New: Norrsent Copilot for better risk identification and mitigation planning

Legal

Terms of Service

Last updated: February 12, 2026

Website Terms of Use

These terms govern use of norrsent.com and information provided through this website. The actual platform operates under separate enterprise agreements.

About Norrsent ERM

Norrsent ERM is an AI-powered enterprise risk management platform that helps organisations identify, assess, and mitigate risks across their value chain using the ISO 31000 framework.

Website Usage

The website permits learning about our services, requesting demos, and accessing general enterprise risk management information. Platform access requires a separate enterprise agreement.

Intellectual Property

All website content — text, graphics, logos, and software — belongs to Norrsent and receives full intellectual property protection. Reproduction or distribution requires prior written permission.

Demo and Trial Access

Demo access and trial periods are provided for evaluation purposes only and are subject to separate terms provided at the time of signup.

Information Accuracy

While Norrsent attempts to maintain current, accurate content, we make no warranties regarding the completeness or accuracy of the content on this website. Specifications and features may change.

Security and Compliance

The platform is ISO 27001-ready, deployed on AWS with SOC 2 / SOC 3 certification, uses AES-256 encryption, and maintains comprehensive audit trails.

Limitation of Liability

To the maximum extent permitted by law, Norrsent shall not be liable for any damages arising from your use of this website.

Data Processing Agreement

Norrsent acts as a Data Processor for customer data, providing a comprehensive DPA compliant with GDPR. Sub-processors are listed below.

Sub-Processors

AWS

Cloud infrastructure in EU (Frankfurt, Ireland) and US. SOC 2 and ISO 27001 certified.

OpenAI

AI analytics with Standard Contractual Clauses. Zero data retention policy. SOC 2 Type II certified.

Norrsent provides 30 days' notice before adding new sub-processors.

Key Data Processing Terms

  • Processing solely for contracted services
  • AES-256 encryption at rest and in transit
  • 30-day data deletion post-termination
  • JSON / CSV / Excel export available
  • 72-hour breach notification
  • Annual SOC 2 reports available on request
  • EU primary processing with Standard Contractual Clauses for international transfers

AI Processing and GDPR Article 22

Norrsent does not engage in automated decision-making with legal effects. All AI outputs are recommendations only — every decision requires human review and approval. AI-generated content is clearly labelled throughout the platform.

Enterprise Agreements

Platform usage requires individual enterprise agreements that address operational requirements, service levels, data processing obligations, and termination terms.

Contact

For any questions about these terms, contact us at contact@norrsent.com.