used by two distinct groups, and this policy addresses both:

  • Firm users — staff at bookkeeping and accounting firms who sign up for and administer a Numario account on behalf of their firm.
  • Client contacts — individuals at a firm's client businesses who access the Numario client portal via a magic link, typically to respond to task requests, upload documents, or review financial reports.

If you are a client contact, your firm is the party that added you to Numario. Questions about what your firm shares with us, or requests to be removed, should generally start with your firm; see Section 8 for how we handle these requests directly as well.

3. Information we collect

Information you provide directly

  • Account information: name, email, phone number, firm name, role.
  • Client and engagement data firm users enter: client business names, contacts, engagement details, tasks, notes, and internal communications.
  • Documents uploaded to the platform, including receipts, statements, and other files attached to clients or engagements.
  • Payment and billing information, processed via Stripe (see Section 6).

Information from connected services

When a firm connects a client's QuickBooks Online account, we access accounting data through the QuickBooks Online API under the scope the firm authorizes, which may include:

  • Transactions, invoices, bills, and chart-of-accounts data.
  • Vendor, customer, and payee information.
  • Company profile information (business name, address, industry).

We access this data only as needed to power the features the firm has enabled (for example, transaction sync, AI-assisted categorization suggestions, or invoice generation) and do not use QuickBooks Online data for any purpose the firm has not authorized.

Information collected automatically

  • Usage data: pages visited, features used, timestamps, and general interaction patterns within the Service.
  • Device and log data: IP address, browser type, operating system.
  • Cookies and similar technologies, used for authentication (session management) and basic analytics. We do not use cookies for third-party advertising, and Numario does not display ads.

4. How we use information

We use collected information to:

  • Provide, maintain, and improve the Service.
  • Authenticate users and maintain account security.
  • Sync data with connected services (QuickBooks Online, Xero, Plaid) at the firm's direction.
  • Generate AI-assisted suggestions (e.g. transaction categorization), always subject to human review before anything is written back to a connected ledger.
  • Process payments and invoicing through Stripe.
  • Send transactional communications: task notifications, portal access links, billing receipts, and service updates.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell personal information, and we do not use client financial data to train AI models outside the context of the account it belongs to.

5. AI features

Numario uses AI (via the Anthropic Claude API) to assist with tasks such as suggesting transaction categories or drafting communications. Every AI suggestion is logged with an audit trail and requires human review before it is applied to a client's ledger or sent externally. Data sent to our AI provider is used solely to generate the requested output for your account, not to train Anthropic's models, consistent with Anthropic's API terms.

6. How we share information

We share information with:

  • Service providers who process data on our behalf, including Supabase (database and authentication), Stripe (payments), Plaid (bank connectivity), Intuit (QuickBooks Online sync), and Anthropic (AI features). These providers are contractually restricted to using data only to provide services to Numario.
  • The firm you work with or for, since firm staff and client contacts necessarily share a workspace — firm users can see the client data and documents relevant to their engagements, and client contacts can see what their firm has shared with them via the portal.
  • Legal and safety purposes, if required by law, subpoena, or to protect the rights, property, or safety of Numario, our users, or others.
  • In connection with a business transfer, such as a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

We do not share personal information with third parties for their own marketing purposes.

7. Data retention

We retain account and engagement data for as long as an account is active, plus a reasonable period afterward to comply with legal, accounting, or dispute-resolution obligations. Firms can request deletion of their data per Section 8; note that some accounting-adjacent records may be subject to retention requirements independent of a deletion request (for example, audit trail entries tied to financial actions already taken).

8. Your choices and rights

  • Access and correction: firm users can access and update most account and client data directly within the Service.
  • Deletion: you may request deletion of your account or personal information by contacting privacy@numario.app. We will honor these requests except where retention is required by law or legitimate business need (e.g. financial records tied to a completed engagement).
  • Client contacts: if you are a client contact and want to know what information a firm has shared with us about you, or want it removed, contact us directly at privacy@numario.app as well as your firm.
  • California and other state privacy rights: depending on your state of residence, you may have additional rights, including the right to know, delete, or opt out of certain processing. Contact us to exercise these rights.
  • EU/UK/EEA users: if applicable, you may have rights under GDPR including access, rectification, erasure, and data portability. Contact privacy@numario.app.

9. Security

We use industry-standard safeguards, including encryption in transit and at rest, role-based access control, and row-level security scoping so firm data is isolated by tenant. No system is completely secure, and we encourage users to use strong, unique passwords and report any suspected security issue to security@numario.app.

10. Children's privacy

The Service is intended for business use by adults and is not directed to individuals under 18. We do not knowingly collect information from children.

11. International data transfers

[Placeholder — confirm hosting regions with Supabase/Vercel before publishing. If data is processed in the United States and users may be located elsewhere, add a standard cross-border transfer disclosure here.]

12. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new "Last updated" date, and for material changes, we will provide additional notice (such as an email or in-app notification).

13. Contact us

Questions about this policy or our privacy practices:

Timp Software LLC 775 E 1300 N, Pleasant Grove, UT 84062 privacy@numario.app