N
NORA
Book a demoStart free

Legal

Privacy Policy

Last updated: April 2026

1. Introduction

NORA Strategy Inc. (“NORA,” “we,” “our,” or “us”) operates the NORA Strategy OS platform — a B2B SaaS product that helps mid-market organizations structure, evaluate, and track strategic investments. We are incorporated in Canada and based in Quebec.

This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information. It applies to our marketing website, the NORA platform, and any related services (collectively, the “Service”).

By using our Service, you agree to the collection and use of information as described in this policy. If you have questions, contact us at hello@nora-strategy.com.

2. Information We Collect

Account Information

When you register for NORA, we collect your name, work email address, company name, and role. This information is necessary to create and manage your account.

Assessment Data

When you complete our Strategy Execution Maturity Assessment, we collect your responses, scores, and any follow-up information you provide. This data is used to generate your personalized assessment results and improve our platform.

Whitepaper and Gated Content Downloads

When you download gated content (such as whitepapers or research reports), we collect your name, work email address, and company name. You may opt out of marketing communications at any time.

Usage Analytics

We collect anonymized or aggregated data about how you interact with our Service — including page views, feature usage, and button clicks — to understand how our platform is used and to improve it. We use privacy-respecting analytics tools (such as Plausible) that do not build individual advertising profiles.

Cookies and Session Data

We use essential session cookies to authenticate you and maintain your login session. We may also use optional analytics cookies with your consent. See Section 8 for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the NORA platform and its features
  • Create and manage your account and respond to your inquiries
  • Deliver your assessment results and personalize your experience
  • Send transactional communications (e.g., account confirmations, security alerts)
  • Send relevant marketing communications about NORA products and services — you may unsubscribe at any time
  • Analyze usage patterns to improve platform performance and user experience
  • Meet our legal and compliance obligations

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

We may share your information in limited circumstances:

  • Infrastructure providers: Supabase (database hosting) and Vercel (deployment platform) process data on our behalf under data processing agreements. Both operate with appropriate security standards.
  • Payment processors: If you purchase a paid plan, your payment information is handled directly by our payment processor. NORA does not store full credit card details.
  • Legal requirements: We may disclose your information when required by applicable law, court order, or government authority, or to protect the rights, property, or safety of NORA, our users, or others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. Data Storage and Security

Your data is stored in Supabase, which hosts our database on Amazon Web Services (AWS) infrastructure. All data is encrypted at rest and in transit using industry-standard protocols (TLS 1.2+, AES-256).

We apply role-based access controls, audit logging, and security best practices to protect your information. Our SOC 2 compliance program is currently in progress.

While we take reasonable precautions, no system is completely secure. We encourage you to use a strong, unique password and contact us immediately if you suspect unauthorized access to your account.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information, subject to certain legal exceptions.
  • Data portability: Request a machine-readable copy of your personal data.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Opt out of marketing: Unsubscribe from marketing emails using the link in any email we send you.

These rights are consistent with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and are broadly aligned with the EU General Data Protection Regulation (GDPR) for our international users. To exercise any of these rights, contact us at hello@nora-strategy.com. We will respond within 30 days.

7. Data Retention

We retain your account data for as long as your account is active. If you close your account, we will delete your personal information within 90 days, except where we are required to retain it for legal or compliance purposes.

Assessment data and usage analytics may be retained in anonymized or aggregated form for platform improvement purposes, even after account deletion, unless you specifically request otherwise.

Lead data collected via gated content downloads is retained until you request deletion or opt out of communications.

8. Cookies

We use two types of cookies:

  • Essential cookies: Required for authentication and session management (via Supabase). These cannot be disabled without affecting core functionality.
  • Analytics cookies: Optional. Used to understand how visitors navigate our site. These are privacy-respecting and do not track you across other websites. You may opt out at any time.

You can configure your browser to refuse cookies, but this may limit your ability to use certain features of the platform.

9. Children's Privacy

NORA is a business-to-business platform and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — such as new data uses or changes to how we share your information — we will notify you by email at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Continued use of our Service after a policy update constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us:

NORA Strategy Inc.

Quebec, Canada

Email: hello@nora-strategy.com