How we protect your data
You share personal things with Nora. We take that seriously.
Encryption in transit
All communication between Nora and our servers is encrypted over TLS. iMessage itself provides end-to-end encryption between you and Apple's servers — your messages are protected in transit before they ever reach us.
Encryption at rest
Your data is stored in Supabase, hosted in the EU, with encryption at rest. Connected account tokens (Google, Microsoft, etc.) are stored encrypted and only used to perform actions you explicitly request.
Who can access your data
Access to production data is strictly limited. No one on our team reads your conversations unless you report a specific issue and ask for help. We never sell your data or share it with advertisers. For a full list of who processes your data, see our privacy policy.
Found a vulnerability?
We have a responsible disclosure policy. Please report security issues privately before going public — see our Responsible Disclosure page.