01Policy that travels with the device
Employees enroll with a company code and verified work email. Their device receives a versioned policy defining the datasets, tools, models, and backends their role can use, then enforces it locally even when offline.
02Governed datasets
Publish handbooks, research, contracts, or course material to selected roles. Files are hash-verified, indexed on device, kept in app-private storage, and removed when access is revoked.
03Roles with exact boundaries
Customize access by dataset, tool, model format, model ID, remote backend, and endpoint type. A role can also prohibit remote inference or require off-grid operation.
04Enforcement inside the engine
A disallowed tool does not run, a disallowed model does not load, and a disallowed backend cannot be called. Expired policies retain their restrictions until the device syncs again.
05Auditable access
Membership is tied to verified work email. Administrators can invite directly, restrict joining by domain, require approval, and revoke every registered device individually.
06Administration, not surveillance
The console records administrative actions such as invites, role changes, and device registrations. Noema never receives your documents, prompts, or answers.
07Built for small organizations
For companies, schools, research groups, clinics, law practices, campaigns, and nonprofits that need useful AI without surrendering internal knowledge.
Technical details
- Platforms
- iOS, iPadOS, and macOS. Apple Silicon is recommended.
- Policy
- Versioned per employee, cached on device, refreshed on launch and on your schedule.
- Datasets
- SHA-256 verification, app-private storage, role-scoped visibility, excluded from backups.
- Models
- Governance by format and by specific model ID.
- Backends
- Governance by endpoint type and by specific backend.
- Roadmap
- Signed policy verification, OIDC SSO, encrypted bundles, ingestion connectors, and MDM.