Our products
Nomic gives you the means to transform decades of unstructured data into organised, AI-ready knowledge, and the platform to operationalize it at scale.
Our products
Nomic gives you the means to transform decades of unstructured data into organised, AI-ready knowledge, and the platform to operationalize it at scale.
Nomic Platform
A turnkey AI-solution for out-the-box workflows and assistance across your firm's knowledge.
Security & Compliance
Security is fundamental to everything we build at Nomic
Last updated: September 30, 2025
For security-related questions or to report vulnerabilities: security@nomic.ai
Certifications and Third-Party Assessments
Nomic is committed to maintaining the highest security standards and undergoes regular third-party assessments to validate our security posture.
SOC 2 Type II Certified: Nomic is SOC 2 Type II certified. Visit our Security Center to request a copy of our compliance report and other security documentation.
Penetration Testing: We commit to conducting at least annual penetration testing by reputable third parties. External penetration test reports and other security assessments are available through our Security Center.
Vendor Reviews: All security documentation, compliance reports, and vendor assessment materials can be accessed at security.nomic.ai. You will be asked to sign an NDA before being granted access.
Infrastructure Security
Nomic is committed to maintaining the highest security standards and undergoes regular third-party assessments to validate our security posture
Cloud Infrastructure
- Primary hosting on AWS with high availability
- Data centers in US, Europe, and Asia
- Encrypted data in transit and at rest
- Regular security patches and updates
Access Controls
- Multi-factor authentication required
- Least-privilege access principles
- Encrypted data in transit and at rest
- Regular security patches and updates
Subprocessors
We depend on the following subprocessors to deliver our services. Data handling varies by service - see our full trust center for complete details.
AWS
We use AWS for our primary cloud hosting platform. All instances of Nomic are managed on AWS.
Anthropic
We use Anthropic for AI responses. We have a zero data retention agreement with Anthropic.
Google Cloud Vertex API
We rely on some Gemini models offered over Google Cloud’s Vertex API to give AI responses. We have a zero data retention agreement with Vertex.
Modal Labs
We use Modal for serverless infrastructure and compute to infer our custom models.
Sentry
We use Sentry to monitor errors and performance in our app. File data is never explicitly sent, but may show up in reported errors. Data from BYOC deployments never reaches Sentry.
Datadog
We use Datadog to monitor errors and performance in our app. File data is never explicitly sent, but may show up in reported errors. Data from BYOC deployments never reaches Datadog.
Google Analytics
Provides analytics for web presence
Stripe
We use Stripe for billing.
WorkOS
We use WorkOS for enterprise authentication and single sign-on (SSO).
Mixpanel
We use Mixpanel for product analytics and user behavior tracking.
Loops
We use Loops for email communications and notifications.
Geographic note: None of our infrastructure is located in China, and we do not directly use any Chinese companies as subprocessors.
AI Requests
When you use Nomic’s AI features, we take great care to protect your data throughout the AI processing pipeline.
Data Processing
- All AI requests are processed through our secure infrastructure
- Data is encrypted in transit to AI model providers
- We maintain zero data retention agreements with AI providers
- Context data is minimized to what’s necessary for processing
AI requests may include context from your files, conversation history, and relevant file snippets. This data is sent to our infrastructure and then to appropriate AI model providers (OpenAI, Anthropic, etc.) under strict data protection agreements.
Data and File Indexing
All files stored with Nomic are indexed using Nomic Platform infrastructure. When your data isn’t being processed, it is stored only in your Nomic instance and is encrypted at rest.
Indexing works by sending files or folders of files to the Nomic Platform embed
Deployment Options and Data
Nomic offers flexible deployment options to meet different security and compliance requirements. Each option provides different levels of data control and processing locations.
Nomic-Managed (Cloud)
Our standard cloud offering where Nomic manages all infrastructure and operations.
- All data is stored in Nomic managed AWS infrastructure
- Data is processed through the Nomic Platform
- Processing involves our sub-processors as listed above
- Fastest deployment with minimal setup required
Bring-Your-Own-Cloud (BYOC)
Deploy Nomic within your own cloud environment while leveraging our platform services.
- All data is stored in your cloud environment
- Data is processed by Nomic Platform AWS infrastructure
- Processing involves our sub-processors for AI operations
- Enhanced data residency control
On-Premise (Custom)
Fully isolated deployment within your own infrastructure with custom agreements.
- Complete data isolation within your environment
- Custom processing and sub-processor agreements
- Tailored security and compliance controls
- Contact our team for custom deployment options
Need a Custom Deployment?
For enterprise customers requiring specific compliance, data residency, or security controls, we offer custom deployment options. Contact our team at sales@nomic.ai to discuss your requirements.
Account Deletion
You have full control over your data and can delete your account and associated data at any time.
Data Deletion Process
- Account deletion can be initiated from your settings dashboard
- All personal data, stored and indexed files are immediately deleted
- Complete data removal guaranteed within 30 days
- Backups are automatically purged within retention period
Note: If your data was used in model training (opt-in), existing trained models will not be immediately retrained, but future model training will not include your deleted data.
Vulnerability Disclosures
We take security vulnerabilities seriously and encourage responsible disclosure from the security community.
Report a Vulnerability
If you discover a security vulnerability, please report it to: security@nomic.ai
Response Timeline
- Acknowledgment within 5 business days
- Complete data removal guaranteed within 30 days
- Regular updates throughout investigation
- Public disclosure after fix deployment
Responsible Disclosure Guidelines
- Provide detailed vulnerability information
- Allow reasonable time for fix development
- Avoid accessing or modifying user data
- Do not perform testing that degrades service