NUMI is an AI-powered personal health intelligence platform developed and operated by NumentAI ("we," "us," "our," or "the Company"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the NUMI application, website (nument.ai), and related services (collectively, the "Service").
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
| Category | Examples | Purpose |
|---|---|---|
| Account information | Name, email address, date of birth, password or passkey | Account creation, authentication, and security |
| Health profile | Height, weight, biological sex, health goals, dietary preferences, medical conditions you choose to share | Personalize the Service to your body |
| Health logs | Meals, sleep records, exercise, symptoms, mood, hydration, supplements | Track patterns and generate insights |
| Chat messages | Questions, health concerns, lifestyle context provided to the AI assistant | Generate personalized AI responses |
| Feedback | Support requests, bug reports, feature suggestions | Improve the Service |
| Source | Data Types | Your Control |
|---|---|---|
| Wearable devices (Apple Watch, Oura Ring, Whoop, Fitbit, Garmin, etc.) | Heart rate, heart rate variability (HRV), sleep stages, steps, SpO2, skin temperature, respiratory rate | You choose which devices to connect. You may disconnect at any time in Settings. |
| Apple Health / Google Health Connect | Aggregated health metrics from compatible apps | Permissions are granular by category. You choose which categories to share. |
We use the information we collect for the following purposes:
We do not use your personal information for advertising, behavioral profiling for third parties, or any purpose incompatible with those listed above.
NUMI uses generative artificial intelligence, including large language models (LLMs), and machine learning to analyze your health data and generate personalized insights. We believe in transparency about how AI interacts with your information.
NUMI's AI is generative and probabilistic. Outputs are non-deterministic — the same question may produce different answers — and may be inaccurate, incomplete, contextually inappropriate, or fabricated ("hallucination" or "confabulation"). AI output does not account for your complete medical history, medications, genetic factors, or clinical context. Treat NUMI's AI output as informational only. It is not medical advice, diagnosis, treatment, or a professional opinion. See our Terms of Service §3A and §4 for the complete intended-use boundary and AI disclaimer.
To generate responses, NUMI sends contextual data to third-party AI inference providers. Data sent to these providers is de-identified before transmission (no name, email, or directly identifying account information). Providers act as data processors on our behalf and are contractually prohibited from using your data for any purpose other than serving your request.
Our current AI sub-processors are:
| Provider | Used for | Data retention configuration |
|---|---|---|
| OpenAI (OpenAI, L.L.C.) | LLM inference for chat and analysis | Zero-data-retention (ZDR) enabled where supported; no training on your data |
| Anthropic (Anthropic, PBC — Claude) | LLM inference for chat and analysis | No training on your data; standard retention per Anthropic enterprise terms |
| Google (Google LLC — Gemini) | LLM inference for chat and analysis | No training on your data via paid API tier; Google Cloud data-processing terms apply |
This list may change as we add or replace providers. Material changes to AI sub-processors will be reflected in this section and noted in the "Last Updated" date at the top of this Policy. To request the most current list at any time, email hello@nument.ai with subject line "Sub-Processors."
We share data with the following categories of service providers who process data on our behalf:
| Provider Category | Purpose | Data Shared |
|---|---|---|
| Cloud infrastructure | Data storage and computing | Encrypted health data, account data |
| Authentication services | Secure login and account management | Email, authentication tokens (not health data) |
| AI inference services | Process health queries and generate insights | De-identified health context (no PII) |
| Email delivery | Transactional emails (verification, password reset) | Email address only |
| Error monitoring | Crash reporting and performance | Anonymized device/error data (no health data) |
All service providers are bound by data processing agreements that restrict their use of your data to performing services for us.
We may disclose your information if required by law, subpoena, court order, or government regulation. We may also disclose information if we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or protect our legal rights. Where legally permitted, we will notify you of such disclosures.
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice in the Service before your information becomes subject to a different privacy policy.
This section provides additional disclosures required by state consumer health data laws, including the Washington My Health My Data Act (MHMDA).
NUMI collects the following categories of consumer health data:
Health data is collected and processed solely for the purposes of:
We obtain your consent for the collection and use of consumer health data during the onboarding process. This consent is separate from your agreement to these general privacy terms. You may withdraw your consent at any time by deleting your account or contacting us at hello@nument.ai.
