Security & data
How Nomos handles your data.
A governance product has to be trustworthy with data before anything else. Here is exactly how Nomos handles your data — what it accesses, where it lives, how it moves, and what we will never do with it.
The essentials.
Read-only access
Nomos connects to your ad platforms through their official OAuth flows and requests read scopes only. It reads platform data; it doesn't change your campaigns.
Your warehouse, your data
Governed tables are written into a warehouse you own — Snowflake, BigQuery, or Redshift. Your data stays in your infrastructure, in open table formats you control.
Encryption in transit and at rest
Data moving between platforms, Nomos, and your warehouse is encrypted in transit. Credentials are stored encrypted at rest and scoped strictly to the connections you authorise.
Vendor due diligence
The infrastructure underneath Nomos runs on established cloud providers. We're glad to walk your security team through the architecture in detail.
No data resale. Ever.
We do not sell, syndicate, or build external benchmark products from your data. Any aggregate computed from your numbers exists only to improve the product experience you already pay for — never a data product sold to anyone else.
Bring your security review.
If a formal security review is part of how you evaluate tools, we support it. We provide a data-flow diagram and architecture walkthrough, a Data Processing Agreement, and documentation covering what is accessed, where it lives, and who can reach it.
We will go through your security team's questionnaire line by line — controls, sub-processors, retention, breach notification, and anything else your review requires. Book a demo and tell us what you need.