NomaPort

Privacy Policy

This policy explains what personal data NomaPort collects, why we collect it, how we use it, how long we retain it and your rights regarding your data.

Last updated: 14 June 2026

1. Introduction

NomaPort ("NomaPort", "we", "us") respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and what rights you have.

This policy applies to our website, forms, customer accounts, subscriptions, support communications, device and service onboarding, marketing activities and related online services.

2. Data controller

For the processing described in this policy, NomaPort acts as the data controller unless we state otherwise in a separate agreement.

Privacy enquiries and data subject requests: privacy@nomaport.com

General contact: hello@nomaport.com

3. Personal data we collect

3.1 Information you provide

  • Identity and contact details such as name, email address, company, country and phone number when you submit forms or create an account.
  • Account profile information and display name.
  • Commercial information such as products of interest, team size, VPN preferences, pilot requirements and messages you send us.
  • Billing-related identifiers handled by Stripe. We do not store full payment card numbers on our servers.
  • Consent records, including agreement to this policy and marketing or cookie preferences where applicable.

3.2 Information collected automatically

  • Website usage data such as pages viewed, referral URLs, locale, timestamps and approximate device or browser information.
  • Security and operational logs, including IP address, request metadata and error diagnostics.
  • Cookie and similar technology data as described in our Cookie Policy.
  • Attribution data such as UTM parameters, session identifiers and campaign click identifiers when present in URLs.

3.3 Information from connected services

  • Subscription status, customer IDs and invoice metadata from Stripe.
  • Email delivery events from our email provider.
  • Authentication and account lifecycle events necessary to operate sign-in and entitlements.
  • API usage metadata when you connect NomaPort apps using account API keys.

4. Why we use personal data

We process personal data only where we have a valid legal basis under applicable law, including:

  • Contract: to provide accounts, subscriptions, orders, onboarding, support and billing.
  • Legitimate interests: to secure our services, prevent abuse, improve products, understand website performance and communicate about similar services, balanced against your rights.
  • Consent: for optional analytics, marketing cookies, newsletters and other processing where consent is required.
  • Legal obligation: to comply with tax, accounting, consumer, security and regulatory requirements.

5. How we use personal data

  • Respond to enquiries, pilot requests, quotes and support tickets.
  • Create and manage customer accounts, entitlements, knowledge progress and API keys.
  • Process subscriptions, payments and refunds through Stripe.
  • Send transactional messages such as sign-in links, order updates and service notices.
  • Provide security updates, product information and marketing communications where permitted.
  • Operate analytics and campaign measurement when you consent to non-essential cookies.
  • Detect, investigate and prevent fraud, abuse and security incidents.
  • Maintain business records and enforce our terms and policies.

6. Sharing and processors

We do not sell your personal data. We share data with service providers that help us operate NomaPort, subject to appropriate contractual safeguards where required.

  • Hosting, database and infrastructure providers (including Neon Postgres where configured).
  • Stripe for payments and billing portal functionality.
  • Resend or comparable email providers for transactional email and magic-link authentication.
  • Analytics and advertising partners such as Google Analytics, Meta and LinkedIn when you consent to those categories.
  • Professional advisers, insurers, auditors and authorities where legally required.
  • Acquirers or successors in the event of a business reorganisation, subject to continued protection of your data.

7. International transfers

Some providers may process data outside your country, including outside the European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions or equivalent mechanisms.

You may contact us for more information about transfer safeguards relevant to your data.

8. Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law.

  • Account data: for the life of the account and a reasonable period thereafter for support, billing and dispute resolution.
  • Lead and enquiry records: typically up to twenty-four (24) months unless a longer period is justified by an active opportunity or legal requirement.
  • Billing and tax records: as required by applicable accounting and tax law.
  • Security logs: for a limited period appropriate to incident investigation and system integrity.
  • Marketing consents and cookie preferences: according to the relevant consent record and legal requirements.

9. Security

We implement appropriate technical and organisational measures designed to protect personal data, including access controls, encryption in transit where supported, key hashing for API credentials and least-privilege administrative access.

No method of transmission or storage is completely secure. You are responsible for safeguarding your email access, API keys and devices used with NomaPort.

10. Your rights

Depending on your location, you may have the right to access, rectify, erase, restrict or object to certain processing, withdraw consent where processing is consent-based, request portability and lodge a complaint with a supervisory authority.

EU/EEA users may contact their local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

  • Submit requests to privacy@nomaport.com. We may need to verify your identity before responding.
  • You may manage cookie preferences at any time through the cookie settings link in the site footer.
  • You may unsubscribe from marketing emails using the link in the message or by contacting us.

11. Children

NomaPort services are not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

12. Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you. Device posture scores and AI outputs are advisory and require human review before high-impact decisions.

13. Changes to this policy

We may update this Privacy Policy from time to time. The 'Last updated' date at the top of the legal page indicates the latest version. Material changes will be communicated where required by law.

14. Contact

Privacy enquiries: privacy@nomaport.com

General contact: hello@nomaport.com

Website: https://nomaport.com

NomaPort reduces common security and privacy risks through secure configuration, guidance and partner-supported workflows. It does not guarantee anonymity, immunity from attack, full legal compliance or complete protection against all threats.