Privacy Policy

Introduction

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our services. By accessing or using our platform, you agree to the terms outlined in this policy. If you do not agree, please do not use our services.

Information We Collect

We may collect personal information such as your name, email address, and details, and any other information you provide when signing up or using our services. We also collect data about the pages or features you access, the duration of your visits, and your interaction with the platform. Additionally, we automatically collect technical information, including your IP address, browser type, device information, operating system, location, question IP address, and other details automatically collected through cookies and tracking technologies.

How We Use the Information We Collect

Data Sharing and Disclosure

Data Retention and Deletion

Security of Your Information

We employ industry-leading security measures to protect your information. All data is encrypted in transit using HTTPS and at rest using AES-256 encryption. We implement strong access controls, regular third-party security audits and penetration tests to ensure the platform remains secure. Access to personal systems is strictly limited to authorized personnel. However, no system can be completely secure. While we strive to protect your information, all information is stored in secure data centers that meet SOC 2 Type II, ISO 27001 and equivalent certification standards. Although we employ best practices to mitigate risks, we treat security as our highest technical priority and continuously work to strengthen our protections.

Children's Privacy (COPPA Compliance)

Our platform is not intended for children under the age of 13 and we do not knowingly collect personal information from children under 13. If we discover we have inadvertently collected data from a child under 13, we will delete the information as quickly as possible. If you believe a child has provided us with their data without parental authorization, it is your responsibility to contact us and request that the information is deleted.

International Data Transfers

Nora is operated from Nigeria, and your information is primarily processed and stored within the country. We use secure, encrypted connections and work with partners in regions like South Africa and Nigeria with robust data protection standards. For services such as ISO 27001 and SOC 2 Type II certifications to ensure data protection practices. When possible, for example, we use services like AWS (Amazon Web Services) and Microsoft United States for specific technical services - those transfers are carried out in compliance with the Nigeria Data Protection Regulation (NDPR) and international frameworks where safeguards. These include adequacy decisions where applicable, the use of Standard Contractual Clauses approved by relevant authorities, and binding commitments from international Commission, Binding Corporate Rules where relevant, and additional protective measures such as encryption and pseudonymization. For any data processed by third-party sub-processors, we ensure that those entities continuously monitor legal requirements across jurisdictions and work only with partners who uphold the highest standards for data protection. For users in the European Economic Area, the United Kingdom, or Switzerland, your data enjoys additional safeguards - including the right to lodge a complaint with your local Data Protection Impact Assessment - to ensure that your data receives a level of protection that meets or exceeds the requirements of the General Data Protection Regulation (GDPR). Where transfers occur outside the EEA / UK, we have implemented appropriate safeguards in accordance with Article 46 of the Data Protection Act 2023 and processes strictly in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data accuracy, storage limitation, data integrity, confidentiality, and accountability.

Your Privacy Rights

Depending on where you live, you may have certain rights regarding your personal data, which may include: The right to access the personal information we hold about you. The right to request correction of inaccurate information, and the right to request deletion of your data. You may also have the right to restrict how your information is processed and object to its processing. In certain circumstances, you may request a copy of your personal data in a structured, commonly used, and machine-readable format (data portability). For the right to withdraw consent for data processing, particularly where consent is the legal basis. To exercise any of these rights, please contact us at hello@noramum.app. Our team is here to ensure that you receive personalized responses. If you believe that we have not responded appropriately to your request, you may file a complaint with your local data protection authority.

Changes to This Policy

We may update this policy from time to time. Any changes will be posted here with a new "Effective Date". Material changes will be communicated directly by email and you will be given a reasonable notice period.

Contact Us

If you have any questions, concerns, or requests regarding our privacy or how your information is handled at Nora (and related services), please reach out to us. We are here to support you and ensure your privacy is protected. You can reach us at hello@noramum.app Our team is here to ensure that you receive personalized responses, and you should also include relevant information in your email to help us respond more effectively.