← Back to home

Privacy Policy

Last updated: 3 May 2026

1. Introduction

Tahmeed Nabi trading as Nora AI, ABN 28 519 020 319 (“we”, “us”, “our”) operates Nora, an AI-powered phone answering and business management platform. We are committed to protecting the privacy of our users and their clients in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

Nora is intended for users 18 years of age or over. We do not knowingly collect personal information from anyone under 18.

2. Information We Collect

Account information:

  • Name, email address, phone number
  • Business name, address, and service details
  • Internal account identifiers (user ID, business ID) used to associate your data with your account
  • Payment information (processed securely via Stripe on web, or by Apple for iOS in-app subscriptions; we do not receive or store payment card details)

Call and messaging data:

  • Call recordings and transcripts
  • SMS message content
  • Caller phone numbers and extracted contact details
  • AI-extracted information (caller name, job type, address, urgency)

Usage and diagnostic data:

  • Server-side request logs (endpoint, status code, timestamp, IP address, user agent) for diagnostics and security monitoring
  • AI assistant conversation history

3. How We Use Your Information

  • Providing and improving the Service (call answering, scheduling, SMS, quotes)
  • Processing payments and managing subscriptions
  • AI processing: analysing calls to extract structured details, generate responses, and perform requested actions
  • Sending service-related notifications (call summaries, booking confirmations)
  • Customer support and troubleshooting
  • Complying with legal obligations

We do not track you across other apps or websites. We do not share your data with data brokers, advertising networks, or any third party for marketing purposes. We do not sell your data.

Your data — including call recordings, transcripts, SMS messages, and AI assistant conversations — is not used to train AI models. We use enterprise tiers of our AI providers (Anthropic, Vapi, Deepgram) under data processing agreements that exclude your data from being used for model training.

4. Third-Party Services

We use the following third-party services to operate Nora:

  • Twilio — Phone number provisioning, call routing, and SMS delivery
  • Vapi — AI voice conversation handling
  • Anthropic (Claude) — AI language processing for call extraction and in-app assistant
  • Deepgram — Call transcription
  • Auth0 — Authentication and identity management
  • Stripe — Payment processing for web subscriptions
  • Apple App Store — Payment processing for iOS in-app subscriptions; billing data is handled by Apple under their privacy policy
  • RevenueCat — Subscription management and receipt validation for iOS in-app purchases
  • AWS S3 — Secure file storage (call recordings)
  • Expo — Push notifications

Each provider processes data under their own privacy policy and in accordance with our data processing agreements.

5. Data Storage and Security

Your data is stored on servers located in the Asia-Pacific region (Sydney, Australia where available). We implement industry-standard security measures including encrypted connections (TLS), secure authentication, and access controls. Call recordings are stored in encrypted cloud storage with time-limited access URLs.

6. Data Retention

  • Account data is retained while your account is active and for 30 days after deletion
  • Call recordings and transcripts are retained for 12 months from the date of the call
  • AI assistant conversation history is retained for 90 days
  • Payment records are retained as required by Australian tax law (7 years)

7. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Opt out of marketing communications
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

8. Client Caller Privacy

When clients call a business using Nora, their call data (phone number, name if provided, call recording and transcript) is collected and processed on behalf of the business. The business owner is the data controller for their clients' data; we act as a data processor.

Nora's AI assistant identifies itself as an AI at the start of each call and discloses that the call is being recorded. Recordings are encrypted at rest and accessible only to the business owner and authorized team members. Businesses remain responsible for compliance with applicable jurisdiction-specific recording-consent laws, which vary across Australian states.

9. Cookies and Analytics

Our website uses essential cookies for functionality. We do not use third-party advertising cookies. We do not currently use third-party analytics tools; the diagnostic logging described in Section 2 is the extent of our usage tracking.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notification. The “Last updated” date at the top of this page indicates when the policy was last revised.

11. Contact Us

For privacy-related enquiries or to exercise your rights, contact us at support@noraai.au.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.