Privacy Policy

NumeriQal is an independent educational practice platform operated by Tommaso Di Gioacchino, a self-employed individual. For the purposes of data protection law, Tommaso Di Gioacchino is the data controller — meaning he determines how and why your personal data is processed.

The Belgian supervisory authority for data protection is the Autorité de protection des données / Gegevensbeschermingsautoriteit (APD/GBA), reachable at www.dataprotectionauthority.be.

When you create an account and use NumeriQal, we collect the following personal data:

• Username and email address — provided at registration
• Password — stored securely and hashed by Supabase Auth; never stored in plain text
• Account type — whether you are on the Free plan or have an active Subscription
• Practice progress — which questions you have answered, whether correctly, and when
• Test scores — results from tests you complete on the platform
• Stripe customer ID and subscription ID — stored to manage your subscription status; no payment card details are stored by NumeriQal

We do not store payment card data. All payment processing is handled entirely by Stripe.

We do not use tracking cookies or advertising cookies. We do not use Google Analytics, Facebook Pixel, or any other third-party advertising or analytics technology.

We process your personal data on the following legal bases:

• Contractual necessity (Art. 6(1)(b)): To provide you with the service you signed up for — your account, test results, and progress tracking.
• Legitimate interest (Art. 6(1)(f)): To maintain the security and integrity of the platform.
• Legal obligation (Art. 6(1)(c)): To comply with applicable Belgian and EU law where required.

We use your personal data exclusively to:

• Create and manage your account
• Track your practice progress and test scores
• Manage your subscription status and access to paid features
• Facilitate class bookings with the data analyst
• Respond to any support requests you send us

We do not sell your data to third parties. We do not use your data for advertising or profiling. We do not send marketing emails unless you explicitly opt in.

Your account data and practice progress are stored securely on servers provided by Supabase, a cloud database provider. Supabase stores data in data centres within the EU. You can review Supabase's own privacy and security policies at supabase.com/privacy.

We retain your account data for as long as your account is active. If you request deletion of your account, we will remove your personal data within 30 days.

We take reasonable technical measures to protect your data from unauthorised access, loss, or misuse. Passwords are hashed using industry-standard methods by Supabase Auth and are never accessible in plain text. All data is transmitted over HTTPS.

In the event of a personal data breach that poses a risk to your rights and freedoms, we are required under GDPR to notify the Belgian Data Protection Authority within 72 hours, and to inform you directly if the breach poses a high risk.

As a user based in the EU/Belgium, you have the following rights regarding your personal data:

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can ask us to correct inaccurate data.
• Right to erasure (Art. 17): You can ask us to delete your account and personal data.
• Right to restriction (Art. 18): You can ask us to limit how we process your data in certain circumstances.
• Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
• Right to object (Art. 21): You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at numeriqal@pm.me. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (APD/GBA) at any time.

NumeriQal uses only technically necessary cookies to manage your authentication session. These are set by Supabase Auth when you log in and are required for the platform to function. They do not track your behaviour across other websites and do not require consent under the ePrivacy Directive.

We do not use advertising cookies, analytics cookies, or any other non-essential cookies.

NumeriQal uses the following third-party services:

• Supabase: Provides our database, authentication, and backend infrastructure. Data is stored in EU-based servers. See supabase.com/privacy.
• Stripe: Handles all payment processing for subscriptions. NumeriQal does not store your card details. See stripe.com/privacy.
• Vercel: Hosts the NumeriQal web application. See vercel.com/legal/privacy-policy.
• Lulu: Fulfils orders for the physical printed book. Lulu's own privacy policy applies to purchases made through their platform.
• Google Fonts: Fonts may be loaded from Google's servers, which may involve transmission of your IP address to Google. See policies.google.com/privacy.

NumeriQal is not intended for children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has registered without parental consent, please contact us and we will delete the account promptly.

We may update this Privacy Policy from time to time to reflect changes in the platform or in applicable law. We will notify registered users of significant changes by displaying a notice on the platform. The date at the top of this page indicates when the policy was last revised.

For any questions, requests to exercise your rights, or privacy concerns, please contact us at numeriqal@pm.me. We aim to respond to all requests within 30 days.

You may also contact the Belgian Data Protection Authority directly:

• Website: www.dataprotectionauthority.be
• Email: contact@apd-gba.be
• Address: Rue de la Presse 35, 1000 Brussels, Belgium