Privacy

Last updated: May 12, 2026

Noura helps employment-support organizations manage intake, plans, resumes, job search, placement, and retention. Privacy here means practical restraint: collect less, isolate every organization at the database, and keep AI drafts under human review.

The short version

We do not sell data. We do not train AI models on client data. We do not ask end-clients to create Noura accounts. Staff accounts are controlled by the organization, and each organization controls its own client records.

What we store

When an organization uses Noura, these categories may live in our database:

Staff accounts: email address, role, organization membership, invite state, and sign-in metadata managed by Supabase Auth. Noura does not see or store plain-text passwords.
Organization records: organization name, region, website, setup status, and workspace configuration.
Client records: display name, pronouns if shared, arrival timing, English level, service area, assigned caseworker, consent timestamp, status, and job-readiness context the organization chooses to enter.
Workflow records: intake facts, task state, 90-day plan data, work-profile drafts, job-search records, applications, placements, retention check-ins, and crisis flags.
Generated artifacts: draft resume text, cover letter text, plan notes, report metadata, and file metadata when a document is generated.
Audit and usage records: who took an action, when it happened, what record it touched, model used, token counts, and approximate cost. Audit logs are append-only.

What we avoid storing

Noura is designed so the most sensitive identifiers stay out of the system whenever possible. Caseworkers should not enter social security numbers, immigration document numbers, bank details, full street addresses, medical records, or legal filings into Noura. When those identifiers are needed for an employer form, the caseworker handles them outside Noura on the organization's own approved process.

Subprocessors

Noura currently relies on these providers:

Supabase for Postgres, Auth, and Edge Functions. Production data is hosted in the US West region.
Vercel for hosting the public and protected web application.
Resend for transactional emails such as access confirmations and invite emails.
Google Workspace for Noura company email when a person replies to Noura.
OpenAI for model calls routed through Noura's server-side LLM proxy. Anthropic support exists in the architecture but is not the default production provider today.

Who can see what

Noura uses Postgres Row Level Security, so tenant isolation is enforced in the database:

A caseworker sees assigned clients and unassigned clients in their organization.
An executive director sees all clients and staff records in their organization.
A founder admin can support organizations only through an explicitly granted founder role.
One organization cannot read another organization's rows through the browser API.

Where AI fits in

Noura uses AI to draft and organize work. It does not make final employment decisions. A human caseworker or director must review plans, resumes, job matches, reports, and retention recommendations before they are used.

When Noura makes a model call, the relevant context is sent to the model provider over HTTPS through an Edge Function. Browser users do not see API keys. Per-organization API keys, when configured, are encrypted at rest with AES-GCM-256. We store usage records for cost and abuse monitoring, not long-term prompt transcripts.

Consent

Organizations are responsible for getting client consent before entering a client record. Noura records consent at the client level because the client is the person whose information is being used. A practical consent sentence should be understandable to the client: your caseworker will use Noura to organize your employment plan, draft job materials, track job-search steps, and follow up after placement.

Retention and deletion

Client records remain active while the organization is serving the client. Organizations may close records for funder audit history, export records, or request hard deletion. A hard delete removes the client and associated facts, plans, job records, retention records, workspace state, and file metadata from the live database. Backup copies age out within 30 days unless a legal or security hold is required.

If an organization stops using Noura, we will provide a reasonable export window and delete remaining organization data within 30 days after termination, unless the organization requests an export extension of up to 90 days.

Funder reporting

Funder reports should use aggregate or de-identified data by default, such as placements, applications, retention milestones, and service-area patterns. Individual client details should be shared only when the organization has reviewed the report and has authority to share that information.

Children

Noura is intended for employment services for adults. We do not knowingly create records for clients under 18.

Contact

Privacy, deletion, and security requests can be sent to hello@withnoura.com. Security reports can also go to security@withnoura.com.

Changes

If this policy changes materially, we will email organization account holders before the change takes effect. The date at the top will change whenever this page changes.