Privacy Policy

Neumetria, Inc. (United States) and Neumetria OÜ (Estonia) operate the services offered in connection with our pilot and evaluation programs. The data controller for your personal data is the entity specified in your pilot agreement—typically Neumetria, Inc. for customers in the United States and Neumetria OÜ for customers in the European Economic Area, United Kingdom, or as otherwise agreed. Where a separate agreement so specifies, we may act as processor on your instructions.

Our services are currently offered on a pilot or evaluation basis to business customers. This policy describes how we collect, use, and protect information in that context. Practices may evolve as we move toward general availability; we will update this policy and, where required by law, notify you of material changes.

We may collect:

• Account and contact information — name, email address, job title, company name, and similar details provided by you or your organization when signing up for or using the pilot.
• Usage and technical data — how you use our services (e.g., features used, logs, device and IP information) for operation, security, and improvement.
• Banking and financial data — data that you or your organization provide to the services in the course of the pilot (e.g., transaction data, account-related information, or other financial data). We process this data only as necessary to provide and evaluate the services and as agreed in your pilot or data processing terms.

We do not sell personal data. We collect only what is necessary for the purposes described in this policy and in our agreements with you.

We use the information we collect to: provide, operate, and improve our services; communicate with you about the pilot; ensure security and prevent fraud; comply with legal obligations; and enforce our terms. Where we process banking or financial data that you provide, we do so in accordance with your instructions and our contractual and legal obligations.

For individuals in the European Economic Area or the United Kingdom, we rely on: contract (performance of our agreement with you or your organization); legitimate interests (e.g., security, improving our services, managing the pilot); and, where applicable, legal obligation. Where we process special categories of data or sensitive financial data, we do so only as permitted by law and any applicable pilot or data processing agreement.

We may share information with: service providers and subprocessors who assist in operating our services, under strict confidentiality and data protection obligations; regulators or authorities when required by law or to protect our rights; and affiliates or in connection with a merger, acquisition, or sale of assets , subject to the same privacy commitments. We do not sell or rent personal data to third parties.

We implement technical and organizational measures designed to protect personal and financial data against unauthorized access, loss, or misuse, in line with the sensitivity of the data and applicable regulatory expectations. These include access controls, encryption where appropriate, and secure development and operations practices. No system is completely secure; we will notify you and relevant authorities of breaches where required by law.

We retain personal data only for as long as necessary to fulfill the purposes in this policy, to comply with legal or regulatory obligations, and as set out in any pilot or data processing agreement. When data is no longer needed, we delete or anonymize it in accordance with our retention and deletion procedures.

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data, to object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us using the details below. Where we act as processor on behalf of your organization, we will assist that organization in responding to requests in accordance with our agreement.

We may transfer and process data in countries other than your country of residence. Where such transfers are subject to data protection laws (e.g., from the EEA or UK), we implement appropriate safeguards, such as standard contractual clauses or other mechanisms recognized by applicable law.

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates when it was last revised. We encourage you to review this policy periodically. Where required by law, we will notify you of material changes or obtain your consent.

For questions about this Privacy Policy, your personal data, or to exercise your rights, contact us at the address or email provided in your pilot agreement or on our website.