Normora ("Normora", "we", "us") provides a financial dashboard and AI co-pilot that reads your general ledger from connected accounting systems such as Exact Online and e-Boekhouden. This policy explains what data we collect, why we collect it, and the choices and rights you have. It applies to our website, application and related services (together, the "Service").
1. Overview
We built Normora to be read-only with respect to your books: we import and reconcile ledger data so we can compute and display financial metrics, but the Service never writes back to your accounting system. We only collect the data reasonably necessary to operate, secure and improve the Service.
2. Data we collect
Account & profile data
- Name, email address and hashed password when you register.
- Company details you provide, and your role within a company (owner, admin, accountant, viewer).
- Billing information, handled by our payment processor — we do not store full card numbers.
Financial & ledger data
- Chart of accounts, ledger balances, transactions, invoices and bills imported from Exact Online, e-Boekhouden or other connected systems you authorize.
- Metrics we compute from that data — cash position, EBITDA, working capital, AR/AP aging and similar figures.
Usage & device data
- Log data such as IP address, browser type, pages visited and timestamps.
- Questions and messages you send to the AI co-pilot, so we can generate and, where needed, troubleshoot responses.
3. How we use your data
- To provide, operate and maintain dashboards, reports and the AI co-pilot.
- To reconcile and map your chart of accounts to standard financial categories.
- To detect anomalies such as duplicate bills or unusual postings.
- To authenticate you, secure your account, and enforce role-based access within your company.
- To communicate with you about your account, changes to the Service, or in response to support requests.
- To monitor, debug and improve the reliability and performance of the Service.
4. Sharing & subprocessors
We do not sell your data. We share data only with:
- Infrastructure providers that host our application, database and backups under contractual confidentiality and security obligations.
- The AI providers that power the co-pilot feature, which process the questions you ask and the underlying figures needed to answer them.
- Payment processors, to handle billing.
- Other members of your company workspace, according to the role and permissions assigned to them.
- Authorities, where required by law, regulation or valid legal process.
5. Data retention
We retain account and ledger data for as long as your company maintains an active connection, plus a limited period afterward to allow reconnection and to meet accounting and legal record-keeping obligations. You may request deletion of your account data at any time, subject to the retention we are required to keep by law.
6. Security
- Data is encrypted in transit (TLS) and at rest.
- Access to connected accounting systems is read-only — the Service never writes back to your books.
- Access to production data is restricted to authorized personnel on a need-to-know basis.
- No method of transmission or storage is 100% secure; we cannot guarantee absolute security of your data.
7. Your rights
Depending on your location, you may have the right to access, correct or erase your data, request a portable copy of it, object to or restrict certain processing, and withdraw consent at any time. You may also lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us using the details in Section 9.
8. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by email or through the Service before the change takes effect. The "Last updated" date above reflects the most recent revision.
Questions about this policy or how we handle your data can be sent via our contact page.