Noru logo

Noru

Last updated Jun 23, 2026

Our security commitment

Built on trust. Secured by design.

At Noru, we believe that trust is earned through transparency and a relentless commitment to security. Every product decision, line of code, and operational policy is guided by a security-first mindset. From data encryption and access controls to continuous monitoring and independent audits, we ensure that protection is not an afterthought—it’s the foundation.

We understand that our customers rely on Noru to safeguard their most critical data. That’s why we go beyond compliance standards to implement best-in-class security practices across our infrastructure and organization. Our mission is simple: empower our users to innovate with confidence, knowing their information is secure, private, and always under their control.

GDPR
ISO 27001
146
controls
28
resources
7
subprocessors

Compliance

2

Independently audited and continuously evidenced against the standards our customers rely on.

GDPR
Compliant

GDPR

General Data Protection Regulation (GDPR)

Valid through
Jun 23, 2027
ISO 27001
Certified

ISO 27001

ISO/IEC 27001:2022

Valid through
Jun 23, 2027
Certificate
221225-3

Controls

146

The safeguards we operate across our organization, technology, people, and facilities.

Inventory Labels

Asset Management

Organization assets are labeled and have designated owners.

Reviewed Dec 9, 2025ISO 27001

Media Marking

Asset Management

Where applicable, Organization marks information system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information. Exemptions must be approved by management and remain in a specific controlled area.

Reviewed Dec 9, 2025ISO 27001

Asset Transportation Authorization

Asset Management

Organization authorizes and records the entry and exit of systems at datacenter locations.

Reviewed Jan 24, 2026ISO 27001

Maintenance of Assets

Asset Management

Equipment maintenance is documented and approved according to management requirements.

Reviewed Jan 24, 2026ISO 27001

Continuity Testing

Business Continuity

Organization performs business contingency and disaster recovery tests on a periodic basis and ensures the following: • tests are executed with relevant contingency teams • test results are documented • corrective actions are taken for exceptions noted • plans are updated based on results

Reviewed Dec 9, 2025ISO 27001

Business Impact Analysis

Business Continuity

Organization identifies the business impact of relevant threats to assets, infrastructure, and resources that support critical business functions. Recovery objectives are established for critical business functions.

Reviewed Dec 9, 2025ISO 27001

Capacity Forecasting

Business Continuity

Budgets for infrastructure capacity are established based on analysis of historical business activity and growth projections; purchases are made against the established budget and plans are updated on a quarterly basis.

Reviewed Dec 9, 2025ISO 27001

Backup Configuration

Backup Management

Organization configures redundant systems or performs periodic backups of data to resume system operations in the event of a system failure.

Reviewed Dec 9, 2025ISO 27001

Resources

28

Policies, documentation, and reports that govern how we protect customer data.

Legal, Regulatory & Contractual Compliance Register

Version 2026.2 · Reviewed Jan 15, 2026 · yearly

Security Assurance & Performance Standard

Version 2026.1 · Reviewed May 17, 2026 · yearly

Data Breach Response & Continuity Plan

Version 2026.1 · Reviewed May 17, 2026 · yearly

Technical Security Controls & Roles

Version 2026.1 · Reviewed May 17, 2026 · yearly

Third-Party Management & Data Transfer Policy

Version 2026.1 · Reviewed Jan 27, 2026 · yearly

DPIA & Risk Management Methodology

Version 2026.1 · Reviewed Jan 27, 2026 · yearly

Data Retention & Disposal Policy

Version 2026.1 · Reviewed Jan 27, 2026 · yearly

Data Subject Rights (DSAR) Procedure

Version 2026.1 · Reviewed Jan 27, 2026 · yearly

Subprocessors

7

Third-party providers that process customer data on our behalf, and where they operate.

Resend

Resend

Software as a Service

Email sending platform

Website
Clerk

Clerk

Software as a Service

Account platform

Website
OpenAI

OpenAI

Software as a Service

AI platform and language model provider

Website
Vercel

Vercel

cloud

Frontend cloud platform

Website
Sentry

Sentry

Software as a Service

Error monitoring and performance platform

Website
Google Cloud Platform

Google Cloud Platform

Other

A suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products.

Website
Stripe

Stripe

Other

An online payment processing platform for internet businesses.

Website

Questions about our security?

We're glad to help your security and procurement teams move quickly.