Privacy Policy
NOMOS Privacy Policy - How we collect, use, and protect your information
Last updated: July 2, 2025
This Privacy Policy describes how dowhile.dev (“we”, “our”, or “us”) collects, uses, and shares information when you use the NOMOS framework and related services.
Information We Collect
NOMOS Framework (Open Source)
The NOMOS framework itself does not collect or transmit any personal data. When you use NOMOS:
- All processing happens locally or on your chosen infrastructure
- Data only goes to LLM providers you configure (OpenAI, Anthropic, etc.)
- No telemetry or usage data is sent to dowhile.dev
- Your agents, conversations, and data remain under your control
NOMOS is open source software. You can review the code at github.com/dowhiledev/nomos to verify our privacy practices.
NOMOS Framework (Open Source)
The NOMOS framework itself does not collect or transmit any personal data. When you use NOMOS:
- All processing happens locally or on your chosen infrastructure
- Data only goes to LLM providers you configure (OpenAI, Anthropic, etc.)
- No telemetry or usage data is sent to dowhile.dev
- Your agents, conversations, and data remain under your control
NOMOS is open source software. You can review the code at github.com/dowhiledev/nomos to verify our privacy practices.
NOMOS Playground
Our web-based playground (nomos.dowhile.dev) may collect:
- Account Information: Email address, username (if you create an account)
- Usage Data: Pages visited, features used, session duration
- Agent Configurations: YAML configs and flow designs you create
- Technical Data: IP address, browser type, device information
Documentation Site
Our documentation site may collect:
- Analytics Data: Page views, referrers, search queries
- Performance Data: Page load times, error rates
- Feedback Data: Contact form submissions, support requests
LLM Provider Data
When you use NOMOS with LLM providers, your data is subject to their privacy policies:
Local Models (Ollama)
When using local models via Ollama, no external data transmission occurs.
How We Use Information
Service Provision
Service Provision
- Provide and maintain the NOMOS playground
- Process and respond to your support requests
- Send important service announcements
- Improve our documentation and user experience
Product Improvement
Product Improvement
- Analyze usage patterns to improve NOMOS features
- Identify and fix bugs and performance issues
- Develop new features based on user needs
- Optimize documentation and learning resources
Communication
Communication
- Respond to inquiries and support requests
- Send security updates and important notices
- Share community highlights and project updates
- Provide technical assistance and guidance
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We only share information in the following limited circumstances:
With Your Consent
- When you explicitly authorize us to share information
- When you choose to make content public (e.g., showcase submissions)
Service Providers
- Analytics providers (Google Analytics, with data minimization)
- Hosting providers (Vercel, AWS) for service operation
- Support tools (Discord, GitHub) for community management
Legal Requirements
- When required by law or legal process
- To protect rights, property, or safety
- In connection with business transfers
We do not sell, rent, or trade your personal information. We only share information in the following limited circumstances:
With Your Consent
- When you explicitly authorize us to share information
- When you choose to make content public (e.g., showcase submissions)
Service Providers
- Analytics providers (Google Analytics, with data minimization)
- Hosting providers (Vercel, AWS) for service operation
- Support tools (Discord, GitHub) for community management
Legal Requirements
- When required by law or legal process
- To protect rights, property, or safety
- In connection with business transfers
Analytics
- Google Analytics: Website usage analytics (anonymized)
- GitHub: Code repository hosting and issue tracking
- Discord: Community chat and support
Infrastructure
- Vercel: Documentation hosting
- AWS/GCP: Cloud infrastructure for web services
- Cloudflare: CDN and security services
Each service has its own privacy policy governing their data practices.
Data Storage
- NOMOS Framework: Runs locally on your infrastructure
- Playground: Data stored in US-based cloud services
- Documentation: Hosted on global CDN for performance
Cross-Border Transfers
If you’re outside the US, your information may be transferred to and processed in the United States, where our servers are located.
Your Rights and Choices
Access and Control
Access and Control
You have the right to:
- Access your personal information we hold
- Correct inaccurate or incomplete information
- Delete your account and associated data
- Export your data in a portable format
- Opt-out of non-essential communications
Framework Data
Framework Data
Since NOMOS runs locally, you have complete control over:
- Agent configurations and prompts
- Conversation history and logs
- Custom tools and integrations
- Model choices and API keys
This data never leaves your environment unless you explicitly configure it to do so.
