Nooriel← Back to home

Data Processing Agreement

Last updated: May 30, 2026

When you use Nooriel to monitor your customers' data, you decide why and how that data is processed and you remain accountable for it. Nooriel acts as your service provider and processes it only on your instructions. This agreement sets out the responsibilities we take on to protect that data. It forms part of, and is governed by, our Terms of Service.

1. Roles

You (the customer) are the business accountable for the personal information you process through the platform. Nooriel processes it as your service provider, on your documented instructions, for the sole purpose of providing the service.

2. Our commitments

We commit to:

  • Process only on your instructions — and not for our own purposes. We do not sell or share your data, and we do not use it to train AI models.
  • Minimize exposure. Sensitive identifiers are tokenized in our Secret Vault before any AI processing, so the reasoning layer never sees raw personal information.
  • Secure the data — encryption in transit and at rest, least-privilege access, and a tamper-evident audit trail (see our Security page).
  • Keep data in the United States. Production data is hosted in U.S. data-center regions.
  • Bind our sub-processors to equivalent obligations, and remain responsible for their performance.
  • Confidentiality. Personnel with access are bound by confidentiality obligations.

3. Sub-processors

We use a limited set of vetted sub-processors (for example U.S. cloud hosting, payment processing, transactional email, and identity verification). AI reasoning providers receive tokenized inputs only. A current list is available on request, and we will give reasonable notice of material changes.

4. Assisting you

We will reasonably assist you to:

  • respond to requests from individuals exercising their privacy rights;
  • meet your security, breach-notification, and assessment obligations;
  • and provide the information you need to demonstrate compliance.

5. Security incidents

If we become aware of a breach of security affecting your data, we will notify you without undue delay and provide the information you reasonably need to meet your own notification obligations under applicable U.S. state breach-notification laws and applicable regulatory rules.

6. Return & deletion

On termination, we will, at your choice and within a reasonable period, return or delete the personal information we hold for you, except where retention is required by law (including record-keeping obligations for regulated financial activity, such as those administered by FinCEN).

7. Audits

On reasonable request, we will make available the information necessary to demonstrate our compliance with this agreement, and accommodate reasonable audits consistent with protecting the security and confidentiality of other customers.

8. Records

When you accept these terms at sign-up, we record your acceptance — including the document version and a timestamp — as part of your account's audit trail. A formal countersigned copy of this agreement is available on request for customers who require one.

9. Contact

Data-protection questions can be directed to support@nooriel.com.

Questions about this document? Contact support@nooriel.com.