← back to norji.co.uk

Trust & Security

Last updated: 25 April 2026.

NORĴI processes your emails, calendars, and business data to help you work faster. Here is how we protect it.

Encryption

Your data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Sensitive credentials like OAuth tokens get an additional application-level encryption with rotating Fernet keys, on top of the disk-level encryption.

Your data isn't AI training fuel

We never use your data to train AI. Your emails remain yours. Anthropic, our LLM provider, does not train on the API traffic we send them — this is contracted, not aspirational.

We don't sell your data

We never sell your data. Full stop. Not aggregated, not anonymised, not "shared with partners".

Authentication without password sharing

We use OAuth to connect to your email and calendar. You authenticate against Google or Microsoft directly. NORĴI never sees and never stores your account passwords.

Access is restricted

Only the minimum personnel necessary can access customer data, under contractual confidentiality obligations. All access is audit-logged and monitored. Two-factor authentication is required for all engineer access to production.

You control your data

Export everything with /export-my-data. Delete it completely with /wrap. Your data, your rules.

Compliance roadmap

We are working toward SOC 2 Type II certification and have implemented the operational controls required for it (encryption, access logging, incident response, vendor management, change management). Further certifications and independent audits will follow as the company scales. We won't claim a certification we haven't earned.

GDPR

We are fully UK GDPR compliant. Exercise any of your rights — access, rectification, deletion, portability, objection, restriction — by emailing privacy@norji.co.uk.

Found a security issue?

Please email security@norji.co.uk. We acknowledge reports within 24 hours and will keep you updated through resolution. Co-ordinated disclosure is appreciated.

Hosting region

NORĴI's primary infrastructure is hosted by Railway in the EU region. The specific Railway region in use at the time of writing is EU (eu-west). If this changes, we'll update this page and notify customers per our privacy policy.

Sub-processors

For the full list of third parties involved in delivering NORĴI (Anthropic, Stripe, Google, Microsoft, Railway, Sentry, etc.) and the safeguards governing each cross-border transfer, see the privacy policy, sections 6 and 7.

Privacy: privacy@norji.co.uk
Security: security@norji.co.uk
General: hello@norji.co.uk