Concept · article 06 of 07

What data
nouz stores.

The honest inventory: your email, your shop's financial entries, and what we don't collect.

Ibrahim Ölmez Ibrahim ÖlmezFounder · nouz · 5 min read · Updated this week
Minimum viable data. We collect what we need to run your daily P&L and your subscription. Nothing else. No tracking, no profiling, no third-party data brokers.

nouz collects the minimum data needed to run your P&L and your subscription, and nothing else. The full inventory below is genuinely complete — if it's not listed here, we don't have it.

01 What we collect

  • Your email address. Used for login, password resets, support, billing notifications.
  • Your password (hashed). We store a bcrypt hash, not the password itself. We can't see it; nobody can recover it from a backup.
  • Your business profile. Name, country, language.
  • Your locations. Name and country per location.
  • Your financial entries. Revenue, expenses, products, fixed costs — exactly what you log.
  • Your subscription state. Plan key, billing date, status — synced from Stripe.
  • Server-side logs. Standard error logging via Sentry. Includes route paths and error stack traces, no PII.

02 What we don't collect

  • Your customers' data. nouz is your P&L, not a CRM. We never see individual customer transactions, names, or contact details.
  • Your bank or accounting details. We don't integrate with banks; we don't see deposits.
  • Tracking pixels or session recordings. No Hotjar, no FullStory, no behaviour profiling.
  • Analytics tied to your identity. We use minimal analytics (page views, conversion events) but not tied back to individual user accounts.
  • Cross-site cookies. Only first-party cookies for auth and language preference.

03 Where it lives

Your data lives in EU-region Supabase databases (managed Postgres). Backups are encrypted at rest. Stripe holds your billing data on their servers. Email transactional messages flow through Resend. All three are GDPR-covered. We don't share data with third parties beyond these three operational dependencies.

04 Who can access it

Access is strictly limited:

  • You — full access to everything in your account via the UI and via export.
  • nouz engineers — server-side access for debugging when you ask for help, and for maintenance. We don't browse customer data casually.
  • Sentry — error stack traces only (no PII).
  • Stripe — your billing data (the email + card details you gave them; they don't see your financial entries).
GDPR data requests. You can request a full data export or full deletion any time. The export button on Settings covers both — and account deletion respects the 30-day grace + permanent wipe pattern.

Was this article helpful?

Your vote helps us decide what to write next.

More in Account & security

07

Logging in on a second device

How sessions work across phone, tablet and desktop. Whether you need to sign out anywhere first.

 01

Resetting your password

The forgot-password link, the email, the reset form. What to expect and what to do if the link expires.
Still stuck? Email support@nouz.co — a founder replies, usually the same business day.