Privacy Policy

Last updated: 18 June 2026

In short

This Privacy Policy explains how Numina processes your personal data. We are the data controller when we process information about you as a visitor, contact or customer and in order to comply with legal requirements (including the Anti-Money Laundering Act and the Bookkeeping Act). When we keep your books, we process the data in your accounting materials as a data processor on your behalf — this is governed by our data processing agreement. Our bookkeeping and AI processing take place in the EU.

You have a number of rights over your data — see section 6 — and you can always contact us at support@numina.app or lodge a complaint with the Danish Data Protection Agency.

We use Your personal data to provide and improve our services, as described below.

1. Introduction

Numina Regnskab ApS, based in Denmark with Business Reg. No.: 46553705 (“Numina”) is the data controller for the processing of your personal data as described below. For certain processing, Numina acts as a data processor on behalf of its customers, cf. sections 1.1 and 2.4. Below, Numina has provided an overview of the processing activities in which personal data are processed, including among others the purpose thereof and the legal basis.

If you have any questions about this Privacy Policy (“Privacy Policy”) or you wish to exercise your data subject rights pursuant to Chapter III of the General Data Protection Regulation (“GDPR”) and according to section 6 of this Privacy Policy, please contact Numina by email at support@numina.app.

Data controller

Numina Regnskab ApS
Kanonbådsvej 2, 1437 Copenhagen K
Business Reg. No.: 46553705
Email: support@numina.app
Phone: +45 71 74 86 86

1.1. Our two roles: data controller and data processor

Depending on the processing, Numina acts in two different roles:

  • Independent data controller: Numina is the data controller for personal data about website visitors, contact persons and enquiries, for customer administration and invoicing, for compliance with legal obligations (including the Anti-Money Laundering Act and the Bookkeeping Act), and for the establishment, exercise or defence of legal claims.
  • Data processor: When Numina keeps your books, we process the personal data contained in your accounting materials (e.g. about your company’s customers, suppliers and employees) on your behalf and on your instructions. For this processing you are the data controller and Numina is the data processor. The processing is governed by a data processing agreement.

2. Categories of Personal Data, Purpose, and Legal Basis

2.1. Website Visitors

When you visit Numina’s website, https://numina.app/, Numina processes personal data about you, for example cookies and your IP address. The purpose of using cookies is to improve your user experience on Numina’s website, to provide functionality, to generate statistics and to remember your preferences.

The legal basis for processing your personal data in this connection is your consent, which you will be asked to give when you visit the website, cf. Art. 6(1)(a) GDPR.

In certain cases, the legal basis for processing your personal data is Numina’s legitimate interests, and it is Numina’s assessment that our legitimate interests outweigh your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) GDPR. The legitimate interests pursued are to provide you with a website that functions optimally, a good website experience and marketing activities.

You can read more about our use of cookies, and how you give and change your consent, in our Cookie & Privacy Policy.

2.2. Contact Person at a Customer, Supplier or Other Business Partner

As a contact person at a customer, supplier or other business partner, Numina processes your personal data when you communicate with Numina, e.g. via emails in connection with Numina’s existing contractual relationship with the company you are employed by, or in connection with the conclusion or termination of a contract. Numina processes ordinary personal data about you, including your name, email address, telephone number, position, etc.

The legal basis for such processing of your personal data is that the processing is necessary for the legitimate interests pursued by Numina, and it is Numina’s assessment that our legitimate interests outweigh your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) GDPR. Numina’s legitimate interests are the fulfilment of our contractual obligations, maintaining and improving customer relationships, invoicing between your company and Numina, communicating with you about our services, and for documentation purposes if you agree matters relating to our services in writing via email.

In some cases, processing personal data is necessary to comply with a legal obligation to which Numina is subject, for example in connection with the obligation to retain accounting materials under the Danish Bookkeeping Act. In that case, the legal basis for the processing is Art. 6(1)(c) GDPR.

