Nomenco

Privacy Policy

Last updated: 17 April 2026

This Privacy Policy explains how Nomenco, operated by Aberlay (Sophia Antipolis, France), collects, uses, and protects your personal data. Aberlay is the data controller under the EU General Data Protection Regulation (GDPR).

1. Data we collect

We collect the following data when you use Nomenco:

  • Email address: provided at checkout, used to deliver your access token and communicate about your project.
  • Payment information: processed by Stripe. We do not store your card number, CVV, or full payment details on our servers. Stripe handles this data under its own privacy policy.
  • Brief inputs: the company description, audience, tone preferences, and other inputs you provide to generate names.
  • Generated names and results: the name candidates, brand directions, and other outputs produced by the tool during your session.

2. How we use your data

We use your data strictly for the following purposes:

  • Service delivery: generating names, checking domain availability, and delivering results.
  • Transactional communication: sending your access token, purchase confirmation, and any service-related notices.
  • Product improvement: aggregated, anonymized usage patterns may be used to improve the tool. We never use your specific brief inputs or generated names for this purpose.

We do not sell, rent, or share your personal data with third parties for marketing purposes. Period.

3. Data processors

We use the following third-party services to deliver Nomenco. Each processes data only as necessary to provide its function:

  • Stripe (payment processing): handles payment transactions and stores payment method details. Subject to Stripe's Privacy Policy.
  • Supabase (database and authentication): stores project data and manages access tokens. Data hosted in the EU.
  • Anthropic (AI model provider): processes brief inputs to generate name candidates and brand direction. Inputs are sent via API and are not used by Anthropic to train models.
  • Resend (email delivery): sends transactional emails including access tokens and purchase confirmations.
  • Vercel (hosting and infrastructure): hosts the web application and serverless functions.

4. Data retention

Project data, including brief inputs and generated names, is retained for 90 days after your last access to the project. After 90 days of inactivity, all project data is permanently deleted.

Your email address and basic transaction record (purchase date, amount) are retained for accounting and legal compliance purposes as required by French law.

5. Your rights under GDPR

As a data subject under GDPR, you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate personal data.
  • Erasure: request deletion of your personal data, subject to legal retention requirements.
  • Portability: request your data in a structured, commonly used, machine-readable format.
  • Restriction: request that we limit the processing of your data in certain circumstances.
  • Objection: object to the processing of your personal data where we rely on legitimate interest.

To exercise any of these rights, send a message via LinkedIn or write to the postal address below. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.

6. Cookies

Nomenco uses only functional cookies that are strictly necessary for the service to operate. These include session management and access token validation. We do not use analytics cookies, advertising cookies, or any third-party tracking.

Because these cookies are essential to the service and do not track you for marketing purposes, no cookie consent banner is required under ePrivacy regulations.

7. Data security

All data is transmitted over HTTPS. Payment data is handled entirely by Stripe, which is PCI DSS Level 1 certified. Access tokens are cryptographically signed and time-limited. We follow industry standard practices to protect the data we store.

8. International transfers

Some of our data processors (Anthropic, Vercel, Stripe, Resend) may process data in the United States. Where data is transferred outside the EU, it is protected by Standard Contractual Clauses or equivalent mechanisms approved by the European Commission.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Material changes will be communicated by email to active users.

10. Contact

For privacy-related questions or data requests, send a message via LinkedIn or write to the postal address below.

Aberlay
Based in France