Norith (“Norith”, “we”, “our”) is a Swedish company that designs, builds, and maintains AI-powered automation solutions for business clients worldwide. This Privacy Policy explains how we collect, use, disclose, and safeguard Personal Data when you visit norith.ai, use our related products and services, or otherwise interact with us (collectively, the “Services”). It applies to all visitors, customers, and end-users except where a separate, product-specific policy is provided.
PurposeLawful BasisProvide, secure, and maintain the Services (account creation, authentication, workflow execution)ContractPerform a Project and store AI inputs/outputs that you or your organisation supplyContractTroubleshoot, monitor, and improve platform stability and performanceLegit. interestBuild usage analytics, product research, and aggregated reportingLegit. interestRespond to inquiries, demos, or support ticketsContract / Legit. interestSend service-related messages (transactional emails, updates, security alerts)ContractSend marketing emails, event invites, or newsletters (consent may be required in your region)Consent / Legit. interestComply with legal obligations (tax, accounting, competent-authority requests)Legal obligation
4. Data Sharing & Sub-Processors
We do not sell Personal Data. We share it only with:
Cloud & Infrastructure Providers (e.g., AWS, Google Cloud)
AI Model Providers / APIs (e.g., OpenAI) when executing customer workflows
Professional advisors (lawyers, accountants) under confidentiality
All sub-processors are bound by written data-processing agreements under Art. 28 GDPR and equivalent safeguards.
5. International Transfers
Norith is headquartered in Sweden but may store or process data on servers located in the EU, EEA, United Kingdom, United States, or other jurisdictions where we or our sub-processors operate. When we transfer Personal Data outside the EEA/UK we rely on:
Adequacy decisions (Art. 45 GDPR) or
Standard Contractual Clauses (Art. 46 GDPR) & supplementary safeguards.
6. Data Retention
Data TypeTypical RetentionContract & Billing Records7 years (legal obligation)AI Workflow DataConfigurable by customer; default 90 days (debugging, model improvement)Marketing Contact DataUntil you withdraw consent or 24 months of inactivityServer Logs & Usage Data2 monthsSecurity & analyticsUp to 12 months
Upon expiry, data is securely deleted or irreversibly anonymised.
7. Your Rights
Under the EU/UK GDPR you may: access, rectify, erase, restrict, port, object, or withdraw consent. Under the California CCPA/CPRA you may: know, delete, correct, and opt-out of “selling or sharing” (we do not sell). To exercise any right, email support@norith.ai. We may verify your identity before fulfilling the request.
8. Security
We apply industry-standard technical and organisational measures, including: TLS 1.2/1.3 encryption in transit, AES-256 encryption at rest, least-privilege IAM, and SOC 2-aligned controls. No internet transmission is 100 % secure; we therefore cannot guarantee absolute security.
9. Cookies & Similar Technologies
We use first-party and third-party cookies for:
Essential (session tokens, CSRF protection) – no consent required
Analytics (page views, referral source) – opt-in banner in EEA/UK
Marketing (newsletter pixels) – consent required
You may manage preferences anytime via the “Cookie Settings” link in the footer or through your browser.
10. Children’s Privacy
Our Services are not directed to anyone under 18. We do not knowingly collect Personal Data from children. If a child provides us data, we will delete it.
11. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced by email or prominent notice at least 14 days before they take effect.