2.3. Enquiries via Chat Function and Help Centre

If you send an enquiry regarding Numina’s services via Numina’s chat function or Help Centre, Numina will process personal data about you, e.g. your IP address, geographic location, possible reactions to our ads and the personal data you include in your enquiry, e.g. name, email address and telephone number.

The legal basis for processing personal data is Numina’s legitimate interests, and it is Numina’s assessment that our legitimate interests outweigh your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) GDPR. The legitimate interests pursued are to provide customer support by answering enquiries and business development.

2.4. Customers and Users of Numina’s Accounting Services and Platform

When you become a customer and use Numina’s accounting services and platform, we process personal data about you and your company. This is necessary in order to provide our services to you, including our AI-driven bookkeeping. In addition to the information you give us yourself, we collect information from sources other than you: from your bank via our PSD2 provider Enable Banking (bank transactions), from your connected email and document account (e.g. Gmail via Google) and from public registers, including the Central Business Register (CVR) and the Danish Business Authority.

The data we process includes:

  • Company Information: Company name, address, business registration number (CVR), and other company details required for setup.
  • User Account Information: Your name, email address, telephone number and password to secure your account access.
  • Financial Data: We process financial data when you connect your sources to our platform. This includes:
    • Bank transactions from your connected bank accounts.
    • Data from invoices, receipts and other documents you upload, or that we retrieve from your connected email account (e.g. Gmail). This may include information about your suppliers and customers.
  • Data generated on the platform: Information you generate while using the service, such as customer invoices, expense reports and bookkeeping entries.
  • Tax and VAT information: Data required for VAT filings and other tax-related filings that we prepare and submit on your behalf via the platform, including data for integration with the Danish Tax Agency (SKAT).

Your accounting materials may contain personal data about your company’s own customers, suppliers and employees. We process this personal data as a data processor on your behalf, cf. section 1.1, and the processing is governed by a data processing agreement. Any use of this data to improve our services and AI takes place solely on the basis of your documented instruction in the data processing agreement and only in the form of anonymised and aggregated data that no longer identifies any individual. For data we receive via Google services (e.g. Gmail), the specific restrictions in section 2.6 also apply.

Purpose and Legal Basis

The primary purpose of processing this data is to provide our accounting services and the functionalities of our platform. The processing is based on the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR): Most of our processing is necessary to fulfil the agreement we have with you when you become a customer of Numina. This includes keeping your books, giving you access to the platform, and handling invoicing, expense management and filings.
  • Legal obligation (Article 6(1)(c) GDPR): We are required to process and store certain data to comply with legal obligations, most notably the Danish Bookkeeping Act (Bogføringsloven) and the Anti-Money Laundering Act (Hvidvaskloven).
  • Legitimate interests (Article 6(1)(f) GDPR): For personal data that We process as a data controller (e.g. about users of the platform), We may process data for Our legitimate interests, such as developing new features and ensuring the security of the platform, where those interests are not overridden by Your interests or fundamental rights. You may object at any time under Article 21.

2.5. Anti-Money Laundering and Identification

As part of our obligations under the Anti-Money Laundering Act, cf. section 6 of the Terms of Service, Numina processes, as data controller, information about you, your company and its beneficial owners — including name, address, identity information and a copy of identification — and carries out PEP and sanctions screening.

As part of customer due diligence and ongoing monitoring, we apply a risk assessment, including an in-house weighted risk-scoring model (profiling). The model weights, among other things, the company’s industry, ownership and control structure, geography, product and transaction types and the result of PEP and sanctions screening in order to assign a risk level under the Anti-Money Laundering Act. The risk score supports our case handling but does not in itself make a decision about you: a caseworker always reviews the result and makes the final decision (e.g. whether to obtain further information or to approve or decline a business relationship). It is therefore not a decision based solely on automated processing, cf. section 6.7.

The legal basis is that the processing is necessary to comply with a legal obligation, cf. Art. 6(1)(c) GDPR, as well as national law regarding any civil registration (CPR) numbers.

We retain the information for 5 years after the business relationship ends and then delete it, unless otherwise required by law. The information is used solely to meet our obligations under the Anti-Money Laundering Act.

