Back to homeNomi

How we protect your data

Your financial data deserves bank-level security. Here's exactly how we keep it safe.

Technical security

AES-256 encryption

All sensitive data is encrypted at rest using AES-256, the same standard used by banks and government agencies.

TLS 1.3 in transit

Every data transmission is protected with TLS 1.3 encryption, ensuring your information is secure as it travels.

Read-only bank access

We can only view your transactions. We can never move money, make payments, or access your login credentials.

Secure infrastructure

Hosted on enterprise-grade cloud infrastructure with continuous monitoring, automatic backups, and disaster recovery.

Trusted partners

Plaid

Financial data aggregation

Plaid is the industry standard for securely connecting to bank accounts. Used by Venmo, Robinhood, Coinbase, and over 8,000 financial apps. They handle all bank authentication — we never see your login credentials.

SOC 2 Type IIISO 27001GDPR Compliant

Linq

iMessage / RCS / SMS messaging

Linq delivers messages over iMessage, RCS, and SMS with automatic fallback. Your conversations are encrypted in transit using enterprise-grade infrastructure.

End-to-End Encryption (iMessage)Enterprise Security

Supabase

Database & authentication

Our data is stored on Supabase, a secure PostgreSQL database platform with row-level security, automatic backups, and enterprise-grade infrastructure hosted on AWS.

SOC 2 Type IIHIPAA Compliant

Compliance

Data protection

  • GDPR compliant for EU users
  • CCPA compliant for California residents
  • Data deletion within 30 days on request

Security practices

  • Regular security audits
  • Employee security training
  • Incident response procedures

Security FAQs

Can Nomi access my bank login?

No. We use Plaid, a trusted financial data aggregator used by Venmo, Coinbase, and 8,000+ apps. Plaid handles authentication directly with your bank — we never see your username or password.

Can you move money from my account?

Absolutely not. We only have read-only access to your transaction data. We cannot initiate transfers, payments, or any financial transactions on your behalf.

Is my phone number safe?

Yes. Your phone number is encrypted using AES-256 encryption and hashed for lookups. We never sell, share, or use your number for marketing purposes.

What happens if there's a data breach?

In the unlikely event of a security incident, we have incident response procedures in place. We would notify affected users within 72 hours as required by GDPR and other regulations.

Can I delete my data?

Yes. You can request complete deletion of your data at any time by emailing hi@textnomi.com. We'll permanently delete your information within 30 days.

We never sell your data. Ever.

  • Your phone number: never shared with marketers
  • Your transactions: never sold to advertisers
  • Your messages: never given to third parties

We make money from subscriptions, not selling your information.

Still have security questions?

We're happy to answer any concerns about how we protect your data.

Email hi@textnomi.com