Legal

Data Access Policy

Last updated: March 2026

Transparency matters. This policy explains exactly what data NuMoon accesses from your connected tools, how we store it, and what we never do with it.

1. What Data NuMoon Accesses

When you connect a tool to NuMoon, we request read-only access to the data needed for analysis. This typically includes:

  • Payment processors (Stripe, Square, etc.): Transaction summaries, revenue figures, subscription metrics, refund rates
  • CRM platforms (HubSpot, Salesforce, etc.): Contact counts, deal pipeline data, conversion rates
  • Advertising platforms (Google Ads, Meta Ads, etc.): Campaign performance, spend data, ROAS metrics
  • Accounting tools (QuickBooks, Xero, etc.): Revenue and expense summaries, cash flow data
  • E-commerce (Shopify, WooCommerce, etc.): Order data, product performance, customer metrics
  • Analytics tools (Google Analytics, Mixpanel, etc.): Traffic data, user behavior, conversion funnels

We never access credit card numbers, bank account numbers, social security numbers, or other sensitive financial credentials. All access is read-only unless you explicitly enable write actions.

2. How Data Is Stored

Your data is protected with multiple layers of security:

  • Encryption at rest: All stored data is encrypted using AES-256, the same standard used by banks and government agencies.
  • Tenant isolation: Your data is logically isolated from every other customer. There is no shared data layer between tenants.
  • OAuth tokens: All integration credentials are encrypted and stored separately from your business data.
  • AI does not train on your data: Your business data is never used to train AI models, improve models for other customers, or shared in any aggregated form. Your data is used exclusively to generate insights for you.
  • Minimal retention: We only store the data necessary to provide the Service. Raw API responses are processed and discarded; only structured, relevant metrics are retained.

3. What NuMoon Does NOT Do

We believe in being explicit about our boundaries:

  • We do not sell your data to third parties, ever
  • We do not share your data with advertisers or data brokers
  • We do not use your data to train AI models for other customers
  • We do not access data beyond what you explicitly authorize
  • We do not store credit card numbers, bank credentials, or passwords from connected services
  • We do not modify data in your connected tools without your explicit approval
  • We do not retain your data after you disconnect an integration or delete your account

4. Disconnecting and Deleting

You are in full control of your data at all times:

  • Disconnect an integration: Revoke access instantly from your dashboard. We delete all data associated with that integration within 24 hours.
  • Export your data: Request a full export of your data in a structured format at any time.
  • Delete your account: All of your data, including integration data, insights, and account information, is permanently deleted within 30 days of account closure.

You can also revoke NuMoon's access from within the connected service itself (e.g., revoking the OAuth app in Stripe or HubSpot settings).

5. Contact

If you have questions about how we handle your data, please contact us at hassanain@numoon.ai.