Logo NumatoV3
NUMATO
CMS

Privacy Policy

Learn what data we collect and how we care for your privacy at numato.pl.

Privacy Policy for https://numato.pl

Last updated: 2026-05-31

§1 Data Controller and contact

  1. The controller of personal data (within the meaning of the GDPR) is Julia Kunikowska, a natural person conducting unregistered business activity (Article 5 of the Polish Entrepreneurs' Law), ul. Stanisława Staszica 3/11, 81-198 Pogórze, Polska.
  2. The Controller can be contacted, including on all matters relating to personal data, by e-mail: [email protected].
  3. The Controller has not appointed a data protection officer.

§2 General principles

  1. This Policy describes what data we process, for what purpose and on what legal basis, to whom we entrust it and how long we keep it.
  2. Data reaches the Controller's server only when the User chooses to save a calculation to an Account, order a Product, request a Free Excerpt, subscribe to the Newsletter or contact us. The Calculator itself runs solely in the browser (see §3).

§3 Free Numerology Calculator

  1. Data entered into the Calculator (first names, last names, dates of birth) is processed solely in the User's browser (e.g. in IndexedDB storage) and is not sent to the Controller's server.
  2. The Controller has no technical means of accessing data stored locally in the User's browser.
  3. The User may delete this data at any time using the Service's features or by clearing browser data.

a) Free Excerpt (sent by e-mail)

  • Data: e-mail address, first name, date of birth and data needed to prepare the excerpt; technical data related to abuse protection (anti-bot mechanism).
  • Purpose and basis: performing the service at the User's request (Article 6(1)(b) GDPR) and, as regards optional consents, Article 6(1)(a) GDPR; protection against bots and abuse — legitimate interest (Article 6(1)(f) GDPR).
  • Retention: data for a single delivery (intent, activation link) — briefly, approx. 24 hours; other data — according to its basis (e.g. Newsletter subscription — until consent is withdrawn).

b) Purchase of a Digital Product

  • Data: first and last name, date of birth, e-mail address, optionally invoicing details, and transaction data.
  • Purpose and basis: conclusion and performance of the contract (Article 6(1)(b) GDPR); compliance with legal obligations, including tax and accounting (Article 6(1)(c) GDPR); establishing, pursuing or defending claims (Article 6(1)(f) GDPR).
  • Retention: for the duration of the contract and then for the period required by tax law and until the limitation periods for claims expire.

c) User Account

  • Data: e-mail address, password as a hash, display name, preferred language, history of calculations and orders, and data related to sign-in security (IP address, browser/device identifier, timestamps, e-mail verification and password reset tokens, information about login attempts).
  • Purpose and basis: providing the Account service (Article 6(1)(b) GDPR) and security and abuse prevention (Article 6(1)(f) GDPR).
  • Retention: until the Account is deleted (on request), subject to periods resulting from legal obligations and the limitation of claims; verification/reset tokens — short-term (approx. 24 hours).

d) Newsletter

  • Data: e-mail address and preferences (language, currency); sign-up IP address.
  • Purpose and basis: the User's consent (Article 6(1)(a) GDPR).
  • Retention: until consent is withdrawn (unsubscription).

e) Chat and e-mail contact

  • Data: content of the correspondence and technical data.
  • Purpose and basis: handling enquiries and communication with the User — legitimate interest (Article 6(1)(f) GDPR).

f) Logs and security

  • Data: IP address, browser/device identifier, information about downloads and payments (e.g. date, country).
  • Purpose and basis: security, diagnostics and defence of claims (Article 6(1)(f) GDPR) and, as regards payments, legal obligations (Article 6(1)(c) GDPR).

§5 Data recipients (processors)

To provide the services, the Controller uses trusted providers that process data on its behalf:

  • hostido.net.pl (Poland) – hosting of the Service, database, and storage and generation of files (PDF);
  • Autopay S.A. (Poland) – online payment handling (full details in the Terms of Service);
  • Google (Google LLC / Google Ireland Ltd.) – generative artificial intelligence (Gemini) creating the report content, and Google Analytics 4 (analytics and conversion measurement);
  • Browserless (USA) – generation of PDF files;
  • Deno Deploy (Deno Land Inc., USA) – hosting of part of the services (API);
  • Tawk.to (tawk.to inc., USA) – live chat;
  • Cloudflare, Inc. (USA) – bot protection (Turnstile).

The providers act on the basis of data processing agreements and are obliged to protect the data.

§6 Transfers outside the EEA

  1. Some providers (including Google, Browserless, Deno Deploy, Tawk.to, Cloudflare) process data in the United States, which may involve transferring data outside the European Economic Area.
  2. Transfers take place on the basis of the mechanisms provided for in the GDPR (Articles 44–49), in particular a European Commission adequacy decision (Data Privacy Framework) or standard contractual clauses (SCC).
  3. You can obtain more information about the safeguards applied by contacting the Controller.

§7 Cookies and analytics

  1. The Service uses cookies and similar technologies. Details are described in the Cookie Policy available on the Service.
  2. Analytics and marketing tools (including Google Analytics 4) are activated only after consent is given in the cookie banner (Google Consent Mode).
  3. For conversion measurement (Enhanced Conversions), data may be sent to Google in a pseudonymised — hashed form, e.g. an e-mail address or phone number. This data is not fully anonymous — it allows Google (USA) to match events (see §6).
  4. Consent can be changed or withdrawn at any time using the "Cookies" button in the Service's footer.

§8 Automated decision-making and profiling

  1. The content of the Product (report) is generated automatically, with the help of artificial intelligence tools, based on the data provided by the User.
  2. This process serves solely to create the ordered content and does not produce legal effects concerning the User or similarly significantly affect the User within the meaning of Article 22 GDPR.

§9 Rights of data subjects

  1. You have the rights to: access your data, rectification, erasure, restriction of processing, portability of data, objection to processing based on a legitimate interest and — for data processed on the basis of consent — withdrawal of consent at any time (without affecting the lawfulness of processing prior to withdrawal).
  2. You can exercise some of these rights yourself in the Account panel (editing data, enabling/disabling the Newsletter, deleting individual calculations). Other requests, including deletion of the Account, should be sent by e-mail to: [email protected].
  3. You have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

§10 Voluntary provision of data

Providing data is voluntary but necessary to use certain features: the conclusion and performance of a contract (order, Account) or the provision of consent-based services (Newsletter). Failure to provide the data will make it impossible to use the given feature.

§11 Data security

The Controller applies technical and organisational measures appropriate to the risk, in particular encryption of transmission (HTTPS), storage of passwords as hashes, and limiting the number of login attempts.

§12 Changes to the Policy

The Policy may be updated. The date of the last update is indicated at the top of the document; the current version is always available on the Service.

Stay up to date with numerology

Subscribe to our newsletter and receive numerology tips, news and exclusive promotions.

Your data is safe. You can unsubscribe at any time.