This policy explains how Nomi collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch law.
1. Who We Are
Nomi is an AI-powered customer support platform operated by A. Moradi, based in the Netherlands. When we refer to "Nomi", "we", "us", or "our" in this policy, we mean A. Moradi as the data controller.
For any privacy-related questions, you can contact us at: [email protected]
2. What Data We Collect
We collect the following categories of personal data:
- Account data — your name, email address, company name, and password (stored encrypted) when you register for an account.
- Billing data — payment information is processed directly by Stripe. We do not store your card details. We receive only a confirmation of payment and your Stripe customer ID.
- Usage data — information about how you use our platform, including documents you upload, chat sessions generated by your bot, and login activity.
- End-user chat data — messages sent by your website visitors to your Nomi bot. These are stored to provide you with analytics and conversation history in your dashboard.
- Technical data — IP addresses, browser type, and device information collected automatically when you use our service.
3. How We Use Your Data
We use your personal data for the following purposes:
- To provide and operate the Nomi service
- To process payments and manage your subscription via Stripe
- To send you service-related emails such as trial reminders and billing notifications
- To provide customer support when you contact us
- To improve and develop our platform
- To comply with our legal obligations
We do not sell your data to third parties. We do not use your data for advertising purposes.
4. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6:
- Contract — processing is necessary to fulfil our service agreement with you
- Legitimate interests — to improve our service and prevent fraud
- Legal obligation — to comply with applicable laws and regulations
- Consent — where you have explicitly given consent, such as for marketing communications
5. Data Sharing
We share your data only with the following third-party service providers who help us operate Nomi:
- Anthropic — processes message content to generate AI responses. Anthropic's privacy policy applies to data processed by their API.
- Stripe — processes payments. Stripe's privacy policy applies to billing data.
- Railway — hosts our backend infrastructure. Data is stored on Railway's servers.
- Vercel — hosts our frontend applications.
All third-party providers are contractually obligated to process your data only as instructed and to maintain appropriate security measures.
6. Data Retention
We retain your data for as long as your account is active. If you cancel your account:
- Your account data is deleted within 30 days of cancellation
- Chat history and documents are deleted immediately upon account deletion
- Billing records are retained for 7 years as required by Dutch tax law
7. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
- Right of access — you can request a copy of all personal data we hold about you
- Right to rectification — you can request correction of inaccurate data
- Right to erasure — you can request deletion of your personal data
- Right to restriction — you can request that we limit how we process your data
- Right to data portability — you can request your data in a machine-readable format
- Right to object — you can object to processing based on legitimate interests
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
8. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- Encrypted storage of passwords using bcrypt
- HTTPS encryption for all data in transit
- Access controls limiting who can access personal data
- Regular security reviews of our infrastructure
9. Cookies
Nomi uses only essential cookies required for the service to function, such as session tokens to keep you logged in. We do not use tracking cookies or advertising cookies.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email. The current version is always available on this page with the date it was last updated.
11. Contact
For any questions about this privacy policy or how we handle your data, contact us at:
A. Moradi
Netherlands
[email protected]