Nomos Logo

Nomos — Data Controls

Last Updated: October 25, 2025

If you have any questions, email us at founders@plutas.in

1. Your Data Belongs to You

At Nomos, we treat your data with the seriousness and confidentiality expected in legal practice.

You own all your data

Every document, clause, negotiation history, template, matter file, research request, or analytical output you create within Nomos is entirely yours. Nomos is a tool—not a repository of rights. We never claim ownership over your work.

We never sell your data

Plutas Lab's business model is simple:

We sell software, not your information.

No customer data is ever sold, shared, or monetized.

You remain in full control

You decide:

  • What data you upload
  • Where it is stored (cloud, VPC, or on-premise)
  • Who has access
  • How long it is retained
  • When it is deleted

Total transparency

You deserve clarity about how your information is processed.

This page outlines exactly what happens to your data at every step.

2. How Nomos Processes Data

Default: Private or VPC Processing

Unlike most AI platforms, Nomos is designed from the ground up to run in:

  • Your own Virtual Private Cloud (VPC)
  • Your on-premise servers
  • Your preferred cloud region
  • Or Plutas Lab's secure environment (optional)

Your data never leaves the infrastructure you choose.

On-Premise Deployments Available

If your organization requires that no data ever leaves your internal network:

  • We support full on-prem installations
  • No external API calls
  • No external logging
  • Air-gapped options available

To discuss deployment options:

📧 founders@plutas.in

3. How Nomos Uses Your Data

Nomos uses your data only to provide the Services.

Never for training. Never for sharing. Never for model improvement.

A. Contextual Understanding (For Your Use Only)

When you upload documents or interact with Nomos:

  • The model uses that context
  • Responds with tailored reasoning, drafting, and analysis
  • Provides suggestions aligned to your own templates, policies, and clauses

This context is used to serve your request only.

It is not stored for model training or shared with anyone else.

B. Personalized Experience

Nomos may adapt to:

  • Your drafting style
  • Your negotiation patterns
  • Your preferred fallback positions
  • Your analysis format

But this personalization stays inside your organization only.

No cross-account sharing.

No pooled training.

No mixing of data between customers.

C. Zero Cross-Contamination

Each customer environment is fully isolated:

  • No shared embeddings
  • No shared logs
  • No shared learning
  • No shared model updates

Your firm's strategies remain your firm's strategies.

4. Data Security & Compliance

Security is the foundation of Nomos.

We implement the same protections expected in legal, financial, and enterprise environments.

A. Encryption Everywhere

  • AES-256 data encryption at rest
  • TLS 1.3 for all in-transit communication
  • All databases encrypted
  • All backups encrypted

B. Strict Access Control

  • Zero-trust architecture
  • Role-based access controls
  • Multi-factor authentication where applicable
  • Access granted only when necessary and logged at every step

C. Separation of Duties

Only a minimal number of Plutas Lab engineers—bound by strict confidentiality—can access operational systems, and only when required for support.

D. Regular Audits

We perform:

  • Continuous internal monitoring
  • Third-party security reviews
  • Vulnerability scanning
  • Infrastructure hardening
  • Penetration testing

E. SOC 2 Type II (In Progress)

Plutas Lab is actively pursuing SOC 2 Type II certification.

This includes controls for:

  • Security
  • Confidentiality
  • Availability

5. Third-Party AI Providers (When Used)

Nomos primarily supports private deployments that do not rely on any external AI providers.

However, when customers choose a cloud-hosted Nomos environment using external LLMs, we enforce strict safeguards:

A. Zero Data Retention

All integrated AI providers receive your data under no-retention agreements.

This ensures:

  • Your data is used only to fulfill your request
  • It is not stored
  • It is not logged
  • It is not retained
  • It is not used to train or improve external models

B. No Training, Ever

Third-party LLMs may not use your data to:

  • Train
  • Fine-tune
  • Benchmark
  • Align
  • Or otherwise improve their systems

C. Work Product Stays Yours

Nothing you draft, analyze, or upload:

  • Becomes part of any external dataset
  • Is exposed to other users
  • Is available to model providers
  • Is reused for future outputs

6. Legal-Specific Data Protections

A. Document Confidentiality

Every document uploaded to Nomos is treated as:

  • Confidential
  • Privileged (where applicable)
  • Sensitive legal material

Protections include:

  • Strict access controls
  • Full audit trails
  • Encrypted storage
  • Environment isolation

We treat your documents with the same level of care your own internal systems would.

B. Attorney–Client Privilege

Nomos is designed to preserve privilege:

  • No data sharing
  • No external reuse
  • No access by third parties
  • No training on privileged materials

We encourage firms to consult their professional ethics guidance regarding AI tools, but Nomos is engineered to preserve the confidentiality necessary to maintain privilege.

C. Data Retention & Deletion

You control what stays and what goes.

Retention

We retain data only as long as:

  • Required to operate the Services
  • Your contract requires
  • Law or regulation mandates

Deletion

You may request full deletion at any time:

📧 founders@plutas.in

We permanently delete all requested customer data within 30 days, unless legally required to retain it.

Account Closure

When an account is closed:

  • All associated data is permanently deleted
  • Backups containing your data are purged on their cycle
  • No copies are retained