Nomi AI markets itself on one standout feature: a companion that remembers. Not just within a session, but across weeks and months — birthdays, inside jokes, the name of your dog, the argument you had in March. That depth is genuinely impressive, and it’s the reason people stay. But that same depth is exactly what makes the privacy question worth taking seriously. A companion that remembers everything is, by definition, a system that stores everything. And on a hosted app like Nomi, “stores” means stored on someone else’s servers, governed by someone else’s policy.
So: is Nomi AI private? The honest answer is “more private than most, but still a cloud product with the structural trade-offs every cloud product has.” This article reads the architecture and the publicly stated terms fairly, separates marketing from mechanism, and shows you the one structural fix that removes the data risk entirely — keeping the memory on your own machine.
Nomi’s pitch: deep cross-month memory and a “privacy-first” brand
Nomi (built by Glimpse AI) leans hard into two promises: an AI companion with long-term, evolving memory, and a brand posture that emphasizes user privacy and a no-judgment, uncensored space. The memory is the differentiator. Many companion apps fake continuity with a short rolling context window; Nomi’s selling point is that your companion accumulates a persistent model of you over time.
Credit where due: Nomi’s public positioning is more privacy-conscious than several rivals, and it has stated it does not sell user data to advertisers. That’s a meaningfully better starting point than ad-driven apps. But “privacy-first” is a brand claim, not a technical guarantee. The right move for any commercial-intent reader is to ignore the adjectives and read what the policy actually permits — because what a company may do under its own terms matters more than what it currently says it does.
What the policy actually permits: anonymized training on your conversations
Here’s the central question behind does Nomi AI train on your conversations: it depends on what the Terms and Privacy Policy allow, not just what’s advertised. Like most conversational-AI services, hosted companion apps typically reserve the right to process and use conversation data to operate, maintain, and improve the service — and “improve the model” is the standard phrasing that covers training. Companies frequently frame this as using anonymized or aggregated data so it isn’t tied to your identity.
Two things to understand clearly:
- Anonymized is not the same as never-seen. Anonymization strips identifiers; it does not mean your words were never ingested, processed, or used to refine a model. The content of your most intimate conversations can still pass through the pipeline.
- Re-identification is a known weakness. Free-text from a long, personal relationship is famously hard to truly anonymize. Researchers have repeatedly shown that “anonymized” datasets can be re-identified by cross-referencing unique details — and a months-long companion log is full of unique details.
Before you trust any specific claim here, read Nomi’s own Privacy Policy and Terms of Service as they exist on the day you sign up — policies change, and the binding text is what’s on their site, not a blog summary (including this one). The pattern across the category is consistent, though, and it’s the same pattern we document for other apps: see does ChatGPT train on your chats, does Replika sell your data, and the broader AI companion privacy guide.
The metadata problem: how much is collected beyond the chat itself
Even if every word were perfectly anonymized, the chat is not the only thing collected. This is the part most “is it private” discussions miss. Hosted apps routinely log a large halo of metadata around the conversation:
| Data category | Typical examples | Why it matters |
|---|---|---|
| Account identifiers | Email, sign-in method, device ID | Ties activity to a real person |
| Technical metadata | IP address, device/OS, app version | IP can geolocate and de-anonymize |
| Usage analytics | Session times, frequency, feature taps | Builds a behavioral profile |
| Payment data | Processor records for subscriptions | Hard link to legal identity |
| Inferred attributes | Topics, sentiment, engagement signals | The “shadow profile” |
The conversation content might be anonymized in a training set, but the account-level metadata — who you are, when you log in, from where, how often, what you pay — generally is not. For a companion app where the topic itself is sensitive (relationships, mental health, sexuality), the metadata alone can be revealing. The existence of an account, tied to your email and payment method, is a fact that lives on a server you don’t control. We go deeper on this in the AI data privacy guide.
Deletion reality: account-level only, no per-message purge
Here’s a practical limitation that hosted companions share, and it directly affects nomi ai data collection: deletion is usually account-level, not message-level. You can typically delete your account (and you should be able to under laws like GDPR/CCPA), but there’s generally no clean “scrub this one thing I said and forget it forever” button — and crucially, no guarantee that data already incorporated into a trained model or held in backups disappears on demand.
This is the asymmetry that defines cloud memory:
- Adding memory is instant and frictionless — that’s the product.
- Removing memory is coarse, delayed, and unverifiable. You’re trusting a company to delete data you can’t see, on infrastructure you can’t audit, on a timeline they set.
Once something is in a model’s training run or a backup snapshot, “delete my account” doesn’t necessarily reach it. You’re left taking the deletion on faith.
