Security

Our Security Commitment

Security is foundational to NORA. We protect your data with industry-leading practices and regular audits.

Data Encryption

• All data encrypted in transit using TLS 1.3
• All data encrypted at rest using AES-256
• End-to-end encryption for sensitive communications

Infrastructure Security

• Hosted on Google Cloud Platform with enterprise-grade security
• Regular security audits and penetration testing
• 24/7 monitoring and incident response
• Automated vulnerability scanning

Access Controls

• Multi-factor authentication required for all admin access
• Role-based access controls
• Regular access reviews and audits
• Principle of least privilege

Compliance

NORA is designed to meet GDPR, CCPA, and SOC 2 Type II requirements. Enterprise customers can request compliance documentation.

Reporting Security Issues

If you discover a security vulnerability, please report it to security@nora-ai.co. We have a responsible disclosure policy and will work with you to address any issues.