1. Introduction and Scope

This Privacy Policy describes how Numma collects, uses, processes, and handles data in connection with the use of its platform, services, and related interfaces. It applies to all components made available under the Numma brand, including the primary application, administrative dashboards, desktop software, APIs, landing pages, and any other interaction layer through which the Platform is accessed or operated.

The Platform is operated by Deaf Pumpkin Studios, LLC, a limited liability company organized in the State of Delaware, United States, with registered address at 2810 North Church Street, PMB 80252, Wilmington, Delaware 19802, and DiffLabs Tecnologia LTDA, a company incorporated in Brazil, registered under CNPJ 29.820.713/0001-83, with registered address at Av. Brig. Faria Lima, 2369 - Jardim Paulistano, São Paulo - SP, 01452-922. References to “Numma,” “we,” “us,” or “our” in this Policy refer to these entities as applicable to your relationship and jurisdiction.

The Platform is not limited to a static environment in which users manually input and retrieve information. It operates as an execution layer that interacts with multiple external systems, processes instructions, and initiates actions across those systems. As a result, the scope of this Privacy Policy extends beyond data that is explicitly submitted by the user and includes data that is accessed, generated, transformed, or transmitted as part of the Platform’s operation.

In practical terms, this means that data processed through the Platform may originate from a variety of sources and may not be confined to a single system or interface. Data may be provided directly by users, retrieved from integrated services, generated through execution logs, or derived from the interpretation of instructions. The Platform may also process information in real time, including content that is transient in nature, as well as data that is stored for operational, analytical, or integrity-related purposes.

Because the Platform is designed to operate across systems, its data flows are inherently dynamic. A single instruction may result in multiple interactions involving different services, each governed by its own technical and legal framework. This Privacy Policy therefore addresses not only what data is handled, but the context in which such handling occurs — namely, a distributed environment where data moves between systems as part of coordinated execution.

This document is intended to provide a clear and accurate description of how data is treated within that environment. It does not attempt to simplify or abstract the nature of the Platform into a traditional “application” model, as such a simplification would be misleading. Instead, it reflects the operational reality that data processing within Numma is closely tied to user intent, system integrations, and the execution of actions that extend beyond a single controlled environment.

By accessing or using the Platform, you acknowledge that your data may be processed in accordance with this Privacy Policy. If you do not agree with the terms described herein, you should not use the Platform.

This Privacy Policy should be read in conjunction with the Terms of Use, which define the broader legal framework governing access to and use of the Platform, including responsibility, limitations of liability, and operational constraints. Together, these documents establish the full context in which data is processed and services are provided.

2. Roles and Data Responsibility

The Platform is designed to operate across systems, executing actions and processing data based on user instructions and granted permissions. As a result, Numma does not operate under a single, uniform role in relation to all data processed through the Platform. Instead, its role varies depending on the context in which data is collected and used.

In most cases, Numma acts as a data processor, service provider, or operator, processing data strictly on behalf of the user or the organization using the Platform. In this capacity, Numma does not determine the underlying purpose for which data is processed. The purpose is defined by the user, whether explicitly through direct instructions or implicitly through the configuration of workflows, integrations, and permissions. Numma provides the infrastructure through which those instructions are interpreted and executed, but it does not originate the business logic that justifies the processing of the data.

This distinction is fundamental. When the Platform retrieves information from a connected system, modifies a record, or executes a sequence of actions across multiple services, it does so as an extension of the user’s operational intent. The data being processed belongs to the user or to the systems they have chosen to connect, and Numma’s role is limited to enabling the execution of those operations within the technical boundaries of the Platform.

However, there are specific contexts in which Numma acts as a data controller. This occurs when Numma independently determines the purpose and means of processing certain categories of data that are necessary for the operation of the service itself. These contexts include, but are not limited to, account creation and management, authentication, billing and payment processing, customer support interactions, security monitoring, fraud prevention, and internal analytics related to the performance and integrity of the Platform.

In such cases, the data processed is not part of the user’s operational workflows, but rather part of the contractual and technical relationship between the user and Numma. Numma determines how and why this data is processed, and does so in accordance with applicable legal obligations and legitimate business interests.

It is also important to recognize that the boundary between these roles may not always be static. Because the Platform interprets instructions and facilitates execution across systems, certain intermediate processing steps may involve temporary handling of data in ways that are necessary to complete an action. These steps do not change the underlying role of Numma as a processor in relation to user data, but they do reflect the operational complexity of a system that performs coordinated actions across multiple environments.

Where required by applicable law, additional agreements, such as data processing agreements or addenda, may further define the relationship between you and the relevant Numma entity, including the allocation of responsibilities, safeguards, and compliance obligations.

Ultimately, you remain responsible for the data that is introduced into the Platform, the purposes for which it is used, and the permissions that enable its processing. Numma provides the mechanism through which that processing occurs, but does not assume responsibility for the underlying intent or legality of the data flows initiated by the user.