Nemo Nemo ← Back to Home

Privacy Policy

Last updated: February 19, 2026

1. Our Privacy Commitment

Nemo is built on a local-first architecture. Your data stays on your device by default. We designed Nemo so that the most sensitive parts of your workflow — your documents, credentials, automation history, and personal information — never leave your computer unless you explicitly choose otherwise.

2. What Stays on Your Device

The following data is stored locally and is never sent to Nemo's servers:

  • Vault credentials — Encrypted with AES-256 on your machine. Nemo cannot read your passwords, API keys, or OAuth tokens.
  • Documents and files — Files you process with skills like Document Summarizer are read and analyzed locally.
  • Audit logs — Every action Nemo takes is logged in an encrypted local audit trail.
  • Task history — Your conversation and task execution history stays on your device.
  • Form data and profiles — Personal profile data used by the Form Filler skill is stored locally.
  • Insights database — If you opt out of Collective Intelligence, all learned patterns remain local.

3. What Is Sent to Third-Party LLM Providers

When you use a cloud-based LLM provider (Anthropic, OpenAI, OpenRouter, or a custom endpoint), your prompts and skill context are sent to that provider to generate responses. This is necessary for the AI to function.

  • We do not proxy your LLM traffic through our servers — requests go directly from your device to the provider.
  • You supply your own API keys. Nemo never sees or stores your LLM API keys on our servers.
  • You can use Ollama (local models) for fully offline, zero-data-sharing operation.
  • Our Guardian safety layer may use a small local model (SmolLM2-360M) that runs entirely on your device.

Each LLM provider has its own privacy policy. We recommend reviewing the privacy policy of the provider you choose.

4. Chrome Extension ("Nemo Agent")

The Nemo Agent Chrome Extension is a companion to the Nemo desktop application. It connects to the desktop app via Chrome's Native Messaging API — a local, OS-level communication channel. No data is sent to any remote server by the extension.

What the extension accesses

  • Page content (text, form fields, HTML structure) — only on the active tab, only when you explicitly request a task from the Nemo desktop app (e.g., "fill this form," "read this page").
  • Tab screenshots — only when the desktop app requests visual analysis for automation.

Where data goes

  • All data stays on your device. Page content is sent only to the Nemo desktop app running on your machine via local Native Messaging (named pipe / Unix socket). It is never transmitted to Nemo's servers.
  • If you have configured a third-party LLM provider (see Section 3), page content may be included in prompts sent to that provider to complete your requested task.

What the extension does NOT do

  • Does not track browsing history.
  • Does not collect data in the background.
  • Does not inject advertisements.
  • Does not run on any page unless the desktop app sends a command.
  • Does not transmit any data to Nemo's servers.
  • Does not activate without user-initiated action from the desktop app.

Why <all_urls> permission is required

The extension needs to interact with any website the user directs it to (e.g., filling forms, reading content). It cannot predict which websites a user will ask it to work on, so it requires broad host permissions. However, it only activates on a page when the Nemo desktop app explicitly sends a command for that tab.

Communication security

All communication between the extension and the Nemo desktop app is encrypted using ECDH P-256 key exchange with AES-256-GCM. This ensures that even local inter-process communication is protected from other applications on the same device.

5. Nemo Cloud Services (Optional)

If you create a Nemo account or use cloud features, we collect:

  • Account information — Email address, display name, and hashed password (bcrypt).
  • Subscription and payment data — Processed by Stripe. We never store credit card numbers.
  • Marketplace activity — Purchases, listings, and reviews.

Cloud features are entirely optional. Nemo works fully without an account.

6. Collective Intelligence (Opt-In)

Nemo's Collective Intelligence feature allows anonymous sharing of skill insights (e.g., error fixes, tool sequences) to help all users. If you opt in:

  • All shared data is anonymized — SSNs, credit card numbers, API keys, file paths, IP addresses, and email addresses are stripped before sharing.
  • Data is synced to the Nemo cloud in hourly deltas.
  • You can opt out at any time via Settings, and all your contributed insights will be removed.

7. Cloud Relay (Optional)

Cloud Relay lets you access your Nemo agent remotely. When enabled:

  • Your desktop establishes an outbound WebSocket connection to our relay server.
  • Commands are encrypted in transit (WSS/TLS).
  • We do not store or inspect relayed commands on our servers.
  • You can disable Cloud Relay at any time in Settings.

8. PII Protection

Nemo has a built-in PII (Personally Identifiable Information) protection system at the skill level. Each skill declares a PII policy that controls how sensitive data is handled:

  • Block — The action is blocked entirely if PII is detected.
  • Redact — PII is removed from content before processing.
  • Mask — PII is partially hidden (e.g., showing only last 4 digits).

9. Data Security

  • Vault encryption — AES-256 encryption for all stored credentials.
  • Audit trail — Encrypted, append-only log of all agent actions.
  • Extension encryption — ECDH P-256 key exchange with AES-256-GCM for all browser communication.
  • Cloud authentication — JWT tokens with bcrypt password hashing.
  • Marketplace security — AST-based security scanning for all submitted skills; Ed25519 manifest signing.

10. Children's Privacy

Nemo is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For significant changes, we will notify users through the Nemo app.

12. Contact Us

If you have questions about this Privacy Policy or Nemo's data practices, contact us at:

[email protected]