Privacy Policy
Last updated: March 14, 2026
Normora ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains what data we collect, how we use it, how we store it, and what rights you have regarding your personal data when you use our website and services.
1. Data We Collect
We collect and process the following categories of personal data:
Account Information
- Email address (required for registration and login)
- Password hash (your password is never stored in plain text)
Learning Progress
- Course progress and completion status
- Quiz results and scores
- Completion certificates and issuance dates
Payment Data
- Stripe customer ID and subscription ID
- Subscription status and billing history
- We do NOT store credit card numbers, bank account numbers, or any direct payment details. All payment processing is handled by Stripe.
2. How We Use Your Data
We use your personal data solely for the following purposes:
- Authentication and account management: To log you in, verify your identity, and manage your account.
- Progress tracking: To store your course progress, quiz results, and completion status so you can pick up where you left off.
- Certificates: To generate and provide completion certificates when you successfully finish a course.
- Subscription management: To manage your subscription status and grant access to paid content.
- Communication: To send you essential service-related emails such as email verification and password recovery.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Data Storage
- Your data is stored in a SQLite database on our server.
- Sessions are managed server-side. Session tokens are stored as secure, HTTP-only cookies.
- Passwords are hashed using industry-standard hashing algorithms before storage. We cannot access your plain-text password.
- Our servers are located in the European Union.
4. Payment Processing
We use Stripe as our payment processor. When you subscribe, your payment details (credit card, IBAN, etc.) are collected and processed directly by Stripe. Normora does not have access to and does not store your full payment details.
Stripe processes your payment information in accordance with their own privacy policy. You can review Stripe's privacy policy at: https://stripe.com/privacy.
5. Cookies
We do not use tracking cookies, analytics cookies, or third-party cookies. We only use functional cookies that are strictly necessary for the operation of the website:
| Cookie | Purpose | Duration |
|---|---|---|
| esa_sid | Session identification (authentication) | 30 days |
| esa_token | Session token (authentication) | 30 days |
| esa_locale | Language preference (Dutch/English) | 1 year |
These cookies are strictly necessary for the functioning of the website. No data is shared with third parties through cookies.
6. Analytics and Tracking
We do not use any analytics or tracking tools such as Google Analytics, Facebook Pixel, or similar services. We do not collect anonymous usage statistics. Your browsing behavior on our website is not tracked or analyzed by third parties.
7. Your Rights
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
- Right of access: You may request a copy of all personal data we hold about you.
- Right to rectification: You may request that inaccurate or incomplete data be corrected.
- Right to erasure: You may request that we delete all your personal data. This includes your account, course progress, certificates, and all associated data.
- Right to data portability: You may request an export of your data in a structured, commonly used, and machine-readable format.
- Right to restriction of processing: You may request that we restrict the processing of your personal data in certain circumstances.
To exercise any of these rights, please contact us using the email address listed in the contact section below. We will respond to your request within 30 days.
8. Data Retention
We retain your personal data for as long as you have an active account with us. When you request deletion of your account, we will delete all your personal data within 30 days, unless we are legally required to retain certain data for a longer period (for example, for tax purposes related to payment records).
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. This includes the use of encrypted connections (HTTPS), secure password hashing, HTTP-only session cookies, and restricted database access.
10. Children
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child under 16 has provided us with personal data, please contact us so we can delete such data.
11. Changes to This Policy
We may update this privacy policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact
If you have any questions about this privacy policy, or if you wish to exercise any of your rights, please contact us:
Email: privacy@normora.com