This Privacy Policy describes how NomoCoda LLC ("NomoCoda," "we," "us") collects, uses, and discloses personal data in connection with the Lens service ("Service") and the marketing surfaces at nomocoda.com and its subdomains.

1. Who we are

NomoCoda LLC is a Texas limited liability company. We provide Lens, an AI-native intelligence service that reads from connected workplace systems on a per-user basis and produces personalized intelligence for each user.

For privacy-related inquiries, contact legal@nomocoda.com.

2. Scope and roles

This Policy applies to personal data we process as a controller — primarily, account, billing, and marketing-website data for individuals who sign up for, pay for, or evaluate the Service.

When a customer organization uses the Service to process personal data of its workforce or contacts through connected systems, NomoCoda acts as a processor on the customer's behalf. The Data Processing Addendum governs that relationship. See the Data Processing Addendum.

3. Personal data we collect

Account data. Name, email address, profile image, organization affiliation, role, archetype selection, authentication identifiers. Provided by the individual at sign-up or through their identity provider.

Connected-system data. When a user connects a third-party system (Gmail, Calendar, Drive, Slack, HubSpot, Salesforce, and similar), Lens reads data from that system under the user's own OAuth credentials and within the user's existing access scope. Lens does not receive data the user does not have access to. Connected-system data is processed to produce that user's intelligence feed; further detail is in the Data Processing Addendum.

Usage data. Pages visited, features used, performance and reliability telemetry. Collected automatically when the Service is used.

Communications data. Email correspondence, support requests, marketing replies. Provided by the individual when contacting us.

Billing data. Billing contact, payment method, billing address. Collected by our payments provider (Stripe) and provided to NomoCoda in summary form.

We do not knowingly collect sensitive categories of personal data (health, biometric, government identifiers, racial or ethnic origin) and ask that individuals not transmit such data through the Service.

4. How we use personal data

We process personal data to:

  • Provide and operate the Service, including authenticating users, generating intelligence, and synchronizing permission state.

  • Maintain the security and integrity of the Service, including detecting and responding to fraud, abuse, and threats.

  • Communicate with users about service updates, support requests, and material changes.

  • Process payments and manage subscriptions.

  • Comply with legal obligations, respond to lawful requests, and enforce our agreements.

  • Improve and develop the Service, including diagnosing engineering issues and evaluating product quality.

We do not sell personal data and do not share personal data for cross-context behavioral advertising.

5. Legal bases for processing

For individuals in the European Economic Area, the United Kingdom, and Switzerland, NomoCoda relies on the following legal bases under GDPR and UK GDPR:

  • Contract. Processing necessary to perform the Service for the individual or the customer that employs them.

  • Legitimate interests. Processing necessary for security, fraud prevention, product improvement, and direct communication with users about the Service.

  • Consent. Where required, including for non-essential cookies and certain marketing communications.

  • Legal obligation. Where required by law.

6. Sharing and disclosure

We share personal data with the categories of recipients below.

Sub-processors. Third-party service providers that process personal data on our behalf to operate the Service. The current list, including each sub-processor's function and processing location, is maintained at Sub-processors.

AI providers. Customer data sent to AI providers is bounded by the calling user's access scope and is governed by the terms described in How Lens uses AI.

Legal, safety, and compliance. Government authorities, regulators, and other third parties where disclosure is required by law, court order, or to protect the rights, property, or safety of NomoCoda, its users, or the public.

Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred subject to standard confidentiality protections.

7. International transfers

NomoCoda is based in the United States and processes personal data in the United States. When we transfer personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent safeguards as applicable.

8. Retention

We retain personal data for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Account data is retained for the duration of the customer relationship and for a reasonable period after termination, after which it is deleted or anonymized.

Customer-owned data processed through the Service is retained according to the terms of the Data Processing Addendum and the customer's deletion instructions.

9. Security

NomoCoda implements technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, and destruction. The architectural detail is published at Security & Trust. No system is perfectly secure; we work continuously to maintain a security posture commensurate with the sensitivity of the data we hold.

10. Individual rights

Subject to applicable law, individuals have the right to:

  • Access the personal data we hold about them.

  • Correct inaccurate personal data.

  • Delete personal data, subject to retention requirements.

  • Restrict or object to certain processing.

  • Receive personal data in a portable format.

  • Withdraw consent where processing is based on consent.

  • Lodge a complaint with a supervisory authority.

For individuals in California, additional rights under the California Consumer Privacy Act apply, including the right to know, the right to delete, the right to correct, and the right to opt out of sale or sharing. NomoCoda does not sell personal data.

To exercise any of these rights, contact legal@nomocoda.com. We respond within the timeframes required by applicable law.

11. Children

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from individuals under 16. If we learn that we have collected such data, we will delete it.

12. Changes to this Policy

We update this Privacy Policy as our practices evolve and as required by law. We will notify users of material changes through the Service or by email. Continued use of the Service following an update constitutes acceptance of the updated Policy.

13. Contact

Questions, requests, and complaints regarding this Privacy Policy can be addressed to:

NomoCoda LLC

Attn: Legal

legal@nomocoda.com

Last updated: 2026-05-13