Privacy Policy

How we hold your information.

Last updated: May 2026

Numen takes the handling of your personal data seriously — particularly your birth data, which is uniquely sensitive. This policy explains what we collect, why, how long we hold it, and your rights over it.

What we collect and why

Birth data (name, date, time, place)

Required to calculate your Human Design chart. Encrypted at rest using AES-256-GCM before it is stored. Sent once to our chart calculation provider (humandesignhub.app) to compute your BodyGraph. After the initial calculation, the result is cached locally and the raw birth data is never re-transmitted. Birth data is never written to any application log, analytics service, or marketing tool.

Email address

Used to create your account, send transactional emails (your reading, account notifications, your 7-day welcome sequence), and process your payment via Stripe. We do not sell or rent your email address to any third party.

Payment information

Stripe processes all payments. We never see, store, or log your card details. Stripe receives only your email address and the transaction amount. Stripe's privacy policy applies to payment data.

Sophia conversations

Your chat history with Sophia is stored in our database, scoped to your account, protected by row-level security. We use your conversation history solely to give Sophia memory of your past interactions. We do not train AI models on your conversations or share them with any third party.

Journal entries, energy logs, and tool data

Data you enter into the Decision Journal, Energy Tracker, and other tools is stored in our database, accessible only by your authenticated session. It is used solely to provide you with your own historical data.

Cookies and tracking

We use a small number of cookies for authentication (Supabase session management) and analytics. We do not use advertising cookies or third-party tracking pixels beyond the analytics services listed below.

You can disable cookies in your browser settings. Disabling session cookies will prevent you from staying signed in.

Third-party services we use

Supabase

Database, authentication, and file storage. Hosted in Australia (Sydney region).

Anthropic (Claude)

AI model powering Sophia and Blueprint section generation. Your chart data and conversation context is sent to Anthropic's API to generate responses. Anthropic does not train models on API data.

Stripe

Payment processing. Handles all card data. Subject to PCI-DSS Level 1 compliance.

Resend

Transactional email delivery. Receives your email address and the HTML content of emails we send you.

humandesignhub.app

Human Design chart calculation API. Receives your birth data once per chart. Does not retain it after calculation.

Cloudflare R2

Storage for generated audio files (your Personal Letter narration). Files are accessible only via authenticated URLs.

Vercel

Hosting and edge network. Processes requests but does not store personal data beyond standard server logs (30-day retention).

PostHog

Product analytics. Receives anonymous page views and feature-usage events. We have configured PostHog to not capture personally identifiable information in event payloads.

ElevenLabs

Voice synthesis for the Personal Letter audio. Receives only the text content of your letter, not your birth data or identity.

Data retention

We hold your data for as long as your account is active. If you delete your account, all personal data — chart, conversations, journal entries, energy logs, audio assets, and purchases — is permanently deleted within 30 days.

Anonymised analytics data (page views, feature events with no personal identifiers) may be retained indefinitely for product improvement.

Payment records are retained as required by financial regulations (typically 7 years in most jurisdictions) even after account deletion.

Your rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Ask us to correct inaccurate data.
  • Deletion: Delete your account from the Account page in the dashboard. All data is deleted within 30 days.
  • Portability: Request an export of your chart data, readings, and journal entries.
  • Objection: Object to processing for analytics purposes.
  • GDPR (EU/UK residents): You have additional rights under the General Data Protection Regulation including the right to lodge a complaint with your local supervisory authority.

Children

Numen is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, contact us and we will delete it immediately.

Changes to this policy

We may update this policy when our data practices change. Material changes will be communicated by email to your registered address. The effective date at the top of this page reflects the most recent update.

Contact

Privacy questions, data requests, or complaints: hello@numenhd.com. We will respond within 5 business days.