Privacy Policy

Effective date: 13th of May 2026 Last updated: 13th of May 2026

This Privacy Policy explains how Numinous Limited ("we", "us", "our") collects, uses, stores, and protects your personal information when you use the [App Name] iOS application and any associated services (the "Service").

We've written this policy to be as plain-English as possible. If anything is unclear, please contact us using the details at the bottom.


1. Who we are

Numinous Limited is a company registered in New Zealand. We are the "data controller" responsible for your personal information.

  • Contact email: aaron@numinous.nz
  • Postal address: Po Box 33449, Barrington, Christchurch 8244, New Zealand

2. What information we collect

We try to collect as little as possible. At the current stage of the Service, the personal information we collect falls into the following categories:

2.1 Information you provide when you create an account

  • First name
  • Last name
  • Email address
  • Password (stored only as a one-way cryptographic hash — we never store or have access to your actual password)

2.2 Information collected automatically when you use the app

  • Device information used to authenticate API requests, including device identifier, device model, operating system version, and app version. This helps us secure your account and identify the device making requests on your behalf.
  • Authentication tokens generated by our server to keep you signed in.
  • Standard server logs, including IP address, request timestamps, and basic technical request information. These are kept for security, debugging, and abuse prevention purposes.

2.3 Information we do not collect

To be explicit, at this stage we do not collect:

  • Location data
  • Contacts, photos, microphone, or other device sensors
  • Listening history, playback position, or behavioural data
  • Advertising identifiers (IDFA)
  • Any third-party analytics or tracking data

This may change as the Service develops. If it does, we will update this policy and, where required, ask for your consent.


3. How we use your information

We use your personal information only for the following purposes:

  • To create and manage your account
  • To authenticate you when you sign in and to keep you signed in across sessions
  • To send transactional emails such as password resets and important account or service notices
  • To operate, maintain, secure, and improve the Service
  • To detect, prevent, and respond to fraud, abuse, security issues, or technical problems
  • To comply with legal obligations

We do not use your personal information for advertising, and we do not sell or rent your personal information to anyone.


If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

  • Contract: processing necessary to provide the Service you have signed up for (e.g. creating your account, authenticating you).
  • Legitimate interests: processing necessary to keep the Service secure, prevent abuse, and operate it reliably. We balance these interests against your rights.
  • Legal obligation: where we are required to retain or disclose information by law.
  • Consent: for anything that genuinely requires consent, where applicable. You can withdraw consent at any time.

5. Who we share your information with

We do not sell your personal information. We share it only with the limited service providers below, and only to the extent necessary for them to perform services for us:

Provider Purpose Location
Our hosting provider Hosting our application and database United States
Postmark (ActiveCampaign LLC) Sending transactional emails such as password resets United States

We may also disclose your information if required to do so by law, court order, or other valid legal process, or to protect the rights, property, or safety of Numinous Limited, our users, or others.

If we ever undergo a change of control (for example, a sale or merger), personal information may be transferred to the new owner, who will be bound by the terms of this Privacy Policy or an equivalent one.


6. International transfers

Numinous Limited is based in New Zealand. Our servers are currently located in the United States. This means your personal information will be transferred to and processed in the United States, and possibly other countries where our service providers operate.

For users in the EU/UK, we rely on appropriate safeguards for these transfers, including Standard Contractual Clauses where required by law.

New Zealand has been recognised by the European Commission as providing an adequate level of data protection.


7. How long we keep your information

We keep your personal information for as long as your account is active. If you delete your account, we will delete or anonymise your personal information within a reasonable period (typically 30 days), except where we are required to retain certain information for legal, security, or audit reasons.

Server logs are typically retained for a short period (no longer than 90 days unless needed for investigation of a security incident).


8. Your rights

You have the following rights in relation to your personal information. Some rights apply only in certain jurisdictions, but we extend most of them to all users regardless of where you live.

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct information that is inaccurate or incomplete.
  • Deletion — ask us to delete your account and the personal information associated with it (see Section 9).
  • Portability — request a copy of your information in a structured, commonly used, machine-readable format.
  • Objection / restriction — object to or ask us to restrict certain processing.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time.
  • Complain — lodge a complaint with a supervisory authority. In New Zealand, this is the Office of the Privacy Commissioner. In the EU, this is your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).

California residents: under the California Consumer Privacy Act (CCPA/CPRA), you also have the right to know what personal information is collected, to request deletion, to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioural advertising), and not to be discriminated against for exercising your rights.

To exercise any of these rights, email us at aaron@numinous.nz. We will respond within the timeframes required by applicable law (generally within 30 days).


9. Account deletion

You can request deletion of your account and associated personal information at any time by emailing aaron@numinous.nz from the email address associated with your account.

We are working on an in-app account deletion option, which will be available in a future version of the app.

When you delete your account, we will delete or anonymise your personal information within a reasonable period, except for any information we are required to retain by law or for legitimate security, fraud-prevention, or audit purposes.


10. Security

We take the security of your personal information seriously and use reasonable technical and organisational measures to protect it, including:

  • Passwords are stored only as one-way cryptographic hashes — we never see or store your actual password
  • Communication between the app and our server is encrypted in transit using HTTPS / TLS
  • Access to production systems is restricted and authenticated
  • Authentication tokens are issued per device and can be revoked

No system is ever completely secure. If you become aware of a security issue, please contact us at aaron@numinous.nz so we can investigate.


11. Children's privacy

The Service is intended for a general audience and is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable minimum age). We do not knowingly collect personal information from children below the applicable age. If you believe a child has provided us with personal information, please contact us and we will delete it.


12. Cookies and similar technologies

The iOS app itself does not use cookies. Our backend server uses authentication tokens (not browser cookies) to keep you signed in. If we add a website or web-based components that use cookies in future, we will update this policy and provide appropriate notices.


13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If the changes are material, we will provide a more prominent notice (for example, via email or an in-app notice).

We encourage you to review this policy periodically.


14. Contact us

If you have any questions, concerns, or requests relating to your privacy or this policy, please contact:

Numinous Limited Email: aaron@numinous.nz Post: o Box 33449, Barrington, Christchurch 8244, New Zealand

Oops! Somethings Missing. Please check and try again