Web Services Data
Web Services Data
For our web services, you can:
- Delete your playground account
- Request removal of showcase submissions
- Unsubscribe from email communications
- Clear browser data and cookies
Data Security
Security Practices
- Encryption: HTTPS/TLS for all web communications
- Access Controls: Limited access to personal data
- Monitoring: Security monitoring and incident response
- Updates: Regular security updates and patches
Framework Security
- Open source code available for security review
- No backdoors or hidden data collection
- Local processing minimizes exposure
- User-controlled API key management
Security Practices
- Encryption: HTTPS/TLS for all web communications
- Access Controls: Limited access to personal data
- Monitoring: Security monitoring and incident response
- Updates: Regular security updates and patches
Framework Security
- Open source code available for security review
- No backdoors or hidden data collection
- Local processing minimizes exposure
- User-controlled API key management
Team Access
- Minimal team access to personal information
- Background checks for team members with data access
- Regular security training and awareness
- Incident response procedures
Vendor Management
- Due diligence on third-party providers
- Contractual data protection requirements
- Regular vendor security assessments
Data Retention
Framework Data
Framework Data
Data processed by the NOMOS framework is retained based on your configuration:
- Conversation Memory: Configurable retention periods
- Logs: Configurable log rotation and cleanup
- Cache Data: Automatic expiration based on settings
- User Control: Complete control over data lifecycle
Web Services Data
Web Services Data
- Account Data: Retained while account is active
- Usage Analytics: Aggregated data retained for 26 months
- Support Requests: Retained for 3 years for quality purposes
- Marketing Data: Until you unsubscribe or request deletion
Deletion Process
Deletion Process
When you request data deletion:
- Personal identifiers removed within 30 days
- Aggregated analytics data may be retained (anonymized)
- Backup systems purged within 90 days
- Legal hold data may be retained as required by law
Children’s Privacy
NOMOS and our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.
Regional Privacy Laws
Your Rights Under GDPR
If you’re in the European Union, you have additional rights:
- Right to Rectification: Correct inaccurate data
- Right to Erasure: “Right to be forgotten”
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Export your data
- Right to Object: Object to processing for marketing
Legal Basis for Processing
- Contract Performance: Providing services you’ve requested
- Legitimate Interest: Improving our services and security
- Consent: Marketing communications and optional features
Your Rights Under GDPR
If you’re in the European Union, you have additional rights:
- Right to Rectification: Correct inaccurate data
- Right to Erasure: “Right to be forgotten”
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Export your data
- Right to Object: Object to processing for marketing
Legal Basis for Processing
- Contract Performance: Providing services you’ve requested
- Legitimate Interest: Improving our services and security
- Consent: Marketing communications and optional features
Your Rights Under CCPA
California residents have the right to:
- Know what personal information we collect
- Request deletion of personal information
- Opt-out of “sale” of personal information (we don’t sell data)
- Non-discrimination for exercising CCPA rights
Information Requests
You can request information about data collected in the past 12 months, including categories of sources and purposes for collection.
Global Privacy Standards
We respect privacy rights worldwide and provide:
- Transparent data practices regardless of location
- Reasonable access to your personal information
- Options to control data use and sharing
- Secure data handling practices
If your jurisdiction has specific privacy laws, please contact us to discuss how they apply to your use of NOMOS.
Cookies and Tracking
Website Cookies
Website Cookies
Do Not Track
Do Not Track
We respect “Do Not Track” browser settings and will not track users who have enabled this preference for non-essential analytics.
Framework Tracking
Framework Tracking
The NOMOS framework itself does not use cookies or tracking. Any tracking is limited to:
- Local session management (if using web interface)
- User-configured analytics (under your control)
Changes to This Policy
We may update this Privacy Policy periodically. When we make changes:
Notification
We’ll notify you of significant changes via email or prominent notice
Review Period
You’ll have 30 days to review changes before they take effect
Continued Use
Continued use after changes indicates acceptance of the new policy
Objection
If you disagree with changes, you may delete your account
Contact Us
Privacy Questions
General privacy questions and concerns
Data Requests
Access, correction, or deletion requests
Security Issues
Report security vulnerabilities
Legal Inquiries
Legal compliance and subpoena requests
Mailing Address
dowhile.dev Attn: Privacy Officer [Address to be updated] [City, State, ZIP] United States
This privacy policy is designed to be transparent and comprehensive. If you have questions about any aspect of our privacy practices, please don’t hesitate to contact us.
Related Documents
Terms of Service
Our terms of service and usage agreements
Security
Security practices and vulnerability reporting