Privacy Policy

Numezis SA (hereinafter "Numezis", "we", "us", or "our"), a Swiss public limited company headquartered in Geneva, is the controller of your personal data. For any privacy-related questions, to exercise your rights, or to contact our Data Protection Officer (DPO), you can reach us at: Email: privacy@numezis.ch Mail: Numezis SA, Data Protection Department, Geneva, Switzerland.

We process your personal data only when authorized by law: • Performance of Contract: To provide access to the Numezis platform and perform the subscribed SaaS services. • Legal Obligations: To satisfy our Swiss accounting, tax, and regulatory obligations. • Legitimate Interests: To improve the security of our services, prevent fraud, optimize user experience, and ensure business continuity. • Consent: When you have expressly consented to specific processing (e.g., to receive our newsletter or use certain experimental AI services).

Numezis collects the data necessary to provide excellent service: 3.1 Account and Profile Data First name, last name, professional email address, phone number, job title within the company, encrypted login credentials. 3.2 Operational and Business Data (Customer Content) All data you upload or generate on the platform: invoices, bank statements, HR data, contracts, accounting entries. This data remains your exclusive property. 3.3 Technical and Browsing Data IP address, browser type, operating system, device identifiers, log data, pages viewed, and time spent on the platform. 3.4 AI-Derived Data Metadata generated while using our AI agents for task automation, to improve the relevance of results for your organization (strict isolation per customer).

Your data is used for the following specific purposes: • Access Management: Creation and maintenance of your user account and company space. • Service Provision: Accounting processing, HR automation, document management, and AI workflow execution. • Technical Support: Personalized assistance and incident resolution. • Security: Intrusion detection, cyberattack prevention, and securing transactions. • Communication: Critical service information, security updates, and, if accepted, news about our innovations. • Analysis and R&D: Anonymized improvement of our algorithms and interface ergonomics.

Swiss digital sovereignty is one of our fundamental pillars. • Storage: All your business and personal data is stored exclusively on highly secure servers physically located in Switzerland. • International Transfers: Numezis does not transfer your data outside Switzerland or the European Economic Area (EEA). Should an exceptional transfer to a third country without an adequate level of protection occur, it would be governed by standard contractual clauses approved by the Federal Data Protection and Information Commissioner (FDPIC).

We apply bank-grade security standards: • Encryption: All communications are protected by TLS (Transport Layer Security) protocol. Data at rest is encrypted with state-of-the-art algorithms (AES-256). • Isolation: Multi-tenant architecture with strict logical and physical data partitioning between our customers. • Authentication: Support for multi-factor authentication (MFA) and SSO (Single Sign-On) integration. • Audit: Continuous monitoring of access logs and regular penetration tests performed by independent third parties. • Personnel: Restricted access to customer content for our staff, limited to what is strictly necessary for technical support and subject to rigorous confidentiality agreements.

We retain your data only for the duration necessary for the purposes for which it was collected: • Account Data: For the entire duration of your contract and up to 12 months after its termination, unless early deletion is requested. • Accounting and Tax Documents: Retained for 10 years in accordance with Swiss legal obligations (Code of Obligations). • Technical Data: Retained for between 30 days and 6 months for security and analysis reasons.

Numezis never sells, rents, or trades your personal data for commercial purposes. We collaborate with trusted sub-processors for specific services: • Infrastructure hosting (in Switzerland). • Transactional email delivery services. • Technical diagnostic tools. Each sub-processor is subject to a Data Processing Agreement (DPA) guaranteeing a level of protection at least equivalent to that of Numezis.

As a user, you have extensive rights over your data: • Right of Access: Obtain a copy of the data we hold about you. • Right to Rectification: Request the correction of inaccurate data. • Right to Erasure (Right to be Forgotten): Request the deletion of your data, subject to legal retention obligations. • Right to Restriction: Temporarily suspend the processing of your data. • Right to Portability: Receive your data in a structured, machine-readable format. • Right to Object: Object at any time to the processing for reasons related to your particular situation. To exercise these rights, contact us at privacy@numezis.ch. In the event of a dispute, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland or the data protection authority of your country of residence.