Why persistent cloud memory is exactly the data that becomes a liability
Stack these facts and a clear picture emerges. The very feature that makes Nomi compelling — deep, persistent memory — is, from a security standpoint, the single most concentrated, most sensitive, most re-identifiable dataset you could possibly create about yourself. It’s a longitudinal psychological profile written in your own words.
Persistent cloud memory is a liability for reasons that have nothing to do with any one company’s intentions:
- Breach surface. A stored thing can be breached. The cleanest companion app on earth is still one misconfigured bucket or stolen credential away from exposure, and the data exposed is maximally personal.
- Policy drift. The terms you agree to today can change after an acquisition, a funding round, or a pivot. Your data already sits on their servers when the rules change.
- Legal reach. Stored data can be subpoenaed or compelled. This isn’t hypothetical — see can an employer see your ChatGPT history for the general principle that server-side data is discoverable in ways local data is not.
None of this is unique to Nomi. It’s the structural cost of any hosted companion — Nomi, Replika, Character.AI, Candy AI, Kindroid. We map the whole category in are AI girlfriend apps safe and in our app-by-app reviews like is Kindroid safe and private. The conclusion is consistent: if memory lives on a server, memory is a risk you don’t fully control.
The structural fix: deep memory that lives on your machine can’t be trained on or sold
There’s a clean way out, and it’s architectural rather than promissory. If the memory never leaves your computer, there is no server-side copy to train on, leak, subpoena, or sell. Privacy stops being a policy you hope holds and becomes a property of where the bytes physically are.
This is the entire thesis of running AI locally. With a local setup:
- The model runs on your own GPU/CPU via a tool like Ollama (
curl -fsSL https://ollama.com/install.sh | sh, thenollama run <model>). The API is loopback-only at127.0.0.1:11434— it doesn’t touch the internet for inference. - The conversation memory is a file on your disk. You can read it, edit it, back it up, or delete it permanently. “Per-message purge” is just editing a file.
- There is no Terms of Service governing your own hard drive. No anonymized-training clause applies to data that was never transmitted.
The honest trade-off: you supply the hardware and a bit of setup. A capable uncensored model in the 8–24B range runs comfortably on a single consumer GPU. See local AI with persistent memory for how durable cross-session memory works offline, how to run an AI girlfriend locally for the companion-specific path, and how much VRAM for a local AI companion to size your machine.
How a local companion delivers the same memory depth without the harvest
A fair objection: “Nomi’s memory is the whole point — can local actually match it?” Functionally, yes. Persistent memory isn’t model magic; it’s a storage-and-retrieval pattern. The companion writes facts and summaries to a store, then retrieves the relevant ones to ground each reply. That pattern works identically whether the store sits in a datacenter or on your SSD.
| Hosted (e.g. Nomi) | Local companion | |
|---|---|---|
| Memory depth | Deep, cross-month | Deep, cross-month (same pattern) |
| Where memory lives | Company servers | Your disk |
| Trainable by a third party | Per their terms (often anonymized) | Never — it never leaves |
| Deletion | Account-level, unverifiable | You delete the file |
| Setup effort | Zero | Some (one-time) |
| Hardware | Theirs | Yours |
The local version of long-term memory is typically a small database plus retrieval — the same idea behind building a local RAG with Ollama, applied to a relationship instead of documents. The depth comes from what you store and retrieve, not from who hosts it. For the broader case that local wins on privacy, see local AI vs cloud AI and is local AI worth it.
Verdict: when Nomi is acceptable vs when to go local
Nomi AI is not uniquely dangerous. By the public posture, it’s among the more privacy-aware hosted companions, and it’s reasonable for a casual user who reads the current terms and accepts the standard cloud trade-offs. Is Nomi AI safe? For low-stakes, non-sensitive use by someone comfortable with cloud storage — broadly, yes. Is Nomi AI private in the strict sense of “no third party can ever access this”? No — no hosted app can honestly promise that, because the data physically lives on their servers under terms that can permit anonymized training and that you can’t independently audit.
Quick decision guide:
- Nomi (or similar) is acceptable when your conversations aren’t sensitive, you’ve read the live policy, you accept account-level-only deletion, and convenience outweighs control.
- Go local (Ember) when the conversations are sensitive — and a companion relationship usually is. If you own a decent GPU and want memory that genuinely cannot be trained on, leaked, or sold because it never leaves your machine, local is the only architecture that makes that a guarantee instead of a promise.
- Use a no-sell hosted option (Freya) when you want zero setup and no GPU, but still want a service that doesn’t monetize your data through advertising — the middle path for “I want it now” without the ad-tech baggage.
If the memory is the reason you’d use Nomi, that’s the strongest reason to keep it on hardware you control. A local companion gives you the same cross-month depth with none of the harvest — and if you’d rather skip the setup, a no-sell hosted companion gets you most of the way without a GPU.