Privacy Policy

NORA AI (“NORA”, “we”, “us”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website and services at noraai.app (the “Service”). We are established in the European Union and process personal data in line with the General Data Protection Regulation (GDPR).

The data controller responsible for your personal data is NORA AI, operating at noraai.app. For privacy enquiries: hello@noraai.app.

• Account & identity: email address, authentication identifiers, and profile details you provide when you register or use the Service.
• Business content: information you enter about your business (e.g. name, industry, goals, brand preferences) used to power AI agents and features.
• Usage & technical data: IP address, device/browser type, approximate location derived from IP, timestamps, pages viewed, and diagnostic logs needed to secure and improve the Service.
• Billing (if applicable): subscription status and payment-related metadata processed by our payment provider (we do not store full card numbers on our servers).
• Communications: messages you send to support or that we send to you in relation to the Service.

We process personal data on the following legal bases:

• Performance of a contract (Art. 6(1)(b) GDPR): to provide accounts, onboarding, AI features, customer support, and billing.
• Legitimate interests (Art. 6(1)(f) GDPR): to secure the Service, prevent abuse, analyse aggregated usage, and improve reliability—balanced against your rights.
• Consent (Art. 6(1)(a) GDPR): where required for non-essential cookies or optional marketing communications—you may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): where we must retain or disclose information to comply with applicable law.

We use Supabase to host authentication, database storage, and related infrastructure. Your account data and application content may be processed on Supabase systems in accordance with their documentation and our instructions. We implement appropriate technical and organisational measures and use agreements that require subprocessors to protect personal data.

If you purchase a paid plan, payments are processed by Stripe. Stripe collects and processes payment details according to its own privacy policy. We receive limited billing metadata (e.g. subscription status, customer reference) needed to manage your account—not your full card number.

We use cookies and similar technologies for essential functions (e.g. session security, load balancing), to remember your cookie choice, and—if you accept—for analytics or preference storage as described in our Cookie Policy.

Where personal data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards recognised under GDPR (such as Standard Contractual Clauses) or other permitted mechanisms, and we assess the risks to your rights.

We retain personal data only as long as necessary for the purposes above, including legal, accounting, or reporting requirements. When data is no longer needed, we delete or anonymise it in line with our retention practices.

Under GDPR, you may have the right to:

• Access your personal data and obtain a copy;
• Rectify inaccurate data;
• Request erasure (“right to be forgotten”) in certain cases;
• Restrict processing or object to processing in certain cases;
• Data portability for data you provided, where processing is automated and based on contract or consent;
• Withdraw consent where processing is consent-based;
• Lodge a complaint with a supervisory authority in your country of residence or work.

To exercise these rights, contact hello@noraai.app. We may need to verify your identity before responding.

We apply appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the Internet is 100% secure; we strive to follow industry practices.

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated by email or in-app notice where appropriate.

Questions about this policy or your data: hello@noraai.app