What we keep, and what we don't.

Numen is a memory tool. To do its job, it stores what you tell it. That makes us responsible for treating that information with more care than most apps need to. This page describes what we collect, why, where it goes, and the rights you have over it. We try to write in plain English; if anything is unclear, write to hello@numen.to and a human will answer.

The data controller is Bulrosa OÜ, registration code 14681340, registered at Kiriku tn 6, 10130 Tallinn, Harjumaa, Estonia. “Numen”, “we”, and “our” refer to Bulrosa OÜ. “You” means the person using the service.

The promises

Three things to get out of the way first, because they shape everything below.

• We do not sell your data. We do not share it with advertisers, data brokers, or any third party for their own purposes. The companies listed below process data only on our behalf, under contract.
• We do not train models on your content. Your memos and conversations are not used to train our models, and our AI providers are configured not to train on your data either.
• Your data is encrypted in transit and at rest. All traffic to Numen runs over TLS. Stored data sits on encrypted disks managed by our infrastructure providers.

What we collect

Account information. Email address, name, hashed password, timezone, and any profile details you fill in. You give us this when you sign up or update your settings.

Your content. The memos you save (notes, reminders, events, contacts, secrets), the conversations you have with the agent, the links the agent draws between them, and any attachments you upload. This is the heart of what Numen stores, and it is yours.

Billing information. If you subscribe, our payments processor (Stripe) collects and stores your card details on its own systems. We receive a limited record — your plan, billing email, country, last four digits of the card, and renewal status — but we never see or store full card numbers.

Technical data. IP address, browser or device type, operating system, app version, timestamps, and similar information that is generated whenever anyone uses an internet service. We use this for security, debugging, and rate-limiting.

Product analytics. Anonymised or pseudonymised events about how features are used (which pages are visited, which buttons are clicked) so we know what to improve. Memo contents and chat contents are never sent to analytics.

Error reports. When something breaks, our error monitoring records the stack trace, the route, and a user identifier so we can fix it. We try not to capture content, but a payload may occasionally contain small fragments; we treat anything that shows up there as confidential.

Push notifications. If you turn on notifications, your browser or device gives us a push subscription endpoint. We use it only to send the notifications you asked for.

How we use it

We use your information to run the service: to authenticate you, store your memos, generate replies, surface reminders and scheduled nudges, send transactional email, take payment, keep the service safe from abuse, and answer support requests. We also use aggregated, non-identifying metrics to understand how Numen is doing as a product. We don't use your content for anything else.

Legal bases (for users in the EEA / UK)

We rely on the performance of a contract for the things you need us to do to run the service; on legitimate interests for security, fraud prevention, and product improvement; on consent for push notifications and any optional analytics where consent is required; and on legal obligation for tax records and similar.

Who processes data on our behalf

Numen relies on a short list of providers, each bound by a data-processing agreement. They process data on our instructions only.

• Anthropic — provides the language model that powers the agent. Your chat messages and the memo context relevant to a reply are sent to Anthropic to generate a response. Anthropic does not train its models on data sent through its API.
• Stripe — handles subscriptions, card processing, invoices, and tax.
• PostHog — product analytics. Receives event metadata, never memo or chat content.
• Sentry — error monitoring. Receives stack traces and a user identifier.
• Hosting and email providers — our cloud infrastructure provider stores the database and serves the application; our transactional email provider delivers system emails (sign-in links, receipts, etc.).

International transfers

Bulrosa OÜ is established in Estonia, but the servers that store and process your data are located in the United States, as are several of our processors (including Anthropic, Stripe, PostHog, and Sentry). When personal data is transferred from the EEA, the UK, or Switzerland to the United States, the transfer is governed by the European Commission's Standard Contractual Clauses (and UK / Swiss equivalents), together with the supplementary technical and organisational measures recommended by the European Data Protection Board. Where a recipient is certified under the EU–US Data Privacy Framework (and its UK and Swiss extensions), we also rely on that framework.

How long we keep it, and how to leave

We keep your account and content for as long as your account is active. When you delete an item, it goes to the trash and can be restored; trash is permanently purged within 30 days.

You can delete your account at any time, directly from inside the app, at Settings → Account → Danger zone → Delete my account. This is available in both the web app and the iOS app. Deletion is permanent and logs you out immediately. You can also export everything you've saved from the same page (“Export all my data”).

After you delete your account, your personal data and content are removed from active systems within 30 days, except where we are required to retain limited records for tax, accounting, or legal reasons (typically 7 years for invoices). Backups are overwritten on a rolling cycle and any residual copies expire within 90 days.

Your rights

Wherever you live, you can email hello@numen.to to access, correct, export, or delete your data, or to ask us to stop processing it. We aim to respond within 30 days.

If you are in the EEA, the UK, or Switzerland, you have the right of access, rectification, erasure, restriction, portability, and objection under the GDPR (and UK / Swiss equivalents), and the right not to be subject to decisions based solely on automated processing that have legal or similarly significant effects. You also have the right to lodge a complaint with a supervisory authority; ours is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

If you are in California or another US state with a comprehensive privacy law, you have the right to know what we collect, to correct it, to delete it, to data portability, and to opt out of any sale or sharing for cross-context behavioural advertising. We do not sell personal information and we do not share it for cross-context behavioural advertising; nonetheless these rights are available to you. We will not discriminate against you for exercising them.

Security

We protect data with encryption in transit (TLS), encryption at rest, scoped access controls, hashed passwords, short-lived authentication tokens, audited dependencies, and regular backups. No system is unbreakable; if we ever discover a breach that affects you, we will tell you promptly and tell the relevant regulator within the timeframes the law requires.

Children

Numen is not designed for, or directed to, children under 16. If you believe a child has provided us with personal data, email hello@numen.to and we will delete it.

Cookies and similar

Numen uses a small number of strictly necessary cookies (and similar local storage) to keep you signed in and remember your preferences. We do not use advertising cookies. Optional analytics is loaded only where consent is required and given.

Changes

We may update this policy from time to time. When we make a material change, we will notify you by email or in the app at least 14 days before it takes effect. The “last updated” date at the top always reflects the current version.

Contact

Bulrosa OÜ, registration code 14681340, Kiriku tn 6, 10130 Tallinn, Harjumaa, Estonia. For any question about this policy or your data, write to hello@numen.to.