Norian connects to Gmail using the gmail.readonly OAuth scope, the minimum necessary to provide the service. Norian never sends, modifies, deletes, drafts, or archives a single email. If it ever tried, Gmail would reject the request.
Email content is processed in memory and discarded immediately after extraction. We extract a one-line structured summary (commitment or request), then throw away the original. Your email bodies are never written to our database.
The only things stored are: the one-line summary, the email sender domain, a timestamp, and a link back to the original message in Gmail.
All data at rest is stored in EU-based infrastructure (Supabase Frankfurt, Vercel EU). Your data never leaves European servers, except for AI text analysis (OpenAI, via Standard Contractual Clauses) and payment processing (Stripe).
Every database table has Row Level Security (RLS) enforced at the database level. Users cannot access each other's data. This is architecturally enforced, not just a coding convention. Even if a bug existed in the application layer, the database would reject cross-account queries.
The action links in Norian's digest emails (Mark as done, Snooze, Not relevant) use cryptographically unique, single-use tokens. Each token expires after 48 hours and can only be used once. A replayed or forwarded link does nothing.
You can disconnect Gmail and delete your account from Settings at any time. Account deletion is OTP-verified and purges all personal data within 60 seconds. Nothing is retained after deletion, except where required by applicable law.
The database service role key (which bypasses Row Level Security) is restricted to server-side background jobs only. It is never sent to a browser, never logged, and never used in client-side code.
Norian shares data only with the sub-processors listed in our Privacy Policy, under written data processing agreements. We never sell, rent, or trade personal data.
To report a security vulnerability or ask a question: privacy@norian.ai