Nomoros AI
Privacy Policy
Effective: 16 April 2026 • Next review: 16 April 2027 • Version 1.0
Data Controller
Nomoros AI Ltd (incorporated in England and Wales)
Registered address
London, United Kingdom
Website
Privacy contact
Supervisory authority
Information Commissioner's Office (ICO) — ico.org.uk
Legal framework
UK GDPR (as applied by the Data Protection Act 2018)
Nomoros AI Ltd (“Nomoros”, “we”, “us”, “our”) is an AI-native conveyancing platform designed to help residential property solicitors and licensed conveyancers at SME law firms process transactions faster, with less administrative burden and greater compliance confidence.
This Privacy Policy explains how we collect, use, store, share and protect personal data when you visit nomoros.ai, use our platform, respond to our marketing, or otherwise interact with us. It also sets out your rights under UK data protection law.
Please read this Policy carefully. By accessing our website or platform, you acknowledge that you have read and understood it.
This Policy applies to all individuals whose personal data we process, including:
• Fee earners, solicitors, paralegals and administrative staff at law firms that subscribe to or trial Nomoros (“Platform Users”);
• Clients of those law firms whose data is processed through the Nomoros platform in connection with conveyancing transactions (“Transaction Data Subjects”);
• Visitors to nomoros.ai;
• Individuals who contact us for information, support or sales enquiries; and
• Prospective employees, contractors or business partners.
Where we process personal data on behalf of a law firm (i.e. as a Data Processor), the law firm is the Data Controller for that data. In those circumstances our Data Processing Agreement (DPA) with the firm governs processing and the firm’s own privacy notice should be provided to its clients.
When a firm subscribes to Nomoros, we collect:
• Full name, job title, email address, telephone number. Identity and contact data:
• Encrypted login credentials and access-control settings. Account credentials:
• Pages visited, features used, session duration, IP address, browser and device type. Usage and log data:
• Support tickets, in-app messages, feedback submitted to us. Communications:
• Billing contact details and invoice records (card data is handled exclusively by our PCI-DSS-compliant payment processor; we do not store raw card numbers). Payment data:
In the course of processing property transactions through our platform, law firms may upload or generate data relating to their clients and counterparties. This may include:
• Full name, address, date of birth, contact information. Identity and contact details:
• Purchase price, mortgage details, outstanding charges. Financial data:
• Title number, registered title, searches results, leasehold information. Property data:
• Identity verification documents, source-of-funds evidence, Politically Exposed Persons (PEP) and sanctions screening outcomes. AML / KYC data:
• In limited circumstances, data that may reveal health conditions, immigration status or other special categories as defined under Article 9 UK GDPR may arise in supporting documentation. We process such data only to the extent necessary for the firm to fulfil its legal obligations. Special category data:
We process this data on behalf of and under instruction from the relevant law firm (as Processor). The law firm remains Controller and must have an appropriate lawful basis.
When you visit nomoros.ai we automatically collect:
• Technical data: IP address, browser type, referring URL, pages viewed, time on site.
• Cookie data: As described in Section 11 (Cookies).
• Enquiry data: Name, email and message content when you use our contact form.
We use personal data for the following purposes, in each case supported by the lawful basis stated:
Purpose
Lawful Basis
Providing and operating the Nomoros platform
Contract performance (Art. 6(1)(b) UK GDPR)
Processing conveyancing transactions on behalf of law firms
Legitimate interests of the firm; legal obligation (Art. 6(1)(c)) for AML/KYC
Account management and billing
Contract performance
Product improvement, bug-fixing and AI model refinement
Legitimate interests (we anonymise or pseudonymise where practicable)
Security monitoring and fraud prevention
Legitimate interests; legal obligation
Sending service notifications and updates
Contract performance
Marketing to prospective and existing clients
Legitimate interests (B2B); consent where required (B2C)
Responding to enquiries and support requests
Legitimate interests / contract
Compliance with legal and regulatory obligations
Legal obligation (e.g., AML Regulations, HMRC requirements)
Aggregated analytics and reporting
Legitimate interests (data is anonymised before use in aggregate)
Where we rely on legitimate interests, we have conducted a balancing test confirming that those interests are not overridden by individuals’ rights and freedoms. You may request a copy of our legitimate interests assessment by writing to founder@nomoros.ai.
Nomoros uses artificial intelligence, large language models (LLMs), and machine learning models to assist with tasks including title review, AML/KYC risk screening, search analysis, and workflow automation.
Important safeguards:
• Human-in-the-loop: All AI outputs are presented as advisory assistance to qualified legal professionals. No legally significant decision is taken solely on the basis of automated processing without human review.
• Data minimisation: Where AI processing can be performed on pseudonymised or anonymised extracts, we do so.
• No training on client data by default: We do not use the personal data of Transaction Data Subjects to train or fine-tune our AI models without explicit consent from the relevant Data Controller (law firm) and, where required, the individual. Firms may opt in to an anonymised data-sharing programme under a separate Data Processing Addendum.
• Model governance: Our AI systems are subject to internal review, bias monitoring and explainability assessments.
If automated processing produces a decision with a significant legal or similarly significant effect on you, you have the right to request human review. Please contact founder@nomoros.ai.
We share personal data only where necessary, with appropriate safeguards:
We engage the following categories of sub-processor to deliver the Nomoros platform:
• Cloud infrastructure providers: hosting, storage, compute and database services (UK or EU-based where possible).
