Legal · Privacy

Privacy
Policy.

How we collect, use, and protect your information. Plain language wherever possible.

Effective 29 April 2026 · Last updated 29 April 2026

Heads up. This is a working draft prepared by the founder. It reflects how Nomu Solutions actually operates today, but it has not yet been reviewed by qualified UAE counsel.

If you’re relying on this in a contract or compliance review, please contact us at hello@nomusolutions.com for the signed, lawyer-reviewed version.

1. Who we are

Nomu Solutions is a sole-shareholder Free Zone Limited Liability Company registered in the Meydan Free Zone, Dubai, United Arab Emirates. We are the technology partner for businesses building software, integrating AI, and shipping digital products.

For the purposes of this policy, Nomu Solutions is the data controller. We decide why and how we process your information.

  • Trading name: Nomu Solutions
  • Registered address: Meydan Free Zone, Dubai, United Arab Emirates
  • Email: hello@nomusolutions.com

2. Information we collect

Information you give us directly

  • Inquiry form: name, email, company, role, project type, budget range, timeline, message, and a checkbox indicating whether you require an NDA.
  • Newsletter: email address only.
  • Direct correspondence: anything you send us by email or chat.

Information collected automatically

  • Server logs: our hosting provider (Cloudflare) records connection metadata such as request time, URL, response size, referrer, and user-agent. IP addresses are hashed before they reach us.
  • Analytics: we use Plausible Analytics, which is cookie-free and does not collect personal data. It records anonymous, aggregated metrics like page view counts, traffic source, country, and device type. Plausible’s data policy.
  • Anti-spam: if you submit a form, we hash your IP address (one-way SHA-256 with a daily-rotated salt) so we can rate-limit submissions without storing the raw IP.

Plain English: If you don’t fill in a form or write to us, we don’t know who you are. We don’t track you across sessions, and we don’t use cookies for advertising or profiling.

3. How we use it

  • To respond to your inquiry: read your message, write back, follow up if relevant.
  • To send newsletter content: only if you subscribed and confirmed your email.
  • To run the website: serve pages, prevent abuse, fix bugs, measure aggregate traffic.
  • To meet our legal obligations: UAE accounting and tax records, anti-money-laundering counterparty checks where applicable.

We do not sell your data, share it with advertisers, or use it for automated decision-making or profiling.

If you’re in the EU, UK, or another jurisdiction with similar laws, we rely on the following legal bases under the GDPR / UK GDPR:

  • Consent: for the newsletter (you actively subscribe and confirm).
  • Legitimate interests: for responding to inquiries you initiate, basic analytics, and fraud or abuse prevention. We’ve assessed that these interests are not overridden by your rights.
  • Legal obligation: for record-keeping required under UAE law.
  • Contract: when we’re engaged by you (under a separate signed Statement of Work).

5. How long we keep data

  • Inquiry form submissions: 24 months from last contact, then deleted unless you become a client.
  • Newsletter subscribers: until you unsubscribe.
  • Hashed IPs (rate-limit): 24 hours.
  • Server logs: 7 days at our hosting provider, then automatically purged.
  • Client records: retained for 7 years after engagement end, as required by UAE accounting and tax law.
  • Aggregate analytics: retained indefinitely (does not identify individuals).

6. Sharing & processors

We share information only with the service providers we use to run the business. Each is bound by a data-processing agreement and processes data only on our instructions.

  • Supabase (Inc., USA / EU regions): primary database for inquiries and subscribers. Privacy.
  • Resend (Inc., USA): transactional and newsletter email delivery. Privacy.
  • Cloudflare (Inc., USA): hosting, CDN, DDoS protection. Privacy.
  • Plausible Analytics (Plausible Insights OÜ, Estonia / EU): privacy-friendly analytics. Privacy.
  • Sentry (Functional Software Inc., USA): error monitoring with IP scrubbing enabled. Privacy.

We may disclose information when required by law (court order, regulatory request, anti-money-laundering investigation), or to protect our rights, property, or safety.

7. International transfers

Some of our processors are located outside the UAE and EU. Where data crosses borders, we rely on appropriate safeguards (Standard Contractual Clauses, the EU-US Data Privacy Framework, or equivalent measures) and store data in EU regions where the option exists.

8. Your rights

Under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable, GDPR / UK GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to fix inaccurate or incomplete data.
  • Deletion: ask us to delete your data, subject to legal retention requirements.
  • Restriction: ask us to pause processing while we investigate a concern.
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdrawal of consent: for the newsletter, click the unsubscribe link in any email.
  • Complaint: to the UAE Data Office (dataoffice.gov.ae) or your local supervisory authority (e.g., a member-state DPA in the EU, the ICO in the UK).

To exercise any of these rights, email hello@nomusolutions.com. We’ll respond within 30 days.

9. Cookies & analytics

We don’t use marketing or tracking cookies. The only cookies our site sets are technical ones from Cloudflare (e.g., __cf_bm for bot detection), which are strictly necessary to keep the site running. See our Cookies Policy for the full list.

Our analytics provider (Plausible) is cookie-free and does not collect any personal data.

10. Security

  • HTTPS everywhere, with HSTS preload.
  • Database encrypted at rest, with row-level security policies.
  • Admin access is via magic-link auth (no shared passwords).
  • Production secrets stored in our hosting provider’s environment vault, never in source control.
  • Form submissions rate-limited and bot-protected (Turnstile).

No system is perfectly secure. If you become aware of a vulnerability or breach, please report it to hello@nomusolutions.com.

11. Children

Our services are intended for businesses and the people running them. We don’t knowingly collect data from anyone under 18. If you believe a minor has submitted information, contact us and we’ll delete it.

12. Changes to this policy

If we make material changes, we’ll update the “last updated” date at the top and, for newsletter subscribers, send a heads-up email. The current version is always available at this URL.

13. Contact us

For privacy questions, data requests, or anything else covered by this policy: