For your most sensitive research
Nomos is built to protect your data at every layer; from the queries you ask to the research you save. Nothing is shared. Nothing is trained on.
Security is not a feature. It’s the foundation.
Every layer of Nomos, from infrastructure to application, is designed with your data’s safety as the default - not an afterthought.
No model training on your data
Your legal research, queries, and documents are never fed into any training pipeline. Your data exists solely to serve you.
Encrypted at rest and in transit
TLS 1.2+ protects every request. AES-256 encrypts stored data. Keys are rotated regularly through secure management practices.
Philippine Data Privacy Act
We follow the principles of RA 10173 and guidelines set by the National Privacy Commission to protect personal data.
Authentication and access controls
Google OAuth and email/password authentication. Role-based controls ensure only authorized users access organization resources.
Singapore data residency
Hosted on Railway in Singapore — low-latency access across Southeast Asia with enterprise-grade infrastructure reliability.
SOC 2 and GDPR aligned
Our practices follow SOC 2 and GDPR frameworks. We implement administrative, technical, and physical safeguards.
Working toward formal certification
Our security practices are aligned with industry-recognized frameworks. While we are not yet independently audited, we are committed to continuously strengthening our posture and working toward formal certifications.
FAQ
Security fundamentals
Common questions about how we handle, store, and protect your data.
What data do you collect?
We collect only the data necessary to provide our service: your account information (name, email), organization details, and usage data such as search queries and saved research. We do not collect unnecessary personal information and follow data minimization principles.
How is my data encrypted?
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored in our databases is encrypted at rest using AES-256 encryption. Encryption keys are managed through secure key management practices and rotated regularly.
Where is my data hosted?
All user data is hosted on Railway infrastructure in Singapore. This provides reliable, low-latency access for users across Southeast Asia while maintaining enterprise-grade security and uptime guarantees.
Who has access to my data?
Access to user data is strictly limited to authorized personnel who require it for service operation and support. We enforce role-based access controls internally, and all access is logged and audited. Your data is never shared with third parties for marketing or advertising purposes.
Is my data used for AI model training?
No. Your data is never used to train, fine-tune, or improve any AI models. Your legal research queries, saved documents, and notebook contents are used solely to provide you with the Nomos service. We have strict data isolation practices in place.
How do you handle data deletion requests?
You can request deletion of your account and all associated data at any time by contacting us at support@nomos.ph. Upon receiving a valid deletion request, we will remove your personal data from our active systems within 30 days. Backup copies are purged within 90 days.
Are you compliant with Philippine data privacy laws?
We follow the principles and guidelines of the Philippine Data Privacy Act (Republic Act No. 10173) and the rules set by the National Privacy Commission. This includes implementing reasonable and appropriate organizational, physical, and technical security measures to protect personal data.