NUMI is a general wellness tool, not a healthcare provider, health plan, or healthcare clearinghouse. We are not a HIPAA-covered entity and we do not provide healthcare services, health insurance, or healthcare clearinghouse services. NUMI does not create, receive, or maintain Protected Health Information (PHI) as defined under HIPAA. If our regulatory status changes, we will update this policy and notify all users.
| Data Category | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days for processing |
| Health data and chat history | Until account deletion + 30 days for processing |
| Usage analytics (de-identified) | Up to 24 months |
| Crash/error logs (anonymized) | Up to 12 months |
| Legal compliance records | As required by applicable law |
Upon account deletion, all personal data and health data is permanently deleted from our active systems within 30 days. De-identified, aggregated data that cannot reasonably identify you may be retained for product improvement purposes.
We implement commercially reasonable technical, administrative, and organizational security measures to protect your information, including:
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach involving your health data, we will notify you and the appropriate regulatory authorities in accordance with applicable law, including the FTC Health Breach Notification Rule.
Regardless of your location, you may:
If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
To exercise these rights, contact us at hello@nument.ai or use the in-app privacy settings. We will respond within 45 days.
If you are a Washington resident, you have additional rights under the My Health My Data Act:
If you reside in a state with applicable consumer privacy legislation, you may have similar rights to access, correct, delete, and opt out of the processing of your personal data. Contact us at hello@nument.ai to exercise your rights.
We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. If our practices change in the future, we will provide you with an opt-out mechanism in compliance with applicable law.
To submit a "Do Not Sell or Share" request, contact us at hello@nument.ai. We honor Global Privacy Control (GPC) browser signals as a valid opt-out request.
Under the CPRA, health data is classified as "sensitive personal information." We use your sensitive personal information only as necessary to provide the Service you have requested. You may request that we limit the use of your sensitive personal information by contacting us at hello@nument.ai or through the in-app privacy settings.
NUMI is intended for adults aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a minor, we will promptly delete that information. If you are a parent or guardian and believe your child has provided information to NUMI, please contact us at hello@nument.ai.
Our website (nument.ai) uses the following technologies, grouped by purpose:
Essential (always active — required for the site to function securely):
| Technology | Purpose | Duration |
|---|---|---|
| Session cookies | Authentication and security | Browser session |
A/B testing cookie (numi_ab_test) | Landing page variant assignment (A/B) | 30 days |
| Cloudflare Turnstile | Bot detection for signup forms (anti-spam) | Session |
Consent preference (numi_cookie_consent, localStorage) | Remembers your cookie choice so we do not ask again | Until cleared |
Performance & Analytics (opt-in — you control these via the cookie banner):
| Technology | Purpose | Duration / Storage |
|---|---|---|
| First-party page-view event | We log a page view (session ID, landing variant, user-agent, referrer) so we can understand how NUMI is growing | Stored in our own database (DynamoDB table biosync-analytics-prod) |
| First-party conversion event | We log a conversion when a signup completes, so we can measure signup performance | Stored in our own database (DynamoDB table biosync-analytics-prod) |
| Approximate geolocation | At signup, we look up the approximate country/region from the request IP so we know which countries are interested | Stored alongside the waitlist entry |
What we do not do: We do not use advertising cookies, retargeting pixels, third-party analytics (no Google Analytics, no Meta Pixel, no Mixpanel), cross-site tracking, or data brokers. All analytics are first-party — the data stays in our own AWS account and is never sold or shared.
Your choice: You can accept, decline, or change your analytics preference at any time using the "Cookie settings" button in the bottom-left corner of the site. Declining does not affect your ability to use the site or join the waitlist.
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with your information.
NUMI is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We will take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws that differ from United States law, please be aware that we may transfer your data to jurisdictions that may not provide equivalent data protection. We rely on your explicit consent and contractual safeguards for such transfers.
We may update this Privacy Policy from time to time. If we make material changes to how we handle your health data, we will notify you via email and/or a prominent notice within the Service at least 30 days before the changes take effect. Material changes to consumer health data practices will require renewed consent where required by law.
Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a data concern, contact us at:
NumentAI
Email: hello@nument.ai
Privacy inquiries: hello@nument.ai (subject line: "Privacy Request")
Response time: Within 10 business days (within 45 days for verified CCPA/CPRA requests)