We may be obliged under the Anti-Money Laundering Act to investigate and report suspicious circumstances to the authorities without informing you, cf. section 6 of the Terms of Service. Your rights (section 6 below) may therefore be limited for information we process under the Anti-Money Laundering Act.

2.6. Google User Data and Limited Use Policy

Numina’s use and transfer of information received from Google APIs to any other application will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

If you choose to connect your Google account (e.g. to scan receipts via Gmail or the Google Sheets integration), the following specific restrictions apply to the data obtained via these permissions (“Google User Data”):

  • No Training of Generalized AI: We do not use Google User Data to train, retrain or improve generalized artificial intelligence and/or machine learning models. Our AI features use your data solely for inference (e.g. extracting data from a specific receipt) in order to provide the service to you.
  • Limited Use of Data: We only use Google User Data to provide or improve user-facing features that are prominent in the Numina application’s user interface.
  • No Transfer to Third Parties: We do not transfer Google User Data to third parties except as necessary to provide or improve these user-facing features, solely for security purposes (e.g. investigating abuse), to comply with applicable law, or as part of a merger, acquisition or sale of assets.
  • No Advertising: We will never use or transfer Google User Data for advertising, including retargeting, personalized or interest-based advertising.
  • Human Access: Humans (Numina employees or contractors) do not read your Google User Data unless:
    • You have given us explicit, specific consent to help you resolve a support issue;
    • It is necessary for security purposes (e.g. investigating a bug or abuse);
    • It is necessary to comply with applicable law; or
    • The data has been aggregated and anonymized for internal use.

3. Recipients of your personal data

Certain recipients process personal data on behalf of Numina and may only process your personal data in accordance with documented instructions from Numina and the further terms and conditions set out in a data processing agreement entered into with Numina. These data processors are not permitted to process your personal data for their own purposes. We use data processors, including providers of hosting, AI, communications (e.g. Google Workspace for email), product analytics and secure bank access. Where we are the data controller, we use, among others, PostHog (product analytics and web statistics) and Vercel (website hosting). Our platform is developed and operated by our affiliated parent company, Numina Technologies ApS (reg. no. 44991225), which supplies the platform to Numina and acts as a sub-processor in that respect. An up-to-date list of the sub-processors that process personal data on your behalf (when we keep your books) is set out in our data processing agreement.

We may also disclose personal data to public authorities, including the Danish Tax Agency (Skattestyrelsen) and the Danish Business Authority (Erhvervsstyrelsen) as part of filings on your behalf, and to the Danish Money Laundering Secretariat (Hvidvasksekretariatet) where we are required to do so. In the event of non-payment, we may disclose information to credit reference agencies.

4. Data Storage

By using our services covered by this privacy policy, you understand and acknowledge that your personal information will be transferred from your location to our facilities and servers in the EU/EEA. Our bookkeeping and AI processing take place on Microsoft Azure data centres in the EU. To the extent a processor (e.g. for website hosting or product analytics) processes data outside the EU/EEA, this takes place on a valid transfer basis under Chapter V of the GDPR, such as the European Commission’s Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework.

5. Retention of your personal data

Numina will only retain your personal data for as long as is deemed necessary to fulfil the purposes of processing your personal data.

Website visitors

Personal data collected via cookies when using our website is retained for different periods depending on the purpose.

Personal data such as your IP address will be retained for as long as is deemed necessary and will be deleted no later than 1 year after your last visit to our website.

Contact person

If you are a contact person at a customer, supplier or other business partner, Numina will retain personal data about you for as long as Numina communicates with you because you are Numina’s point of contact, 3 years after the end of the contractual relationship, or until it is no longer necessary for the establishment, exercise or defence of a legal claim.

Enquiries via chat function and Help Centre

Enquiries from potential customers will be deleted 1 year after the enquiry has been resolved, unless it is deemed necessary to retain such enquiries for documentation purposes, e.g. due to a dispute, including for the establishment, exercise or defence of legal claims.

