In a nutshell
We only collect what we need to run NuMetric, keep your data secure, and meet our legal duties.
We don’t sell personal data. You control your settings and can access, export, or delete your data subject to legal retention.
1. Introduction
NuMetric Accounting Technology (“NuMetric,” “we,” “us,” “our”) respects your privacy and is committed to protecting your personal and financial information. This Privacy Policy explains how we collect, use, store, transfer, and safeguard your data when you use our products and services.
This Policy applies to all NuMetric-operated platforms and applications, including:
• NuMetric.work
• Now8.app
• Now8 E-commerce (store.now8 domains)
• Now8 POS
• Now8 Online Appointments
• Any related portals, booking systems, or checkout systems
• Any connected add-ons, extensions, or integrations
(collectively, the “Services”)
By creating an account or using our Services, you consent to the practices described in this Policy.
1.1 Definitions
For the purposes of this Policy:
• “Personal Data” means any information relating to an identified or identifiable individual.
• “Customer Data” means data uploaded, submitted, or generated by you through the Services, including financial records, invoices, customer lists, and uploaded documents.
• “Account Owner” means the individual or business entity that creates and controls a NuMetric account.
• “User” means any individual authorized by the Account Owner to access the Services.
• “Representative” means an accountant, advisor, or other person who is granted access to Customer Data by the Account Owner.
• “Processor” means a third party that processes Personal Data on behalf of NuMetric under our instructions.
• “Controller” refers to the entity that determines the purpose and means of processing Personal Data, as defined under applicable data-protection laws.
These definitions are provided to ensure clarity and consistency throughout this Policy.
2. Entity & Responsibility
Data Controller
VIRIFI Technologies Ltd
20–22 Wenlock Rd, London N1 7GU, United Kingdom
Registered in England & Wales
Email (general privacy inquiries): [email protected]
Data Protection Officer (DPO): [email protected]
VIRIFI Technologies Ltd is the primary Data Controller responsible for determining the purposes and means of processing Personal Data under:
• the UK General Data Protection Regulation (UK GDPR)
• where applicable, the EU GDPR
• the Jordan Personal Data Protection Law (PDPL)
2.1 Master Distributor, Authorized Sellers, and Resellers
NuMetric operates with a commercial distribution network in certain regions, which includes:
• Master Distributor (e.g., IHTIRAF)
• Authorized Sellers
• Resellers
These entities may assist with sales, onboarding, commercial arrangements, and customer support related to the NuMetric Jordan MD Platform.
Their Role in Data Processing
Unless expressly stated otherwise:
• The Master Distributor, Authorized Sellers, and Resellers act as independent Data Controllers for the customer relationship and commercial activities they manage (e.g., subscriptions, sales contracts, billing between the business and the reseller).
• They act as Data Processors only where they access or handle Personal Data strictly under NuMetric’s instructions, and only for Service-related purposes such as:
• assisting users with account activation
• coordinating onboarding or training
• managing subscription renewals
• providing first-line support
• verifying subscriber information
Each Processor is bound by a written agreement requiring confidentiality, secure handling, and compliance with applicable privacy laws.
Joint Controller Situations
In specific circumstances — such as coordinated onboarding, shared customer support interactions, or compliance investigations — VIRIFI and the Master Distributor or Authorized Seller may act as joint controllers.
When this applies:
• responsibilities are clearly allocated in internal agreements
• users may contact either party to exercise their privacy rights
• VIRIFI remains the principal point of contact for all privacy matters
2.2 Responsibility for the Services
Regardless of regional commercial arrangements, VIRIFI:
• controls all backend systems
• determines the technical and security measures
• sets mandatory data handling standards for all parties
• maintains full ownership and oversight of Customer Data processed within the Services
Master Distributors, Authorized Sellers, and Resellers do not have access to source code, backend infrastructure, development tools, or systems controlling data storage.
3. Applicability
This Privacy Policy applies to:
• All NuMetric-operated platforms, web applications, mobile applications, and software add-ons.
• All Services provided directly by NuMetric or through approved integrations.
• Use of the Services by customers, Account Owners, Users, and their authorized Representatives.
• Regional distribution partners (Master Distributor, Authorized Sellers, and Resellers) who interact with subscribers for onboarding, activation, renewals, or commercial arrangements.
