Nemo 1.1.0 is live for Windows and macOS — Download free →
Legal

Privacy Policy

Last updated: April 7, 2026

Nemo is a local-first desktop application. The whole reason it exists is so that your financial data does not have to live on someone else's server. This policy explains what that means in practice — what we collect, what we do not, and what choices you have.

1. What stays on your machine

Everything that matters. Specifically:

  • Bank credentials and tokens — your Teller mTLS certificate, application ID, and enrollment tokens are stored in a vault encrypted with Windows DPAPI (or the macOS Keychain on macOS). They never leave your device.
  • Transactions, balances, budgets, goals — fetched directly from your bank to your machine. Nemo's servers never see them.
  • AI provider keys — your OpenAI, Anthropic, or Google API key is stored locally in the same encrypted vault. When Nemo makes an LLM call, it goes from your machine straight to the provider you chose.
  • Categorization rules and learnings — every correction you make stays in the local database.

2. What we collect on the server

Nemo has a small cloud component (the auth service at nemo-api-production.up.railway.app) that exists for a narrow set of reasons. From it we receive:

  • Email address — used to sign in across devices and to deliver verification codes and password resets.
  • Bcrypt-hashed password — we never see your real password.
  • An opaque encrypted vault blob — if you choose to enable mobile pairing, an AES-256-GCM ciphertext of your bank credentials is uploaded so your phone can pull it down. The decryption key (your nemo-vk-… vault key) lives on your devices, not on our server. We literally cannot decrypt this blob.
  • Standard request logs — IP address and user agent are kept short-term for abuse prevention. They are not used for advertising or analytics profiling.

That is the entire list. We do not collect transactions, balances, account numbers, statements, categorization data, or AI prompts.

3. What we do not do

  • We do not sell your data to anyone. Ever. There is no business model that depends on it.
  • We do not run third-party analytics, advertising SDKs, fingerprinting, or session replay tools.
  • We do not see your AI prompts. LLM calls go directly from your device to the provider you chose.
  • We do not have a way to read your bank data, even if compelled — because we never receive it.

4. Third parties we use

  • Teller — bank aggregation. Your Teller credentials are issued to you, not to us, and the connection is mTLS-pinned. Teller's security page.
  • Resend — sends verification and password-reset emails. They see your email address and the contents of those transactional messages.
  • Railway — hosts the auth service and Postgres database holding your account row.
  • Cloudflare — hosts this website and serves the desktop app installer downloads.
  • Your AI provider (OpenAI, Anthropic, Google, or local) — sees the prompts you send when using AI features. Their privacy policy applies to that data, not ours.

5. Your rights

Because your vault stays encrypted on your machine, the easiest way to exercise data rights is to use the app itself. You can:

  • Export all your transactions, budgets, and reports from inside Nemo.
  • Delete your local database by uninstalling the app or wiping the Nemo data folder.
  • Delete your cloud account from Settings → Account, which removes your row in our auth database and the encrypted vault blob (if you had pairing enabled).

If you are in a jurisdiction with formal data-subject rights (GDPR, CCPA, etc.) and want a written response, email privacy@nemoagent.ai.

6. Children

Nemo is not directed at children under 13 and we do not knowingly collect their data.

7. Changes

If we ever change this policy in a way that affects what data we collect, we will update the “Last updated” date above and notify users through the app on next launch. The current version is always at nemoagent.ai/privacy.

8. Contact

Privacy questions: privacy@nemoagent.ai
General contact: hello@nemoagent.ai