Back to Home
Indie Studio is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we handle your data in accordance with GDPR requirements.
If you're located in the European Union or European Economic Area, you have specific rights under GDPR that we fully support and respect.
We process your personal data under the following legal bases:
When you connect your Gmail account and authorize Ask For Nora to process your emails, you provide explicit consent for us to access and process this data.
We process certain data based on our legitimate interests in providing and improving our service, such as analyzing usage patterns and ensuring security.
Processing necessary to deliver the Ask For Nora service as described in our Terms of Service.
As a data subject, you have the following rights:
You have the right to request a copy of all personal data we hold about you. This includes:
• The categories of personal data processed
• The purposes of processing
• Recipients of your data
• How long we keep your data
You can request correction of any inaccurate personal data we hold about you. You can also request that we complete any incomplete personal data.
Also known as the "right to be forgotten," you can request deletion of your personal data when:
• The data is no longer necessary for the original purpose
• You withdraw consent
• You object to processing and there are no overriding legitimate interests
• The data has been unlawfully processed
You can request that we limit how we use your personal data while we resolve any issues you've raised about accuracy or our legal basis for processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another service provider where technically feasible.
You can object to processing of your personal data based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
You have the right not to be subject to decisions based solely on automated processing. While Ask For Nora uses AI for data extraction, all business decisions remain under human control.
We've built privacy considerations into Ask For Nora from the ground up, ensuring data protection is integral to our system architecture.
We only collect and process the minimum amount of personal data necessary to provide our service. Email content is processed transiently and not stored permanently.
Your data is only used for the specific purposes outlined in our Privacy Policy and not for any incompatible secondary purposes.
When we transfer your data outside the EU/EEA, we ensure appropriate safeguards:
Standard Contractual Clauses: We use EU-approved standard contractual clauses for transfers to countries without adequacy decisions.
Technical Measures: All data transfers are encrypted and access is strictly controlled.
In the unlikely event of a data breach that poses a risk to your rights and freedoms:
• We will notify the relevant supervisory authority within 72 hours
• If the breach is likely to result in high risk to your rights, we will notify you directly
• We maintain detailed records of any incidents for compliance purposes
Retained for the lifetime of your account plus 30 days after deletion for recovery purposes
Retained for 7 years for business record-keeping and legal compliance
Processed transiently - not permanently stored after extraction
Retained for 90 days for security and debugging purposes
To exercise any of your GDPR rights, please contact our Data Protection Officer:
You have the right to lodge a complaint with a supervisory authority if you believe we haven't adequately addressed your concerns:
• In the EU, contact your local data protection authority
• Find your authority at: European Data Protection Board Members
We regularly review and update our GDPR compliance measures. This page was last updated on August 4, 2025. Significant changes will be communicated to affected users.