NorvarBack to home

Legal

Privacy Policy

Last updated: June 2026

What we collect

When you create an account, we collect your name and email address via Clerk, our authentication provider. When you run an assessment or use GRC Chat, we store your input descriptions and the results Norvar generates. We do not collect payment information directly — billing is handled by our payment processor if and when billing is introduced.

How we use it

Your assessment inputs and results are used solely to provide the Norvar service to you, to display your history, and to restore your conversations. We do not use your inputs to train AI models. We do not sell your data to third parties. We do not use your data for advertising.

Storage and retention

Your data is stored in Supabase, a cloud database provider, in the United States. Assessment history and chat conversations are retained for as long as your account is active. You may delete your account and all associated data at any time by contacting us.

Third-party services

Norvar uses the following third-party services to operate: Clerk for authentication, Supabase for data storage, Anthropic for AI inference, Voyage AI for embeddings, and Vercel for hosting. Each of these providers processes data under their own privacy policies. We recommend reviewing them if you have concerns about specific data handling practices.

Your rights

Depending on where you are located, you may have rights to access, correct, delete, or export your personal data. To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Contact

For privacy questions or requests, contact us at privacy@norvar.io.