Privacy Policy

Norba ("we", "us") operates the Norba NDC aggregation API and the website at norba.io. For questions about this policy, contact us at hello@norba.io.

• Account data — name and email address when you register or join the early-access waitlist.
• API usage data — request logs (endpoints called, timestamps, response codes) used for billing and reliability monitoring.
• Technical data — IP addresses, user-agent strings, and similar data collected automatically.

We do not collect payment card data directly; payments are processed by a PCI-compliant third-party processor.

• To provide and improve the API service.
• To send transactional emails (account notifications, early-access updates).
• To calculate usage-based billing.
• To comply with legal obligations.

We do not sell your data to third parties.

We share data only with subprocessors necessary to operate the service (e.g. email delivery, infrastructure providers). We require all subprocessors to handle data in accordance with applicable law.

API request logs are retained for 90 days. Account data is retained for as long as your account is active, and for up to 30 days after deletion.

Depending on your jurisdiction you may have rights to access, correct, delete, or export your personal data. To exercise these rights, email hello@norba.io.

We use only essential session cookies required for authentication. We do not use advertising or tracking cookies.

We may update this policy periodically. Material changes will be communicated by email or a notice on this page. Continued use of the service after changes constitutes acceptance.

For privacy-related enquiries: hello@norba.io.