Privacy Policy

1. Who we are

Nora Health Ltd (“Nora”, “we”, “us”, “our”) is the data controller for personal data processed through the Nora Health platform. Registered in England and Wales. We are registered with the Information Commissioner's Office (ICO).

Contact: privacy@norahealth.co.uk

2. Our on-device architecture

Nora is designed with privacy as its architectural foundation. Session audio, transcription, and clinical note generation all occur entirely on the practitioner's device. Audio is discarded immediately after processing. No session audio is transmitted to, or stored on, Nora's servers.

3. Personal data we collect

We collect only what is necessary:

• Account information: name, email address, profession, and specialisation
• Billing information: processed securely by our payment provider
• Usage data: anonymised product analytics to improve the platform
• Support communications: when you contact us

We do not collect, store, or process session audio, session transcripts, or client records on our servers.

4. Your rights under UK GDPR

Under UK data protection law, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Erasure of your personal data
• Restrict or object to processing
• Data portability
• Lodge a complaint with the ICO at ico.org.uk

5. Data retention

Account data is retained for the duration of your account plus 12 months. You may request deletion at any time by contacting privacy@norahealth.co.uk. Billing records are retained for 7 years in accordance with UK tax law.

6. Contact and complaints

For any privacy enquiries, contact our Data Protection lead at privacy@norahealth.co.uk. You have the right to complain to the ICO at ico.org.uk.