Legal
Privacy Policy
Last updated: February 12, 2026
AI-Powered Features and Data Processing
Norrsent ERM utilises artificial intelligence for risk identification, analysis, and recommendations across operational, financial, ESG, and regulatory domains. The platform employs natural language processing, predictive analytics, and AI-assisted content generation.
All AI-generated suggestions and recommendations are advisory only and do not constitute automated decision-making under GDPR Article 22.
Third-Party AI Processors
OpenAI (OpenAI, L.L.C.)
Purpose AI-assisted analytics, risk identification, content generation
Data Processed Risk descriptions, organisational context, anonymised operational data
Location United States (with Standard Contractual Clauses for EU transfers)
Safeguards Enterprise API with zero data retention, SOC 2 Type II certified
Purpose Limitation
Data is processed exclusively for:
- Service delivery
- AI enhancement and insights
- Platform improvement (anonymised data only)
- Compliance and security
- Customer support
Data Retention Periods
| Data Type | Retention |
|---|---|
| Active risk data | Contract + 90 days |
| Archived risk data | 7 years |
| Audit logs | 2 years |
| User accounts | Contract + 30 days |
| AI training (anonymised) | Indefinite |
| Backup copies | 90-day rolling window |
| Marketing contacts | 3 years or until consent withdrawn |
Your GDPR Rights
You have the right to access, rectification, erasure, restriction of processing, data portability, objection, and consent withdrawal. To exercise any of these rights, contact us at privacy@norrsent.com. We will respond within 30 days.
Enterprise Security
The platform features AES-256 encryption, comprehensive audit trails, and 99.99% availability on AWS infrastructure.
Cookie Policy
This website uses cookies to ensure you get the best experience on our website. Below is a complete list of all cookies used by Norrsent and their purposes.