NomaPort

AI Use & Data Handling Notice

This notice explains how NomaPort AI processes data, which providers or deployments may be involved, retention practices and options for private deployment on request.

Last updated: 14 June 2026

1. Purpose

This notice explains how NomaPort AI and related privacy-aware workflows handle data, which processing options may apply, and what responsibilities you retain when using AI features with sensitive information.

2. Scope

This notice applies to NomaPort AI subscriptions, document analysis workflows, redaction guidance, team AI policy features and any optional private deployment arrangements agreed in writing.

3. Your responsibilities

  • Ensure you have a lawful basis and organisational authority to submit documents and prompts.
  • Apply redaction or minimisation before upload where sensitive personal, client or classified information is involved.
  • Review AI outputs before using them in legal, medical, financial, safety-critical or compliance decisions.
  • Configure team policies and approved tool lists appropriate to your sector.
  • Do not submit malware, unlawful content or third-party data without permission.

4. How NomaPort AI processes data

NomaPort AI is designed for privacy-aware workflows. Depending on your plan and configuration, processing may include local preprocessing, redaction assistance, policy checks and submission to approved model providers or dedicated deployments.

We aim to minimise retention of prompt and document content to what is necessary to deliver the feature, provide support you request, maintain security logs and comply with law.

4.1 Standard cloud processing

In standard configurations, document excerpts or prompts may be transmitted to vetted third-party AI infrastructure providers under contractual safeguards. Providers must not use customer content to train public models unless explicitly disclosed and agreed.

4.2 Private or dedicated deployment

Enterprise customers may request private deployment, regional residency or customer-controlled keys subject to separate agreement, availability and fees.

5. Data categories and metadata

  • Document content and prompts you choose to submit.
  • Redaction markers, policy evaluation results and workflow metadata.
  • Account identifiers, timestamps, feature usage metrics and error diagnostics.
  • Support copies if you explicitly share content for troubleshooting.

6. Retention

Transient processing buffers are cleared according to operational schedules unless you enable features that require temporary storage for collaboration or audit. Exact retention periods for enterprise deployments are defined in applicable agreements.

Aggregated, de-identified usage statistics may be retained for product improvement.

7. Subprocessors and transfers

AI providers, hosting providers and security vendors may process data in multiple jurisdictions. Where required, we implement appropriate transfer safeguards and make subprocessor information available on request.

8. Human review

NomaPort personnel do not routinely review customer AI content except when you request support, when required to investigate abuse or security incidents, or when obliged by law. Access is restricted and logged where feasible.

9. Output limitations

AI outputs may be inaccurate, incomplete or outdated. They are advisory tools, not professional legal, medical or financial advice. You remain responsible for final decisions and disclosures to third parties.

10. Security measures

  • Encryption in transit for web and API interactions.
  • Access controls and authentication for account features.
  • Sensitive-data warnings and redaction-before-upload guidance in the product.
  • Monitoring for abuse indicators consistent with the Acceptable Use Policy.

11. Contact and enterprise requests

AI privacy and data handling: privacy@nomaport.com

Enterprise or private deployment enquiries: hello@nomaport.com

NomaPort reduces common security and privacy risks through secure configuration, guidance and partner-supported workflows. It does not guarantee anonymity, immunity from attack, full legal compliance or complete protection against all threats.