PRIVACY POLICY

(Last updated 5 July 2025)

1. Who We Are & Scope

Norith (“Norith”, “we”, “our”) is a Swedish company that designs, builds, and maintains AI-powered automation solutions for business clients worldwide.
This Privacy Policy explains how we collect, use, disclose, and safeguard Personal Data when you visit norith.ai, use our related products and services, or otherwise interact with us (collectively, the “Services”). It applies to all visitors, customers, and end-users except where a separate, product-specific policy is provided.

2. The Data We Collect

CategoryExamplesLegal Basis*Contact / Account DataName, company, email, phone, job titleContract / Legit. interestContract & BillingInvoicing address, payment method (via PCI-compliant processor)ContractUsage DataIP address, device ID, browser type, pages viewed, interaction logs, timestampsLegit. interestWorkflow DataCustomer-provided datasets, prompts, files, model outputs (only as required to execute Projects)ContractMarketing PreferencesNewsletter opt-in status, event registrationsConsentCookies / Similar TechSession cookies, analytics tags, pixelsConsent / Legit. interest

*See § 9 for details on each legal basis.

3. Why & How We Use Personal Data

PurposeLawful BasisProvide, secure, and maintain the Services (account creation, authentication, workflow execution)ContractPerform a Project and store AI inputs/outputs that you or your organisation supplyContractTroubleshoot, monitor, and improve platform stability and performanceLegit. interestBuild usage analytics, product research, and aggregated reportingLegit. interestRespond to inquiries, demos, or support ticketsContract / Legit. interestSend service-related messages (transactional emails, updates, security alerts)ContractSend marketing emails, event invites, or newsletters (consent may be required in your region)Consent / Legit. interestComply with legal obligations (tax, accounting, competent-authority requests)Legal obligation

4. Data Sharing & Sub-Processors

We do not sell Personal Data. We share it only with:

1. Cloud & Infrastructure Providers (e.g., AWS, Google Cloud)

2. Payment Processors (e.g., Stripe) — PCI-DSS compliant

3. Analytics & Monitoring Tools (e.g., Plausible, Sentry)

4. Communication Platforms (e.g., Postmark, HubSpot)

5. AI Model Providers / APIs (e.g., OpenAI) when executing customer workflows

6. Professional advisors (lawyers, accountants) under confidentiality

All sub-processors are bound by written data-processing agreements under Art. 28 GDPR and equivalent safeguards.

5. International Transfers

Norith is headquartered in Sweden but may store or process data on servers located in the EU, EEA, United Kingdom, United States, or other jurisdictions where we or our sub-processors operate.
When we transfer Personal Data outside the EEA/UK we rely on:

• Adequacy decisions (Art. 45 GDPR) or

• Standard Contractual Clauses (Art. 46 GDPR) & supplementary safeguards.

6. Data Retention

Data TypeTypical RetentionContract & Billing Records7 years (legal obligation)AI Workflow DataConfigurable by customer; default 90 days (debugging, model improvement)Marketing Contact DataUntil you withdraw consent or 24 months of inactivityServer Logs & Usage Data2 monthsSecurity & analyticsUp to 12 months

Upon expiry, data is securely deleted or irreversibly anonymised.

7. Your Rights

Under the EU/UK GDPR you may: access, rectify, erase, restrict, port, object, or withdraw consent.
Under the California CCPA/CPRA you may: know, delete, correct, and opt-out of “selling or sharing” (we do not sell).
To exercise any right, email support@norith.ai. We may verify your identity before fulfilling the request.

8. Security

We apply industry-standard technical and organisational measures, including: TLS 1.2/1.3 encryption in transit, AES-256 encryption at rest, least-privilege IAM, and SOC 2-aligned controls. No internet transmission is 100 % secure; we therefore cannot guarantee absolute security.

9. Cookies & Similar Technologies

We use first-party and third-party cookies for:

• Essential (session tokens, CSRF protection) – no consent required

• Analytics (page views, referral source) – opt-in banner in EEA/UK

• Marketing (newsletter pixels) – consent required

You may manage preferences anytime via the “Cookie Settings” link in the footer or through your browser.

10. Children’s Privacy

Our Services are not directed to anyone under 18. We do not knowingly collect Personal Data from children. If a child provides us data, we will delete it.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced by email or prominent notice at least 14 days before they take effect.

12. Contact

Data Controller — Norith, Sweden
Company: Norith (Enskild Firma)

Org.nr: 20060111-8599 · VAT: SE060111859901

Address: Kapten Karlssons Väg 9, Sweden

Email: support@norith.ai
If you believe your rights have been infringed, you may lodge a complaint with your local supervisory authority; in Sweden, this is Integritetsskyddsmyndigheten (IMY).

© 2025 Norith. All rights reserved.