Privacy Policy

Nora is open-source software you can run yourself. This Privacy Policy describes how personal data is handled on the hosted reference deployment operated at nora.solomontsao.com. If you run Nora on your own infrastructure, you are the data controller for that instance and this policy does not apply to it.

• Account data: the email address and password you provide at signup. Passwords are stored only as salted bcrypt hashes — never in plain text.
• Provider credentials: any LLM provider or integration API keys you add are encrypted at rest (AES-256-GCM) and used only to operate your agents.
• Operational data: the agents, workspaces, deployments, logs, and metrics you create while using the platform.
• Session data: an HttpOnly session cookie used to keep you signed in.

Data is used solely to provide and operate the service: authenticating you, running and monitoring your agents, and maintaining your account. We do not sell personal data or use it for third-party advertising.

The hosted deployment may rely on third parties you choose to connect or that are required to operate it — for example OAuth providers (Google, GitHub) if you sign in with them, your configured LLM and integration providers, and a payment processor (Stripe) if you use PaaS billing. Data shared with these services is governed by their own privacy policies.

Account and operational data is retained while your account is active. Secrets are encrypted at rest and transmitted over TLS. No system is perfectly secure, but we apply standard safeguards including encryption, hashed passwords, and access controls.

You may request access to or deletion of your account data by contacting us. Deleting your account removes your associated account and operational data from the hosted deployment.

When you self-host Nora, all data stays within your own infrastructure. You are responsible for the privacy practices, security, and any applicable compliance of the instances you operate.

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.

Questions about this policy? Email [email protected] or open an issue on GitHub.