Nomoaxis ("we", "us") provides editorial client and matter management for law practices. This policy explains what personal data we process and on what basis.
Controller and contact
For your account data, Nomoaxis is the data controller. For data you enter about your clients and matters, you are the controller and Nomoaxis is the processor. Contact us at privacy@your-domain.example.
Data we process
- Account data: email, display name, authentication identifiers.
- Firm data: firm name, currency, jurisdiction, logo, attorneys.
- Practice data: clients, matters, tasks, deadlines, time entries, invoices, documents.
- Technical data: session cookies, basic request logs.
Legal basis
Performance of contract (Art. 6(1)(b) GDPR) and legitimate interests in operating the service securely (Art. 6(1)(f)).
Sub-processors
- Lovable Cloud (hosting & backend platform)
- Supabase (managed database, auth, file storage)
- Google (only if you sign in with Google)
Retention
We retain data for as long as your account is active. You may export or delete it at any time from Settings.
Your rights
You have the right to access, rectify, port, restrict, and erase your personal data, and to lodge a complaint with a supervisory authority. Export and deletion are available directly in Settings.
Security
All data is protected by row-level security so accounts can only see their own data. Documents are stored in a private bucket. Passwords are checked against the HIBP breached-password database.
This template is provided for convenience and is not legal advice. Have a lawyer review it before publishing.