Privacy policy.
Last updated: 3 July 2026
In case of divergence between the English and the Portuguese version, the Portuguese version prevails.
This Privacy Policy explains how Numo Solutions, Unipessoal Lda ("Numo") collects and uses the personal information of Users when they use the Numo platform and the Services.
1. Definitions and about Numo
Undefined terms in this Privacy Policy have the same definition as in Numo's Terms and Conditions ("Terms"). "Customer" means the business that registers for the Service. "User" means an individual authorised by the Customer to use it.
Numo provides a platform that allows businesses to invest surplus cash in regulated investment funds. Numo is a tied agent of Sixty Degrees - Sociedade Gestora de Organismos de Investimento Coletivo, S.A. ("Sixty Degrees"), registered with the Portuguese Securities Market Commission (CMVM).
The data controller under the GDPR and Portuguese law (Lei n.º 58/2019) is:
- Controller: Numo Solutions, Unipessoal Lda.
- Registered office: Rua Camilo Castelo Branco 2, 4º Esq, 1150-084 Lisboa
- NIPC: 519220536
- Privacy contact: dpo@usenumo.com
2. Personal information Numo collects
2.1. Information needed to use the Numo Platform. The User's name, business email address, role and profile details, collected when the Customer registers or invites the User. Numo uses a third party identity provider for login and does not store passwords.
2.2. Information provided by the User. During onboarding, the User provides information that includes:
- KYC and KYB information. Identification details (including identity document numbers, date of birth and nationality), address and contacts, tax number, employment, Politically Exposed Person status, financial and risk profile, and bank account details (IBAN). For businesses, company details and the details of directors and beneficial owners.
- Information about others. By providing personal information about other people (for example the Customer's directors and beneficial owners), the User confirms that they are authorised to do so and that they have shared this Privacy Policy with those people.
- Documents (sensitive). Registry extracts, financial statements, identity documents and proof of bank account. These are stored encrypted and are accessible only via short lived links.
- Consents and signatures. The User's consent records and electronic signature ceremony metadata.
2.3. Information Numo collects automatically. Such as IP address, browser and device string, an audit trail of actions taken in the platform, and usage data (pages viewed, features used and interactions with the platform), collected through Numo's analytics tool.
2.4. Information Numo receives from third parties. Where the Customer connects a bank account, Numo receives account details, balances and transaction data from the Customer's bank through the regulated open banking provider, on the Customer's instruction and consent. Where the Customer instructs a transfer, Numo processes the transfer and destination account details; transfers are executed by the Customer's bank.
3. How Numo uses the information
3.1. Operate and provide the Numo Platform. Numo processes the information to enable the User to access the platform, manage accounts and workspaces, connect bank accounts, initiate transfers on the Customer's instruction, process investment subscriptions, provide support, and send service and regulatory communications.
3.2. Comply with Numo's legal obligations. Numo verifies the identity of Customers, their representatives and beneficial owners, screens Politically Exposed Person status and keeps records, as required by anti money laundering law (Lei n.º 83/2017). This information is used exclusively for the prevention of money laundering and terrorist financing. Providing it is a statutory and contractual requirement: without it Numo cannot open or maintain the Customer's account. An anti money laundering risk classification is assigned automatically, based on factors such as country, professional profile and political exposure; higher risk classifications are reviewed by the responsible compliance function and decisions to accept or refuse a business relationship involve human intervention.
3.3. Maintain a reliable and secure platform. Numo detects and prevents fraud, abuse and security incidents, maintains audit logs and enforces the Terms. Numo also uses analytics and diagnostic data to detect and fix errors, understand how the platform is used, and improve it.
3.4. Financial and corporate operations. Numo may share data with potential investors in or acquirers of Numo when negotiating corporate or financial transactions, always under confidentiality obligations.
4. Who Numo shares the information with
4.1. Sharing with service providers. Numo works with third party providers that process information on Numo's behalf under data processing agreements, limited to what is necessary for their function. These include the identity and authentication provider, the regulated open banking provider (account information and transfer initiation), the cloud infrastructure provider (hosted in the EU, Ireland), and the web hosting, email delivery, electronic signature, error monitoring, analytics and feature flag, and AI providers. The named list of subprocessors, with their purposes and processing locations, is published on the Subprocessors page and updated when providers change.
