← Back to Numlytix

Privacy Policy

Last updated: May 2025  ·  We keep this simple and honest

1. Who We Are

Numlytix is an engineering and statistical analysis platform. We can be reached at numlytix@outlook.in.

2. What Data We Collect

Data	When	Why	Stored Where
Email address	Account sign-up	Login & account recovery	Supabase (PostgreSQL)
Name	Account sign-up	Display in UI	Supabase (PostgreSQL)
Hashed password	Account sign-up	Authentication (PBKDF2-SHA256, salted — never stored in plain text)	Supabase (PostgreSQL)
Session token	Login	Keep you logged in for 30 days	Supabase + browser cookie/localStorage
API call logs	Every analysis run	Usage analytics for admin dashboard	Supabase (PostgreSQL)
Usage time	Active session	Admin usage reports (minutes per session)	Supabase (PostgreSQL)
IP address	Login / API calls	Security logging	Supabase (PostgreSQL)
Worksheet data	During analysis	Sent to our API to compute results	Not stored — processed and discarded immediately

3. What We Do NOT Collect

• No advertising or marketing tracking
• No third-party analytics (no Google Analytics, Meta Pixel, etc.)
• No device fingerprinting
• No selling of data to third parties — ever
• No storing of your analysis data or worksheet contents

4. How We Use Your Data

• Authentication — to verify your identity and maintain your session
• Account management — to manage your plan (free/premium) and access rights
• Password reset — to send OTP codes when requested
• Admin analytics — aggregate usage statistics visible to platform administrators only
• Security — IP logs to detect abuse or suspicious access

5. Data Sharing

We share data with the following sub-processors only:

• Supabase (database hosting) — your account data is stored on Supabase's PostgreSQL infrastructure
• Vercel (hosting) — your requests pass through Vercel's serverless infrastructure

No other third parties receive your personal data.

6. Cookies & Local Storage

See our Cookie Settings page for full details. In summary:

• numlytix_token (HTTP cookie, 30 days) — authentication session
• numlytix_token (localStorage) — same token, stored client-side for use across page navigations
• No advertising cookies. No tracking cookies. No third-party cookies.

7. Data Retention

• Account data: retained until you request deletion
• Session tokens: expire after 30 days automatically
• API logs: retained for up to 12 months for analytics
• OTP tokens: expire after 10–15 minutes and are marked used

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your account and associated data
• Export your data

To exercise any of these rights, email numlytix@outlook.in. We will respond within 30 days.

9. Security

Passwords are hashed using PBKDF2-SHA256 with 260,000 iterations and a unique random salt per user — they are never stored in plain text. Database connections use TLS. Session tokens are cryptographically random (256-bit).

10. Changes to This Policy

We may update this policy occasionally. We'll update the date above and, for significant changes, notify registered users by email.

11. Contact

Privacy questions: numlytix@outlook.in