• AI and language model providers: LLM API services used to power platform features (data is processed under strict contractual terms with no right to use client data for the provider’s own model training).
• Identity and AML data providers: services used to verify identity documents and screen against sanctions and PEP lists.
• Property data sources: HM Land Registry, HMRC SDLT services, local authority and environmental search providers.
• Payment processors: PCI-DSS-certified payment service providers.
• Email and communications providers: transactional email and notification services.
• Analytics and monitoring: application performance monitoring and security tooling.
Our current list of sub-processors is available on request from founder@nomoros.ai and is updated as sub-processors are added or removed.
We may also disclose personal data to:
• Regulatory and law enforcement authorities where required by law (e.g., Solicitors Regulation Authority, HMRC, National Crime Agency in respect of Suspicious Activity Reports).
• Professional advisers (lawyers, auditors) under strict confidentiality obligations.
• Successor entities in the event of a merger, acquisition or sale of assets (prospective purchasers will be subject to NDAs and the data will remain subject to this Policy).
We do not sell personal data to third parties.
We aim to process all personal data within the UK or the European Economic Area (EEA). Where a sub-processor is located outside those territories, we ensure an appropriate transfer mechanism is in place, such as:
• An adequacy decision by the UK Secretary of State or the EU Commission;
• UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs) with a UK Addendum; or
• Binding Corporate Rules approved by a competent supervisory authority.
You may request details of the transfer mechanisms used for specific sub-processors by contacting founder@nomoros.ai.
We retain personal data only for as long as necessary for the purposes described in this Policy and to comply with our legal obligations. Our key retention periods are:
Data Category
Retention Period
Platform user account data
Duration of contract + 6 years (limitation period)
Conveyancing transaction data (held as Processor)
As directed by the law firm Controller; default 12 years post-completion in line with property law limitation periods
AML / KYC records
5 years from end of business relationship (Money Laundering Regulations 2017)
Website visitor logs
13 months
Marketing contact data
Until you opt out or 3 years of inactivity, whichever is sooner
Support and enquiry records
3 years from resolution
Financial and billing records
7 years (HMRC requirement)
When data reaches the end of its retention period, it is securely deleted or anonymised.
We implement technical and organisational measures appropriate to the risk, including:
• Encryption at rest (AES-256) and in transit (TLS 1.2+);
• Role-based access controls with principle of least privilege;
• Multi-factor authentication for all staff and platform administrator accounts;
• Regular penetration testing and vulnerability scanning;
• Secure development practices (OWASP standards);
• Audit logging and anomaly detection;
• Incident response procedures with a target 72-hour ICO notification timeline for qualifying personal data breaches.
No system is perfectly secure. If you believe your data has been compromised, please notify us immediately at founder@nomoros.ai.
Under UK GDPR, you have the following rights in relation to personal data we hold about you as a Data Controller. (Note: where we act as Processor on behalf of a law firm, requests should be directed to that firm.)
Right
What it means
Access
Obtain a copy of your personal data we hold.
Rectification
Correct inaccurate or incomplete personal data.
Erasure
Request deletion of your data in certain circumstances.
Restriction
Ask us to restrict processing whilst accuracy or lawfulness is disputed.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests or direct marketing.
Automated decision-making
Not be subject to solely automated decisions with significant legal effects.
Withdraw consent
Withdraw consent at any time where processing is consent-based.
To exercise any of these rights, please write to founder@nomoros.ai. We will respond within one month (extendable by a further two months for complex requests). We may need to verify your identity before processing a request. There is no charge for making a request, although we may charge a reasonable fee for manifestly unfounded or excessive requests.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
• Website: ico.org.uk
• Telephone: 0303 123 1113
• Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Our website uses cookies and similar tracking technologies. We use:
• Required for core website functionality (e.g., session management, CSRF protection). These cannot be disabled. Strictly necessary cookies:
• Help us understand how visitors interact with our site (e.g., pages viewed, traffic sources). Used on the basis of your consent. Analytics cookies:
• Remember your preferences (e.g., language, accepted terms). Used on the basis of your consent. Functional cookies:
• Track effectiveness of our marketing campaigns. Used only with your consent. Marketing cookies:
When you first visit nomoros.ai, a cookie consent banner will appear. You may withdraw or change your consent preferences at any time via the cookie settings link in the footer of our website. Essential cookies cannot be disabled as the site would not function without them.
Our platform and website are directed at legal professionals and business clients. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately at founder@nomoros.ai and we will delete it promptly.
Our website and platform may contain links to third-party websites (for example, HM Land Registry, Companies House or legal industry publications). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before submitting any personal data to them.
We may update this Privacy Policy from time to time to reflect changes in law, technology or our business practices. The current version is always available at nomoros.ai/privacy. Where changes are material, we will notify Platform Users by email or in-app notification at least 30 days before the change takes effect.
The version number and effective date at the top of this document indicate when it was last updated.
For any privacy-related queries, requests or concerns, please contact:
Data Protection Contact
General enquiries
Website
Post
Nomoros AI Ltd, London, United Kingdom
We are committed to resolving privacy concerns promptly and transparently. If you are not satisfied with our response, you may contact the ICO as described in Section 10.
Version 1.0 • Effective 16 April 2026 • Nomoros AI Ltd
Nomoros