numlr← Back to home

Legal

Privacy Policy

Last updated: June 2026

numlr is a financial document workspace for freelancers and small businesses. This policy explains what data we collect, how we use it, and what controls you have over it.

01What we collect

  • Account information: your email address and a hashed password, used to create and authenticate your account.
  • Financial documents: receipts, bills, and invoices you upload. These are stored in Google Cloud Storage and processed by OpenAI's API to extract structured data (vendor, amount, date, category, line items).
  • Expense records: structured data extracted from your documents, plus any manual entries or edits you make.
  • Invoice data: invoices you create, including customer name, email, line items, and payment records.
  • Mileage trips: trip start/end locations, distance, purpose, vehicle, and date.
  • App settings: preferences such as default currency, mileage rate, and saved locations.

02How we use your data

  • To provide the service — AI extraction, expense tracking, invoice management, mileage logging, and exports.
  • To maintain your account and keep your data accessible across sessions and devices.
  • We do not sell your data, use it for advertising, or share it with third parties beyond the service providers listed below.

03Third-party service providers

  • Firebase Authentication (Google) — manages account creation and secure sign-in.
  • Google Firestore — stores your structured data (expenses, invoices, mileage, settings).
  • Google Cloud Storage — stores your uploaded document files.
  • OpenAI — receives the content of uploaded documents to extract billing information. OpenAI's data usage policy applies to API inputs; numlr uses the API under a zero-data-retention agreement where available.

04Data retention

  • Your data is retained for as long as your account is active.
  • You can delete your account at any time from Settings → Account. This permanently deletes all your documents, expenses, invoices, mileage trips, and account information.
  • Uploaded files in cloud storage are deleted as part of account deletion.

05Security

  • All data is transmitted over HTTPS. Passwords are never stored in plain text — authentication is handled by Firebase.
  • Access to your data requires a valid Firebase ID token verified server-side on every request.
  • No internet-based service can guarantee absolute security. Do not upload documents you would not want processed by the AI extraction pipeline.

06Your rights

  • Access & export: you can export your expenses, mileage, and invoice data as CSV, Excel, or PDF at any time from the Exports page.
  • Deletion: deleting your account removes all your data permanently. You can do this from Settings → Account.
  • Correction: you can edit any extracted or manually entered record at any time within the app.

07Cookies & analytics

  • numlr uses only the session cookies required for Firebase Authentication. We do not run third-party analytics trackers or advertising cookies.

08Changes to this policy

  • We may update this policy as the product evolves. The date at the top of this page reflects the most recent revision. Continued use of numlr after a change constitutes acceptance of the updated policy.

09Contact

  • Questions about this policy? Email us at support@numlr.com and we'll respond as quickly as we can.