Numina Security Overview

Numina gives revenue teams a senior rep's read on every account. We treat the data behind that — your book of business and the people in it — as sensitive by default. This document summarizes how we protect it.

Architecture & tenancy

• •Numina is a multi-tenant SaaS built on Next.js (hosted on Vercel) with a Postgres database (Supabase).
• •Every organization's data is isolated at the database level using row-level security (RLS). Queries are scoped to the authenticated user's organization; one customer cannot read another customer's data.
• •There is no cross-tenant data pooling, aggregation, or benchmarking.

Encryption

• •All data is encrypted in transit (TLS) and at rest (managed by our infrastructure providers).
• •Application-level secrets (such as a customer's AI provider key) are additionally encrypted with AES-256-GCM before storage.

Access control

• •Role-based access (admin, manager/CRO, rep) governs what each user sees inside an organization.
• •Reps see their own accounts; leaders see in-scope accounts; no one sees another org.
• •Administrative access to production is limited to authorized personnel.

AI handling

• •AI analysis runs server-side only; provider API keys are never exposed to the browser.
• •We minimize personal data before content is sent to the AI provider; analysis is built on company facts, roles, and titles rather than personal profiles.
• •Customer data is not used to train AI models — Anthropic's API terms exclude API data from training, and Numina never uses your data to train or fine-tune any model. See the AI & Data Use Statement.

Data lifecycle

• •Customers can delete all organization data from the product at any time.
• •On termination, customer data is deleted on request.

Honest status

We are an early-stage company. SOC 2 Type II and an independent penetration test are on our roadmap; we will share status and timelines on request. We would rather tell you exactly where we stand than overstate it.