Last updated: May 2026
We collect information you provide directly (name, email, organisation details), information generated through your use of the platform (compliance data, uploaded documents, control evidence), and technical data (IP address, browser type, usage logs) to operate and improve the service.
We use your information to provide and improve the Norm AI platform, process your compliance workflows, send you service-related communications, and comply with legal obligations. We do not sell your personal data to third parties.
Your data is stored on secure cloud infrastructure. We implement industry-standard security controls including encryption in transit and at rest, access controls, and regular security assessments. As a compliance platform, security is core to our operations.
Norm AI uses large language models to analyse your compliance data and generate recommendations. Your data may be processed by AI systems to power features such as policy generation, control analysis, and risk assessment. We do not use your data to train third-party AI models without your consent.
We share data with sub-processors necessary to deliver the service (cloud infrastructure, authentication providers). We require all sub-processors to maintain appropriate security and privacy standards. We may disclose data if required by law.
We retain your data for as long as your account is active or as needed to provide the service. You may request deletion of your data at any time. Certain data may be retained longer where required by law or legitimate business purposes.
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You may also have the right to object to or restrict certain processing. To exercise these rights, contact us at privacy@normai.io.
We use essential cookies to operate the platform (session management, authentication). We do not use tracking or advertising cookies. You can control cookie settings through your browser.
Your data may be processed in countries other than where you are located. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform. The date at the top of this page indicates when the policy was last updated.
For privacy-related questions or to exercise your rights, contact our Data Protection team at privacy@normai.io.