Security & Privacy
Built with your data in mind.
Change initiatives often touch sensitive context, restructures, policy changes, sentiment about leaders. Here's how we handle that information, and the practices we follow as we grow.
All traffic to Norra is served over TLS. Data stored in our managed database and file storage is encrypted at rest by our infrastructure providers.
We never use your initiative content, plans, drafts or stakeholder notes to train AI models. Prompts sent to our AI provider are processed for the response and not retained for training.
Sign-in is handled through industry-standard authentication. Sessions are scoped to your account and your data is isolated from other workspaces by row-level access controls.
You decide what to put into Norra. We recommend keeping personally identifiable employee information out of free-text fields, stakeholder groups work just as well as named individuals for most planning needs.
Norra runs on widely-used cloud infrastructure. Payments are processed by Stripe. AI features use established large language model providers. We do not store payment card details ourselves.
Questions about compliance?
Happy to walk you through the details.
For specifics on our security posture, sub-processors, data processing agreements or vendor security reviews, reach out and we'll share what's relevant for your team.