4.2. Sharing with Sixty Degrees. Upon registration on the platform, Numo shares the Customer's KYC/KYB information and identity documents with Sixty Degrees, the management company of the funds; when the Customer subscribes to investment products, Numo also shares the signed subscription forms. Because Numo's tied agent activity is carried out on behalf and under the responsibility of Sixty Degrees, it acts as the data controller for investor onboarding and subscription processing; Numo remains controller for everything else.
4.3. Complying with the law. Numo may disclose information where legally required. Under Lei n.º 83/2017 this includes the DCIAP, the Financial Intelligence Unit, the Tax and Customs Authority and other judicial, police and sectoral authorities. Numo may also disclose information to professional advisers.
4.4. Business related transfers. Information may be disclosed or transferred to an acquirer, successor or assignee as part of a merger, acquisition, financing or similar transaction, subject to appropriate safeguards.
Numo does not sell personal information.
5. Security, integrity, and retention
Numo maintains technical and organisational measures to protect the information: encryption in transit and at rest, private by default document storage with short lived links, strong authentication with multi factor authentication, role based permissions with workspace isolation, and audit logging of sensitive actions. Despite Numo's best efforts, no security measures are perfect.
Numo keeps personal information only as long as necessary:
- KYC/KYB and AML records: seven years after identification or after the end of the business relationship (Lei n.º 83/2017).
- Records of operations subject to AML duties: seven years from execution.
- Other platform data and logs: 12 months after account deletion.
When no longer needed, data is deleted or anonymised.
6. Cookies
The Service uses a strictly necessary session cookie to keep the User signed in. Numo also uses a product analytics tool to understand how the Service is used and to diagnose errors. Numo does not use advertising trackers.
7. Children privacy
The Service is offered to businesses and their authorised representatives, who must be at least 18 years old. Numo does not knowingly collect personal information from anyone under 18.
8. User choices
8.1. The User may decline to share certain information, but identity and due diligence data is legally required: without it Numo cannot provide the Service (see Section 3.2).
8.2. The User may update account information at any time in the platform, and may request correction of any other information through dpo@usenumo.com.
8.3. Where processing is based on the User's consent (for example call recording), it may be withdrawn at any time.
9. Data subject rights and legal bases
Subject to applicable law, the data subject has the right to access, rectify, delete and port their personal information, to restrict or object to processing, to withdraw consent, not to be subject to solely automated decisions with legal or similarly significant effect, and to complain. Rights can be exercised by contacting dpo@usenumo.com. Numo is legally required to retain KYC/AML records for the period in Section 5.
For information processed strictly for anti money laundering purposes, Lei n.º 83/2017 provides that access and rectification are exercised indirectly, through the CNPD (Comissão Nacional de Proteção de Dados, https://www.cnpd.pt), with which the data subject may also lodge a complaint.
Numo processes personal information on one or more of the following legal bases: where necessary to perform the contract with the Customer; where necessary to comply with a legal obligation (in particular Lei n.º 83/2017); for Numo's legitimate interests, as outlined in this Privacy Policy; or with the data subject's consent.
10. International data transfers
Numo's core infrastructure is hosted in the European Union (Ireland). Where a service provider processes information outside the EEA, this is done in accordance with applicable privacy laws, relying on an adequacy decision or the European Commission approved Standard Contractual Clauses.
11. Privacy policies of others
The Service connects with third parties that have their own privacy policies, including the Customer's bank and Sixty Degrees. Numo does not control these third parties and invites the User to read their policies.
12. Changes to this Privacy Policy
Numo may change this Privacy Policy from time to time. If it is modified, the updated version will be made available and the date of the latest revision indicated. If the modifications materially alter the rights of data subjects, Numo will use reasonable efforts to notify them.
13. How to contact Numo
The User or the Customer may contact Numo with any questions or comments about this Policy at dpo@usenumo.com, or by post to Numo Solutions, Unipessoal Lda, Rua Camilo Castelo Branco 2, 4º Esq, 1150-084 Lisboa.