Enquiries from existing customers will be deleted 3 years after the end of the contractual relationship, unless it is deemed necessary to retain such enquiries for documentation purposes, e.g. due to a dispute, including for the establishment, exercise or defence of legal claims.

Customers of Numina

If you are a customer of Numina, we retain your personal data for as long as you have an active account. On termination, we retain accounting materials and identification information for the statutory periods, cf. the sections on accounting materials and anti-money laundering below, and delete other information when it is no longer necessary.

Accounting materials

Numina will retain your personal data to the extent necessary for bookkeeping purposes, such as personal data related to invoicing. Such personal data will be retained for a period of 5 years from the end of the financial year to which the accounting materials relate. The purpose is to comply with the legal obligation under the Danish Bookkeeping Act.

Anti-money laundering and identification

Identification and control information obtained under the Anti-Money Laundering Act is retained for 5 years after the business relationship ends and is then deleted, unless otherwise required by law.

6. Your Rights

Numina has implemented a number of measures to protect your personal data and ensure your rights. As a data subject, you may exercise the rights set out below. However, some of the rights only apply under certain circumstances.

The Danish Data Protection Agency (Datatilsynet) has prepared guidance regarding data subjects’ rights. The guidance can be accessed here.

6.1. Right of Access

You have the right to request access to, including the provision of a copy of, the personal data that Numina processes about you, as well as the right to receive information about:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries and, in that connection, the necessary measures taken prior to the transfer;
  • the envisaged retention period or the criteria used to determine that period;
  • the existence of the right to request rectification, erasure, restriction or objection to the processing of your personal data, including in particular the processing of personal data in connection with direct marketing purposes;
  • the right to lodge a complaint with the Danish Data Protection Agency;
  • where your personal data have been obtained, if the data have not been collected from you; and
  • the existence of automated decisions, including profiling, and at a minimum meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

6.2. Right to Rectification

You have the right to have inaccurate personal data about yourself rectified, as well as the right to request the completion of incomplete personal data about you.

6.3. Right to Erasure (“the right to be forgotten”)

Under certain circumstances, you have the right to have personal data erased by Numina, for example if the processing is based on your explicit consent and you withdraw that consent.

6.4. Right to Restriction of Processing

You have the right to restrict Numina’s processing of your personal data, for example if you dispute the accuracy of the personal data.

6.5. Right to Data Portability

Where our processing of your personal data is carried out automatically and is based on your consent or a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and the right to transfer this personal data to another data controller, where this is technically feasible.

6.6. Right to Object

You have the right, on grounds relating to your particular situation, to object at any time to our processing of your personal data based on point (e) or (f) of Art. 6(1) GDPR. This applies at any time where personal data are processed for direct marketing purposes.

6.7. Right not to be subject to automated individual decisions

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

As part of customer due diligence under the Anti-Money Laundering Act, we apply a weighted risk-scoring model (profiling), cf. section 2.5, but a caseworker always makes the final decision. We do not use automated decisions that produce legal effects or similarly significant effects for you.

6.8. Right to withdraw consent

If you have given us your consent to the processing of your personal data, you have the right to withdraw such consent at any time. However, withdrawal of your consent will not affect the lawfulness of the processing of your personal data based on consent before the withdrawal.

Please note that your rights may be limited where we are legally required to process or retain information, e.g. under the Anti-Money Laundering Act and the Bookkeeping Act. For personal data that we process as a data processor on behalf of a customer, you should contact the relevant data controller (our customer).

7. Questions and complaints

If you have questions regarding this privacy policy, wish to exercise your rights as mentioned above, or you disagree with the way Numina processes your personal data, you can contact Numina using the contact details in section 1 of this privacy policy.

You can also lodge a complaint with the Danish Data Protection Agency (Datatilsynet), which is an independent public authority responsible, among other things, for monitoring and enforcing the application of the GDPR. The Danish Data Protection Agency’s contact details are available on their website: www.datatilsynet.dk.

8. Changes to this privacy policy

This privacy policy will be updated and amended periodically, as well as when necessary due to changes in applicable data protection law and practice, and Numina therefore recommends that you stay informed of such changes.