Last updated: April 25, 2026
This Privacy Policy describes how the Nomos application (“Nomos”, “the app”, “we”, “us”) collects, uses, and protects information.
Nomos is a personal AI assistant operated by Ignacio Delgado. It is currently a single-developer project intended for personal and small-scale use.
1. Information we access
When you connect your Google Account to Nomos you grant the app access to your Google Calendar through the OAuth 2.0 authorization flow. Nomos requests the following Google API scope:
https://www.googleapis.com/auth/calendar— read and write access to your primary calendar.
We use this access only to:
- list events in a date range you ask about (e.g. “what’s on my calendar today”);
- create, update, or delete events that you explicitly ask Nomos to add, change, or remove;
- generate the daily briefing the app shows you each morning.
Nomos does not access any other Google service. It does not read your email, contacts, photos, files, or browsing history.
In addition to Google Calendar, Nomos may also access — only after you explicitly configure each one — the following sources of your own data:
- the contents of an Obsidian vault you choose to sync to the backend;
- RSS feeds you add yourself;
- chat messages you type or speak into the app.
2. How information is used
Information accessed by Nomos is used solely to respond to your requests and to generate the personalised assistant features described above (chat replies, the morning briefing, voice answers).
We do not:
- sell your data;
- share your data with third parties for advertising or marketing;
- use your data to train, improve, or fine-tune any machine-learning model;
- read your data when you are not actively using the app, except for the daily briefing job that runs once each morning;
- transfer your Google user data to any other party except as required to provide the user-facing features of Nomos.
Limited Use disclosure. Nomos’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
3. Third-party processors
To deliver the assistant’s responses, voice features, and search, the app sends short, transient requests to the following providers. Where possible, only the minimum text needed to answer your request is sent.
| Provider | Purpose | Data sent |
|---|---|---|
| Groq | Speech-to-text (Whisper) and large language model inference for voice mode | Your spoken audio (a few seconds) and the transcribed text of your request |
| DeepInfra | Large language model inference for chat, text-to-speech for voice replies, and embeddings for note search | The text of your request, relevant context from your notes, and the text the assistant speaks back |
| Brave Search | Web search results when you ask a question that requires up-to-date public information | The text of your search query |
| Calendar read/write as described in section 1 | Calendar event data limited to the operations you request |
These providers act as data processors. Nomos does not send your Google Calendar event data to these processors except where the answer to your request explicitly involves Calendar content (for example, asking the assistant “what’s on my calendar today” will cause a short summary of today’s events to be sent to the language-model provider so the assistant can read it back to you).
4. Where data is stored
Nomos’s backend runs on a private server operated by the developer. The server stores:
- OAuth refresh tokens for the Google services you have connected, on disk, encrypted at rest;
- chat history and indexed snippets of your notes, in a Postgres database on the same server;
- daily briefings generated by the app, cached for one day.
No data is stored by the third-party processors listed in section 3 beyond the brief, transient processing of each request, except where those providers’ own retention policies apply (see their respective privacy policies).
5. Retention
You can disconnect Google Calendar from the app at any time by revoking access at https://myaccount.google.com/permissions. This will invalidate the OAuth refresh token Nomos holds.
You can also request deletion of all data Nomos has stored about you (chat history, indexed notes, cached briefings, OAuth tokens) by emailing [email protected]. Deletion will be performed within 30 days.
6. Security
OAuth tokens are stored on disk on the backend server and are not transmitted to any third party. The backend is reachable only over HTTPS. The Android app authenticates to the backend with a per-installation API key.
This is a personal project. While the developer takes reasonable precautions, the app does not carry the security guarantees of a commercial enterprise product. You should not rely on Nomos for high-stakes data.
7. Children
Nomos is not directed at children under 13, and we do not knowingly collect data from children under 13.
8. Changes
This policy may be updated. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated in the app.
9. Contact
For privacy questions, data deletion requests, or anything else, write to [email protected].