← Nomu

Privacy Policy

Version 2026-06-10Effective 10 June 2026

This Privacy Policy explains what personal data Nomu ("we", "us") collects, how we use it, who we share it with, and the rights you have. Nomu is operated by [Your legal name], an individual based in the United Arab Emirates, acting as the data controller. Questions or requests: support@nomu.money.

We aim to comply with the UAE Personal Data Protection Law and, for users in those regions, the EU/UK GDPR and the California consumer privacy laws (CCPA/CPRA).

Data we collect

  • Account and profile data: your name, email address, password (stored only as a secure hash), and — if you sign in with Google — your basic Google profile.
  • Financial data you enter: the holdings, transactions, watchlists, and retirement-planner inputs you choose to record. Nomu is a manual tracker: we do not connect to your brokerage, execute trades, or hold any of your money.
  • AI assistant content: the messages you send and the portfolio context used to generate a response.
  • Usage and device data: analytics events, a masked session-replay recording (see below), and device, browser, and IP information.
  • Diagnostic data: error and performance reports that help us fix problems.
  • Subscription data: your plan and subscription status. Payments are handled by our payment processor — we do not store your full card number.
  • Communications: messages you send us and feature requests you submit.

How we use it, and our legal bases

  • To provide and operate the app, your account, and the features you use — performance of our contract with you.
  • To keep the service secure and prevent abuse, and to improve it — our legitimate interests.
  • For analytics and session replay — your consent where consent is required in your region (see the Cookie Policy).
  • To provide AI features — performance of our contract and, where required, your consent.
  • To send you service emails (and, only with your consent, any marketing) — contract and consent.
  • To meet legal obligations — compliance with law.

The AI assistant, sensitive data, and training

When you use the AI assistant, your messages and the relevant portfolio context are sent to third-party AI providers to generate a response. This processing may take place outside your country, including in countries that do not have a data-protection "adequacy" decision. We rely on the necessity of this processing to provide the feature you requested, and on appropriate safeguards, as our basis for the transfer. We do not use your data to train our own models. Please do not paste sensitive personal data — such as government identifiers, health information, or full financial-account numbers — into the assistant.

How we share data

We share personal data only with service providers that help us run Nomu, by category: hosting and infrastructure, database, transactional email, product analytics, error monitoring, AI processing, payment processing, and authentication. We also disclose data where required by law or to protect rights and safety, and we may transfer data as part of a business sale or reorganisation. We do not sell your personal data.

International transfers

Nomu and its providers operate across several countries, so your data may be processed outside where you live. Where the law requires it, we rely on appropriate safeguards or on the necessity of the transfer to provide the service you asked for.

How long we keep data

We keep your data while your account is active and for a limited period afterwards as needed for legal, security, and accounting purposes. If you request deletion, we apply a 30-day grace period before permanently removing your account data, after which deletion may take a little longer to propagate through backups. Analytics and diagnostic data are retained for limited periods.

Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to our processing of your data, to data portability, and to withdraw consent at any time. If you are in the EU/UK you may complain to your supervisory authority. If you are in California you may request to know, delete, and correct your data, opt out of any "sale" or "sharing" (we do not sell or share in that sense), and you will not be discriminated against for exercising these rights; you may use an authorised agent. To exercise any right, email support@nomu.money or use the controls in your account settings.

Children

Nomu is for adults. You must be at least 18 to use it, and we do not knowingly collect personal data from anyone under 18.

Security

We protect your data with measures such as encryption in transit, hashed passwords, and access controls. No method of storage or transmission is completely secure, so we cannot guarantee absolute security.

Changes

We may update this policy. If we make a material change, we will notify you, for example in the app or by email.

Contact

Privacy questions and all other requests: support@nomu.money.