Last updated — June 23, 2026
This Privacy Policy explains what data Normis (“we”, “us”) collects and how we use it, both on this website (normis.dev) and in the Normis platform — our compliance API for AI agents. By using either, you agree to this policy.
We collect only what we need to run the service:
/v1/check, we record the request context you send (such as the action, jurisdiction, and a caller identifier like agent_id) and the decision returned (allowed / blocked / escalate, with the rules cited). This is your audit log — its purpose is recordkeeping.Do not send special-category personal data (e.g. health or biometric data) in API request context unless your contract with us expressly permits it. You are the controller of the personal data you submit to the API and we process it on your behalf; you represent that you have a valid legal basis and all required consents and notices for that data, and you are responsible for it.
We use the data above to: operate and secure the platform; authenticate you and your API keys; generate and retain your audit logs; detect, prevent, and investigate abuse or fraud; provide support; and improve the product. We send transactional email (such as login codes and service notices) and, where you have agreed, occasional product updates.
We do not sell your personal data, and we do not use the contents of your API requests to train models or for any purpose beyond providing the service to you.
We keep cookies to a minimum:
normis_cookie_consent value remembers your analytics choice. These are required for the service to work and are not used for tracking.We share data only with service providers (“subprocessors”) that help us run Normis — currently Google Cloud and DigitalOcean (hosting and infrastructure), Resend (transactional email, including login codes), and Amplitude (product analytics). They act on our instructions under data-processing terms. We may also disclose data if required by law or to protect the rights and safety of users and the service.
We protect data with encryption in transit, hashed credentials and API keys, access controls, and audit logging. No system is perfectly secure, but if a breach affects your data we will notify you and the relevant authorities as required by law.
Depending on where you live (including under the GDPR and similar laws), you may have the right to access, correct, export, or delete your personal data, to object to or restrict processing, and to withdraw consent. To exercise any of these, email us — we’ll respond within the timeframe the law requires.
We retain account and audit data for as long as your account is active and as needed for legal and recordkeeping obligations; we delete or anonymize it when no longer required. Your data may be processed in the United States and other countries — including by the providers listed in section 4 — under appropriate safeguards.
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.
We may update this Privacy Policy from time to time. When we do, we’ll change the “Last updated” date above; for material changes we’ll give reasonable notice. Continued use of the Service after an update means you accept the revised policy.
Questions, or want to exercise a right? Contact us at support@normis.dev.
← Back to normis.dev