Back to Home
We understand that you're trusting us with sensitive business information. That's why security is built into every aspect of Ask For Nora from the ground up.
Your data is protected by industry-standard security measures and best practices.
All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure encryption protocol.
Your data is encrypted when stored in our databases using AES-256 encryption, ensuring protection even if physical security is compromised.
We use Google's secure OAuth 2.0 authentication system, eliminating the need to store passwords and leveraging Google's advanced security infrastructure.
Access to your data is strictly limited to the minimum necessary for the service to function. Our systems only request the specific Gmail permissions needed for email processing.
Secure session tokens with automatic expiration and renewal mechanisms protect against unauthorized access.
Our application is hosted on Vercel's secure cloud infrastructure, which provides:
• DDoS protection
• Automatic SSL certificate management
• Global CDN with edge security
• Regular security updates and patches
Our PostgreSQL database is hosted on Neon, providing:
• Automated backups
• Point-in-time recovery
• Network isolation
• Encrypted storage volumes
Input Validation: All user inputs are validated and sanitized to prevent injection attacks
CSRF Protection: Cross-site request forgery protection on all state-changing operations
XSS Prevention: Content Security Policy headers and output encoding prevent cross-site scripting
Rate Limiting: API endpoints are rate-limited to prevent abuse
Dependency Management: Regular updates and security scanning of all dependencies
• Emails are processed transiently and not permanently stored in our systems
• Only extracted property data is retained, not the full email content
• Attachments are processed in isolated environments and immediately discarded
• OpenAI API calls use their secure endpoints with API key authentication
• No sensitive data is used for AI model training
• Data sent to OpenAI is processed according to their data usage policies
We maintain a comprehensive incident response plan to quickly address any security issues:
1. Detection: Continuous monitoring for suspicious activities and anomalies
2. Assessment: Immediate evaluation of the scope and impact of any incident
3. Containment: Swift action to prevent further damage or data exposure
4. Notification: Prompt communication to affected users if required
5. Recovery: Restoration of normal operations with enhanced security measures
6. Review: Post-incident analysis to improve future security
Full compliance with EU General Data Protection Regulation
Adherence to California Consumer Privacy Act requirements
Following OWASP security guidelines and recommendations
Security is a shared responsibility. To help keep your account secure:
• Keep your Google account secure with strong passwords and 2FA
• Only grant access to trusted team members
• Report any suspicious activity immediately
• Keep your browser and operating system updated
• Use Ask For Nora only on secure, trusted networks
Found a security issue? We appreciate responsible disclosure.