This Policy does not apply to independently operated third-party services (such as Aramex, PayTabs, Visa CyberSource, or other external systems), which are governed by their respective privacy policies.
3.1 Authorized Distributors, Sellers, and Resellers
In regions where NuMetric is distributed through a partner network, the following categories of partners may access limited Personal Data strictly for Service-related purposes:
• Master Distributor
• Authorized Sellers
• Resellers
They may access only the information necessary to perform their assigned responsibilities, such as:
• confirming subscription ownership
• coordinating onboarding
• assisting with activation or renewal
• supporting first-line customer service
• verifying account information for commercial or compliance reasons
They do not have access to backend systems, development environments, source code, infrastructure, or any system-level data.
A list of currently authorized distributors and sellers can be provided upon request, or is made available through NuMetric’s regional documentation where required by law.
All distributors and sellers operate under strict confidentiality and data-protection agreements.
3.2 Employees, Contractors, and Internal Access
NuMetric employees, contractors, and technical operators may access Personal Data only when necessary to:
• provide technical support
• resolve incidents
• maintain system security and performance
• comply with legal or regulatory duties
All internal personnel are:
• subject to legally binding confidentiality obligations
• trained in data protection and secure handling practices
• granted access based strictly on role-based access controls
• monitored through audit logs and internal compliance procedures
Access to customer environments is limited to what is required for operational purposes and is fully auditable.
4. Information We Collect
4.1 Information You Provide
We collect personal and business information you voluntarily provide, such as:
Name, business name, and contact details.
Billing and payment information.
Tax or national identification numbers (for e-invoicing and compliance).
Financial records, invoices, receipts, and uploaded documents.
Support requests, survey responses, and communication logs.
4.2 Information Automatically Collected
When you use the Services, we automatically collect:
Device, browser, IP address, and operating system details.
Log and usage data (login times, activity, feature use).
Cookies and similar tracking technologies (see §11).
Approximate location derived from IP for fraud prevention and compliance.
4.3 Information from Third-Party Integrations
To operate the Services, we use integrated technologies including:
Payment Gateways: PayTabs, Visa CyberSource
Messaging & Support: Intercom, Twilio, AWS SES/SNS
Hosting & Infrastructure: Amazon Web Services (AWS)
Automation & Connectivity: Zapier and API-based e-invoicing/compliance systems
These third parties act as data processors under our instruction and are bound by confidentiality and data-protection agreements.
We use vetted processors under binding data-processing terms. They act only on our documented instructions and implement appropriate security measures.
5. How We Use Information
We process information to:
Deliver accounting, invoicing, reporting, appointment, and retail-management services.
Enable integrations such as payments, messaging, and e-invoicing.
Comply with legal and regulatory obligations.
Communicate account notices, security alerts, and updates.
Improve functionality, usability, and security.
Detect and prevent fraud or unauthorised access.
Conduct anonymised, aggregated analytics for performance improvement.
Aggregated insights. We may create and use anonymised or aggregated statistics (that do not identify anyone) to maintain, improve, and develop the Services.
We never sell or rent personal information.
6. Legal Bases for Processing
We rely on:
Contractual necessity – to provide subscribed Services.
Legal obligation – to meet accounting, tax, and compliance duties.
Legitimate interests – to ensure security, prevent misuse, and enhance performance.
Consent – for marketing communications or non-essential cookies.
7. Data Sharing & Transfers
We may share your information with trusted third parties solely for the operation of the Services, including:
• Payment processors (PayTabs, Visa CyberSource)
• Cloud and infrastructure providers
• Messaging and support platforms (Intercom, Twilio, AWS SES/SNS)
• Professional advisers (lawyers, auditors)
• Government or regulatory bodies where legally required
Data Hosting & Multi-Region Processing
NuMetric is hosted on multi-region cloud infrastructure, primarily within:
• the United Kingdom (UK)
• the European Union (EU)
• Middle East regions supported by AWS
To ensure continuity, performance, and resilience, data may be replicated across these regions using secure, industry-standard safeguards.
NuMetric does not host production environments in jurisdictions lacking adequate data-protection standards unless protections equivalent to UK/EU GDPR or Jordan PDPL are applied.
