Privacy Policy

1. Introduction

Nora Financial (“Nora,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal finance application and website at nora-financial.com.

By using Nora Financial, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use our services.

2. Information We Collect

2.1 Information You Provide Directly

• Account registration information (name, email address, password)
• Waitlist signup email address
• Communications you send us (support requests, feedback)

2.2 Financial Data via Plaid

Nora uses Plaid Technologies, Inc.(“Plaid”) to securely connect your financial accounts. When you link an account, we may receive the following data from Plaid:

• Account balances and account identifiers
• Transaction history (merchant name, amount, date, category)
• Account type and institution name
• Account owner name and contact information as provided by your financial institution

Your use of Plaid's services is governed by Plaid's End User Privacy Policy. We do not store your bank credentials — authentication is handled entirely by Plaid.

2.3 Automatically Collected Information

• Log data (IP address, browser type, pages visited, timestamps)
• Device information (operating system, browser version)
• Usage data (features used, session duration)

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Nora Financial service
• Display your financial accounts, balances, and transaction history
• Analyze your spending patterns and generate personalized financial insights
• Identify better credit card, savings, and banking products that may benefit you
• Send you service notifications, alerts, and updates about your accounts
• Respond to your inquiries and provide customer support
• Detect, prevent, and investigate fraudulent or unauthorized activity
• Comply with legal obligations

We do not sell your personal or financial data to third parties. We do not use your financial data for advertising purposes.

4. How We Share Your Information

We may share your information only in the following circumstances:

• Service Providers: Trusted vendors who assist in operating our platform (e.g., cloud hosting, email delivery, analytics). These providers are contractually bound to protect your data and may only use it to perform services on our behalf.
• Plaid:To facilitate bank account connections. See Plaid's privacy policy for details on how they handle data.
• Legal Requirements: If required by law, regulation, or valid legal process (e.g., court order, subpoena), or to protect the rights, property, or safety of Nora Financial, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your personal and financial data:

• All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
• Financial data stored in our databases is encrypted at rest using AES-256 encryption
• We never store your bank login credentials — account linking is handled entirely by Plaid
• Access to production systems is restricted to authorized personnel with multi-factor authentication
• We conduct regular security reviews and vulnerability assessments

Despite our efforts, no method of electronic transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at security@nora-financial.com.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. Specifically:

• Account data: Retained while your account is active and for up to 90 days after deletion, to allow for account recovery and to fulfill any outstanding obligations.
• Financial transaction data: Retained for up to 24 months to provide historical analysis and financial insights. You may request earlier deletion.
• Log and usage data: Retained for up to 12 months for security and operational purposes.
• Waitlist data: Email addresses collected for our waitlist are retained until the waitlist program concludes or until you request removal.

After the applicable retention period, data is securely deleted or anonymized. We review our retention practices annually.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate or incomplete data
• Deletion: Request deletion of your personal data (“right to be forgotten”)
• Portability: Request your data in a structured, machine-readable format
• Opt-out: Unsubscribe from marketing communications at any time
• Account disconnection: Disconnect linked financial accounts at any time through the app settings

To exercise any of these rights, contact us at privacy@nora-financial.com. We will respond within 30 days.

8. Consent

By creating an account or linking a financial institution through Plaid Link, you expressly consent to:

• The collection and processing of your personal and financial data as described in this policy
• Plaid accessing your financial institution data on your behalf
• Receiving account-related notifications and service communications

You may withdraw consent at any time by deleting your account. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Children's Privacy

Nora Financial is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us personal information, we will delete it promptly. Contact us at privacy@nora-financial.com if you believe we have inadvertently collected data from a minor.

10. Third-Party Services

Our service integrates with the following third-party providers:

• Plaid Technologies, Inc. — financial data connectivity. Plaid Privacy Policy
• Vercel, Inc. — cloud hosting and infrastructure. Vercel Privacy Policy

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by emailing the address associated with your account or by posting a prominent notice on our website. Continued use of the service after the effective date of any change constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: