Privacy Policy

Norami is a business-to-business product. The Service is designed to be used by companies and their authorized employees, not by consumers or anyone under the age of 16. If you are using Norami on behalf of an organization, you confirm that you have the authority to bind that organization to this Policy.

We collect the following categories of information:

• Account information. Name, work email, organization, and role, provided when you or a colleague creates an account or books a demo.
• Customer Data. The spreadsheets, workbooks, and other files you upload to the Service, together with the questions you ask Norami and the answers it returns. We treat Customer Data as confidential information of your organization.
• Usage and operational data. Logs of queries, feature usage, performance metrics, error reports, IP address, browser, and device information. We use this to operate, secure, and improve the Service.
• Communications. Records of your correspondence with us, including demo requests, support tickets, and email.
• Cookies and similar technologies.Strictly necessary cookies for authentication and session management, and limited analytics cookies to understand how the marketing site is used. See “Cookies” below.

We use the information described above to:

• Provide, maintain, and secure the Service, including indexing your workbooks and answering questions about them.
• Authenticate users and enforce access controls.
• Diagnose problems, investigate incidents, and improve performance and reliability.
• Communicate with you about your account, the Service, and material changes to our policies.
• Comply with legal obligations and enforce our agreements.

We do not sell your data, and we do not train foundation models or shared machine-learning systems on Customer Data. Customer Data is processed only to deliver the Service to your organization.

We share information only in the limited circumstances described below. We do not sell or rent personal information to third parties.

• Sub-processors. We rely on a small number of vetted infrastructure and operational providers (for example, cloud hosting, error monitoring, transactional email). These providers process information solely on our instructions and under contractual confidentiality and security obligations. A current list is available on request.
• Within your organization.Information you submit through Norami may be visible to other authorized users in your workspace, in line with your administrator’s settings.
• Legal requirements. We may disclose information when we believe in good faith that disclosure is required by applicable law, legal process, or to protect the rights, property, or safety of Norami, our customers, or others.
• Business transfers. If Norami is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

We use commercially reasonable technical and organizational measures to protect Customer Data, including encryption in transit (TLS) and at rest, role-based access controls, audit logging on production systems, and least-privilege principles for our team. No system is perfectly secure; if you believe your account has been compromised, contact us immediately at security@norami.ai.

We retain Customer Data for as long as your organization maintains an active subscription and for a limited window thereafter to allow for export and recovery. After that window, Customer Data is deleted from production systems, with backups expiring on a rolling schedule consistent with industry practice. Account and billing records may be retained longer where required by law.

Depending on your location, you may have rights to access, correct, export, or delete personal information we hold about you, or to restrict or object to certain processing. You can exercise these rights by emailing privacy@norami.ai. If you are using Norami through your employer, please direct your request to your administrator first; we will support them in responding.

Norami is operated from Chile, and our sub-processors may be located in jurisdictions including the United States and the European Union. Where required, transfers are made under appropriate safeguards such as Standard Contractual Clauses. By using the Service, you acknowledge that your information may be processed in jurisdictions other than your own.

We use a minimal set of cookies. Strictly necessary cookies support authentication and session continuity and cannot be disabled. We may use limited analytics on the marketing site to understand aggregate traffic patterns. We do not use advertising cookies, and we do not allow third-party advertising networks to track you across the Service.

We may update this Policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, notify customers in-product or by email. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Questions about this Privacy Policy can be sent to privacy@norami.ai. For all other inquiries, write to hello@earlyshift.ai.