Legal
Privacy Policy
Last updated: 2026-07-13
1. Data controller
The data controller for Numwisely is Visualsofjulius OY (Business ID: FI29419016), located in Aura, Finland.
Contact for privacy matters and data subject requests: contact@visualsofjulius.com
2. Personal data we process
- Account and authentication data (email, user identifiers, session/authentication tokens).
- Financial records you upload or create (expenses, income, invoice and client data).
- Business profile and invoicing settings (company details, banking fields, templates).
- Operational metadata (timestamps, source file links, processing mode, audit logs).
- Support and communication data when you contact us.
3. Purposes and lawful bases
- Deliver and operate the service (contract performance under GDPR Article 6(1)(b)).
- Comply with legal obligations (for example accounting and regulatory obligations under Article 6(1)(c)).
- Protect service security, prevent abuse, and improve reliability (legitimate interests under Article 6(1)(f)).
- Run optional AI-assisted processing only with explicit consent records where required (Article 6(1)(a)).
4. Processors and data sharing
We use a small number of trusted providers (“sub-processors”) to run the service. The main ones are:
- Supabase — database, authentication, and file storage (hosted in Europe, region eu-central-2).
- Google — AI extraction, chat, invoice-template generation (Gemini), and image OCR (United States).
- Vercel — application hosting, served from an EU region.
- Resend — sending invoice and notification emails (United States).
- Visma (Maventa) and Recommand — e-invoice delivery operators, used only when you send structured e-invoices (European Union).
- Stripe — optional invoice payments through your own connected Stripe account (United States).
- Notion — optional two-way sync you choose to connect (United States).
- Telegram — optional receipt-photo bot you choose to connect (international).
If you configure your own email (SMTP) sending, invoice emails are delivered through your chosen email provider, and the credentials you save are stored encrypted. When you verify your business, we check the business identifier you enter against public registries (the Finnish Business Information System PRH/YTJ and the EU VIES service).
The full, current sub-processor list is in our Data Processing Agreement, which also governs how we handle other people’s personal data (for example client details on invoices) on your behalf.
5. International data transfers
Your account data and records are stored in Europe (our Supabase region is eu-central-2, which the EU recognizes as providing an adequate level of data protection). Some providers we use are based in the United States (for example Google, Vercel, Resend, and the optional Notion integration). Where data reaches them, the transfer is covered by the EU–US Data Privacy Framework and/or the European Commission’s Standard Contractual Clauses, with additional measures where needed.
6. Retention and deletion
- Account and product data (expenses, income, invoices, settings): kept while your account is active.
- When you delete your account, your data — including your invoices — is permanently deleted. Download your data first if you need to keep it: you, not us, are responsible for keeping your own statutory accounting records (in Finland, six years under the Accounting Act, Kirjanpitolaki 1336/1997).
- We retain only what we are independently required to keep — for example our own billing records — for the statutory period, and operational logs are trimmed automatically on a routine schedule.
7. AI and automated processing
With your consent, we use AI to help read, extract, and categorize the documents you upload, and to power chat and invoice-template features. AI produces suggestions that you review and confirm — no decision that has a legal or similarly significant effect is made by AI alone (GDPR Article 22). You can withdraw your AI-processing consent at any time, after which we stop sending your content for AI processing.
8. Your GDPR rights
Subject to applicable law, you have rights to access, rectify, erase, restrict processing, object to processing, and receive your data in a portable format. You can also withdraw consent when processing is based on consent.
To exercise your rights, contact contact@visualsofjulius.com. We may request verification to protect your data.
9. Cookies
Numwisely uses cookies and similar storage in two categories. Strictly necessary cookies run the service: signing you in securely, keeping your session active, and remembering your language. These are always on and need no consent. Optional analytics cookies (for example Google Analytics) help us understand how the service is used; they load only after you opt in, and we set no advertising or marketing cookies. You choose your categories in the consent banner or the Cookie Policy, and can change or withdraw that choice at any time.
10. Security
We use technical and organizational safeguards appropriate to the risk, including access controls, authenticated access, logging, and secure infrastructure practices.
11. Complaints authority
If you believe your data has been processed unlawfully, you can file a complaint with the Office of the Data Protection Ombudsman in Finland (Tietosuojavaltuutetun toimisto):tietosuoja.fi.
12. Policy updates
We may update this policy when legal, technical, or operational requirements change. We will publish the updated version with a revised date on this page.