Skip to main content
Norrsent

Legal

Terms of Service

Last updated: February 8, 2026

Website Terms of Use

These terms govern your use of the Norrsent website (norrsent.com) and any information, content, or services provided through this website. Platform usage is governed by separate enterprise agreements.

About Norrsent ERM

Norrsent ERM is an AI-Powered enterprise risk management platform that helps organizations identify, assess, and mitigate risks across their entire value chain using the ISO31000 framework.

Website Usage

You may use this website to learn about our services, request demonstrations, and access general information about enterprise risk management. Any use of our actual platform requires a separate enterprise agreement.

Intellectual Property

All content on this website, including text, graphics, logos, and software, is the property of Norrsent and protected by intellectual property laws. You may not reproduce or distribute content without written permission.

Demo and Trial Access

Demo access and trial periods are provided for evaluation purposes only. Such access is subject to separate terms and conditions that will be provided during the signup process.

Information Accuracy

While we strive to keep information on this website current and accurate, we make no warranties regarding the completeness or accuracy of the content. Platform specifications and features are subject to change.

Security and Compliance Information

Our platform is ISO27001 ready and deployed on AWS with SOC2/SOC3 certification. We implement enterprise-grade security measures including AES-256 encryption and comprehensive audit trails. Detailed security specifications are provided in enterprise agreements.

Limitation of Liability

To the maximum extent permitted by law, Norrsent shall not be liable for any damages arising from your use of this website or reliance on information provided herein.

Data Processing Agreement (DPA)

Norrsent acts as a Data Processor when handling customer data in the ERM platform. All enterprise customers receive a comprehensive Data Processing Agreement that governs how we process personal data on your behalf, in compliance with GDPR and other applicable data protection laws.

Sub-Processors

We engage the following approved sub-processors to deliver our services. All sub-processors are contractually bound to maintain appropriate security and confidentiality standards:

Infrastructure and Hosting

  • Amazon Web Services (AWS) - Cloud infrastructure and hosting
    Location: EU (Frankfurt, Ireland), US; SOC 2, ISO 27001 certified

AI and Analytics

  • OpenAI (OpenAI, L.L.C.) - AI-assisted analytics, risk identification, and content generation
    Location: United States (Standard Contractual Clauses for EU transfers)
    Safeguards: Enterprise API with zero data retention, SOC 2 Type II certified
    Purpose: Generate risk insights, recommendations, and automated workflows

We will notify customers at least 30 days before adding new sub-processors. Customers may object to the use of a new sub-processor on reasonable data protection grounds.

Data Processing Terms

Our DPA includes the following key provisions:

  • Processing Scope: We process data solely to provide contracted services
  • Data Security: AES-256 encryption, access controls, audit logging, penetration testing
  • Data Deletion: Customer data deleted within 30 days of contract termination
  • Data Portability: Export functionality in JSON, CSV, and Excel formats
  • Incident Response: Data breach notification within 72 hours
  • Audit Rights: Annual SOC 2 reports provided; on-site audits by arrangement
  • Data Location: Primary processing in EU (Frankfurt); US processing optional
  • International Transfers: Standard Contractual Clauses for transfers outside EU/EEA

AI Processing and GDPR Article 22

No Automated Decision-Making: Our AI features provide recommendations and insights only. They do not make automated decisions with legal or similarly significant effects (as defined in GDPR Article 22). All risk management decisions require human review and approval.

AI suggestions are clearly labeled as "AI-generated" in the platform interface, with disclaimers stating: "AI suggestions are advisory only and do not constitute automated decisions. Human review and approval are required."

Enterprise Agreements

Use of the Norrsent ERM platform requires a separate enterprise agreement with specific terms tailored to your organization's needs. Platform access, data processing, service levels, and termination terms are governed by individual contracts, not these website terms.

Contact Information

If you have any questions about these website terms, please contact us at contact@norrsent.com. For enterprise contract inquiries, please reach out through our contact form or demo request.

Enterprise Contracts

Platform usage is governed by individual enterprise agreements that address specific operational requirements, service levels, data processing terms, and contractual obligations tailored to each organization's needs.