Nomos AI LogoNomos Axis

Privacy Notice

Last updated: November 6, 2025

This privacy notice tells you what to expect us to do with your personal information. It outlines how Danyl Kecha, trading as Nomos Axis, a sole trader established in the United Kingdom (the "Data Controller," "we," "us," or "our") collects, uses, stores, and protects your personal data when you use our website, products, and services.

Our Contact Details:

Email: danyl.kecha@nomosai.co.uk

1. What Information We Collect, Use, and Why

We collect and use personal information for various purposes, relying on different lawful bases under UK data protection law. The types of information we collect and how we use them are detailed below:

a. To Provide and Improve Products and Services for Clients:

Information Collected:

Names and contact details; account registration information; activity logs relating to functional actions within the Platform (such as when a user submits a query, exports a document, or performs another defined operation); technical information (browser type, device, and operating system), and information relating to compliments or complaints.

Purpose:

To deliver the core functionalities of the Nomos Axis platform, maintain its performance, and enhance the quality, functionality, and relevance of the service.

Lawful Basis:

  • Contract: Where the processing is necessary to fulfil our contractual obligations to you by providing the services you signed up for.
  • Legitimate Interests: We process limited personal information, such as usage data and interaction logs, to improve the quality, functionality, and relevance of Nomos Axis. This helps us better serve the legal community by identifying performance issues, prioritising feature enhancements, and tailoring the platform to users' professional needs. We only use non-sensitive, minimal data, and users expect such improvements in a modern research platform. The benefit of a more accurate, useful, and efficient product significantly outweighs any low risk of intrusion on user privacy.

b. For the Operation of Client or Customer Accounts:

Information Collected:

Names and contact details, Account information, including registration details, Information used for security purposes (e.g., password hashes, multi-factor authentication setup), Technical data, including information about browser and operating systems.

Purpose:

To manage your account, enable secure login functionality, provide password management, log account access for security, and facilitate error recovery.

Lawful Basis:

  • Contract: Necessary for us to enter into and carry out a contract with you for account operation.
  • Legitimate Interests: We use personal data such as names, email addresses, and authentication credentials to securely operate user accounts. This data is necessary to ensure the platform works reliably and securely. It is in both our users' and our interest to maintain the integrity of accounts without requiring additional consent for every functional step, and users would reasonably expect this type of processing in a web-based platform.

c. To Comply with Legal Requirements:

Information Collected:

Name, Contact information, Client account information, Any other personal information required to comply with legal obligations (e.g., for financial reporting, tax purposes, or regulatory compliance).

Purpose:

To ensure we meet our legal and regulatory obligations.

Lawful Basis:

Legal Obligation – we must collect or use your information to comply with the law.

d. For Dealing with Queries, Complaints, or Claims:

Information Collected:

Names and contact details, Account information, Correspondence (including the content of your communication), Information relating to compliments or complaints.

Purpose:

To investigate and respond to user queries, complaints, or feedback, maintain high standards of service, resolve user concerns, and comply with legal and ethical obligations.

Lawful Basis:

Legitimate Interests: It is in both our interests and the users' interest to ensure concerns are addressed efficiently and fairly. The information used is limited to what users provide voluntarily, and the impact on their privacy is low relative to the benefit of transparent support.

e. AI Model Training

Nomos Axis will not use your User Input Data (e.g., your search queries, uploaded documents, or any other data you input into the platform) to train its AI models or for any purpose other than providing the services directly to you. Your User Input Data will not be used for any other purpose without your explicit prior written consent. This is to maintain client confidentiality and data protection.

2. Lawful Bases and Data Protection Rights

Under UK data protection law, we must have a "lawful basis" for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO's website. Which lawful basis we rely on may affect your data protection rights which are set out in brief below.

You can find out more about your data protection rights and the exemptions which may apply on the ICO's website:

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure – You have the right to ask us to delete your personal information. (Note: This right is not absolute and may not apply if we have a legal obligation to retain the data).
  • Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing – You have the right to object to the processing of your personal data where we are relying on legitimate interests as our lawful basis.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. (Note: This right typically applies only to data processed by automated means where the lawful bases are consent or contract).
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month. To make a data protection rights request, please contact us using the contact details provided in this privacy notice.

3. Where We Get Personal Information From

We collect personal information from:

  • Directly from you: When you register for an account, use the Platform, provide feedback, or contact us.
  • Suppliers and service providers: For example, authentication services or analytics providers.

