Privacy Policy

Last updated: May 2026

What we collect

NomisFile collects the minimum data necessary to operate the compliance calendar service:

• Account information (email address, name)
• Organization and entity data you enter (company names, licenses, fiscal year dates)
• Obligation instance data (filing statuses, dates, notes)
• Uploaded documents (generated documents, examination evidence)
• Usage data (page views, feature usage for product improvement)

How we use your data

Your data is used solely to operate the NomisFile service: generating compliance calendars, sending deadline reminders, and maintaining your filing records. We do not sell, rent, or share your data with third parties for marketing purposes.

Data storage and security

All data is stored in PostgreSQL with row-level security ensuring tenant isolation. Sensitive credentials are encrypted at rest using pgcrypto. See our security page for details on implemented controls.

Data retention

Your data is retained for the duration of your subscription plus a reasonable wind-down period. You may request data export or deletion by contacting us at [email protected].

Contact

Questions about this policy? Email [email protected].