Trust
Security
Last updated July 4, 2026
Nomosyn connects directly into sensitive company systems, so security is core to how the platform is built — not an add-on.
Encryption
TLS 1.2+ in transit, AES-256 at rest for all connected-app content and documents.
Read-only scopes
Every connected app is granted read-only access — Nomosyn never sends, deletes, or modifies your data.
Client data isolation
Each client's connected-app content, evidence, and documents are logically isolated from every other client's data.
Attorney sign-off
No AI-generated guidance reaches a client's dashboard until a licensed attorney has reviewed and pushed it.
Access controls
Access is role-based: client users see only their own organization's data, and attorneys see only the clients assigned to them. All access is logged, and connected-app authorizations can be revoked instantly from the Integrations page.
Compliance
Nomosyn is pursuing SOC 2 Type II certification and supports HIPAA-aware handling of connected data for clients in regulated industries, including access-log review and Business Associate Agreements where applicable.
Sub-processors
We use a small number of vetted infrastructure and model providers to operate the platform. A current list of sub-processors is available on request.
Reporting a concern
If you discover a potential vulnerability, please contact security@nomosyn.ai. We aim to acknowledge reports within one business day.