4. How Long We Keep Information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Here's a suggested retention schedule tailored to your operations:

  • User Account Information: Retain for the duration of the user's active account and for up to 12 months after account closure to address any residual queries or legal obligations.
  • Usage Data (e.g., interaction logs): Retain for up to 24 months to analyze trends and improve service functionality.
  • Support Correspondence (e.g., emails, chat logs): Retain for 6 years to comply with legal requirements and for potential dispute resolution.
  • Anonymized Data: May be retained indefinitely, as it no longer constitutes personal data under UK GDPR.

5. Who We Share Information With

We may share your personal information with the following categories of recipients:

  • Data Processors and Service Providers:
    • Cloud Infrastructure and AI Service Providers: (e.g., Google LLC for cloud infrastructure and large language model inference). These providers perform activities such as hosting and running the Nomos Axis platform, including storage of user account information, logging user queries, and delivering AI-generated legal research outputs. They act only under our instructions and are bound by data processing agreements that comply with UK and EU data protection laws.
    • Identity and Access Management Service Provider: (e.g., Clerk, Inc.). Clerk provides identity and access management services, including user authentication, session handling, and account recovery for Nomos Axis. They process login credentials, manage sign-in flows (including via third-party providers like Google), and ensure secure access to user accounts. This helps us maintain a secure platform and comply with user access control best practices.
    • Search‑and‑Retrieval Provider (e.g., AlphaAI Technologies Inc. dba Tavily): When a user submits a query, the Platform uses large language models to generate brief technical search phrases derived from the user's request. These derived search strings — not the original question or any identifying information — are sent to Tavily exclusively to retrieve publicly available legal materials from the internet. Tavily acts as our data processor and may not use the derived search strings for any independent purpose, including improving its own search systems. We have disabled and prohibited any such secondary use.
  • Other organisations we're legally obliged to share personal information with: Such as regulators, law enforcement agencies, or other public authorities, when required by law.
  • Professional Advisors: Such as lawyers, auditors, and insurers, where necessary for their professional services.

6. Sharing Information Outside the UK

Where necessary, our data processors will share personal information outside of the UK. When doing so, they comply with the UK data protection laws, making sure appropriate safeguards are in place. For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation Name: Google LLC

  • Category of recipient: Cloud infrastructure, large language models' inference, and security services.
  • Country the personal information is sent to: Data is stored and processed primarily within European Union (Belgium) data centres. In limited circumstances, metadata may be accessed by Google personnel in the United States for support purposes.
  • How the transfer complies with UK data protection law: Google LLC is certified under the UK Extension to the EU–U.S. Data Privacy Framework, and its data processing agreements also incorporate Standard Contractual Clauses (SCCs) as an additional safeguard.

Organisation Name: Clerk, Inc.

  • Category of recipient: Authentication service provider (technology sector).
  • Country the personal information is sent to: United States
  • How the transfer complies with UK data protection law: Clerk, Inc. is certified under the UK Extension to the EU–U.S. Data Privacy Framework and includes Standard Contractual Clauses (SCCs) in its Data Processing Addendum to ensure adequate protection for transferred data.

Organisation Name: OpenAI LLC.

  • Category of recipient: Large‑language‑model inference provider.
  • Country the personal information is sent to: Processing may occur in the United States or other regions where OpenAI operates its infrastructure.
  • How the transfer complies with UK data protection law: Transfers are subject to Standard Contractual Clauses (SCCs) and OpenAI's contractual commitments to protect UK personal data. Personal information shared with OpenAI is limited to the text necessary to perform inference and is stripped of identifiers wherever practicable.

Organisation Name: AlphaAI Technologies Inc. (d/b/a Tavily)

  • Category of recipient: API‑based search‑and‑retrieval provider.
  • Country the personal information is sent to: United States
  • How the transfer complies with UK data protection law: AlphaAI Technologies Inc. relies on the UK Extension to the EU–U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs). Only derived search phrases (not the original user question or any identifying information) are transmitted, and Tavily is contractually prohibited from using the data for any independent purpose.

7. How We Protect Your Information

We implement appropriate technical and organisational measures designed to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. These measures include encryption of data in transit and at rest, access controls, regular security audits, and data minimisation. While we strive to protect your personal data, we cannot guarantee its absolute security.

8. Automated Decision-Making and Profiling

We do not use automated decision-making processes that produce legal or similarly significant effects on you. We also do not engage in profiling for purposes such as targeting or segmentation for marketing purposes.

9. How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

The ICO's address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Questions About Our Privacy Policy?

If you have any questions about how we handle your personal data, please get in touch.

Contact Us