Representative Sharing
At your direction, we may share selected Customer Data with your authorized accountant, advisor, or Representative. You may revoke access at any time in Settings.
Once shared, that party’s use of the data is governed by their own privacy policy.
Cross-Border Transfers
Where Personal Data is transferred outside your country:
• we use Standard Contractual Clauses (SCCs)
• we apply equivalent safeguards under UK/EU GDPR and Jordan PDPL
• additional technical and organisational measures are applied where required
8. Data Retention & Deletion
Data is retained while your account is active and for up to five (5) years thereafter, or longer if required by law.
After that period, data is securely deleted or anonymised.
You may request export or deletion at any time (see §9).
Upon account closure, we delete data from active systems and, within standard cycles, from backups.
Limited records may be retained where required by law or to resolve disputes.
Backup copies are held temporarily for business continuity and legal compliance.
9. Your Rights
Under the UK/EU GDPR, you may:
Access your data.
Rectify inaccuracies.
Request deletion (“right to be forgotten”), subject to statutory retention.
Request data portability.
Withdraw consent at any time.
Object to or restrict certain processing.
Submit requests to [email protected].
We respond within statutory timeframes (normally 30 days).
Complaints. You may contact our DPO at [email protected] and have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.
10. Security Measures
We apply industry-standard administrative, technical, and physical safeguards to protect your Personal Data, including:
• encryption at rest and in transit (TLS 1.2+)
• role-based access controls and multi-factor authentication (MFA)
• firewalls and intrusion detection systems
• continuous monitoring, vulnerability scanning, and penetration testing
• strict access logging and administrative activity audits
10.1 Employee & Contractor Security
NuMetric personnel, contractors, and technical operators:
• undergo pre-employment vetting, background checks, and identity verification where legally permissible
• are bound by strict confidentiality agreements
• receive mandatory data-protection and security training
• only access Personal Data when necessary for support, maintenance, compliance, or security reasons
• are limited by least-privilege and role-based access
All access to customer environments is monitored and recorded.
10.2 Encryption
NuMetric uses encryption:
• Server-side encryption for all stored data within our multi-region cloud infrastructure
• Client-side encryption for sensitive data transmitted from your device to our servers
• End-to-end encryption for specific operations where required by compliance obligations
Encryption standards and configurations are reviewed regularly to ensure compliance with evolving security requirements.
10.3 Disaster Recovery & Business Continuity
NuMetric maintains a multi-region, resilient infrastructure designed for continuous availability.
Our disaster-recovery and continuity commitments include:
• Real-time replication across multiple AWS regions
• Failover capability to backup environments in the event of a regional outage
• Regular disaster recovery testing
• Redundant storage, network, and compute resources
• Backup retention aligned with our data retention standards and legal obligations
11. Cookies & Analytics
We use cookies and similar technologies to:
Authenticate users and maintain secure sessions.
Remember preferences and improve usability.
Perform aggregated analytics (AWS Metrics, Intercom, etc.).
Where required by law, you’ll see a consent banner to manage preferences.
You can manage non-essential cookies anytime via Cookie Settings in the site footer.
Essential cookies are required to operate the Service.
Disabling cookies may limit some functionality.
12. Marketing Communications
We may send you product updates and tips where permitted by law.
You can opt out at any time via the unsubscribe link.
You will still receive essential service emails (security, billing, and legal notices).
13. Your Responsibility for Third-Party Data
If you upload or otherwise provide personal data about third parties, you confirm you have a lawful basis and appropriate notices in place.
You must honour any rights requests those individuals make to you.
14. Children’s Privacy
Our Services are not intended for persons under 18. We do not knowingly collect data from minors; if identified, it will be deleted promptly.
15. Contact Information
Data Protection Officer (DPO)
Email: [email protected]
VIRIFI Technologies Ltd
20–22 Wenlock Rd, London N1 7GU, United Kingdom
16. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, regulatory requirements, or improvements to our Services. The “Last Updated” date at the top of this Policy indicates the most recent revision.
If a change materially affects your rights, alters how we process Personal Data, or introduces new processing purposes, we will provide advance notice by email or an in-app message before the changes take effect.
We will not reduce your rights under this Privacy Policy without providing explicit prior notice and, where required by law, obtaining renewed consent.
We encourage you to review this Policy periodically to stay informed about how we protect your data.