Security at Nora

Your financial data is sensitive. We treat it that way. Here's how we keep it safe.

Encryption

All data encrypted in transit (TLS 1.2+) and at rest (AES-256). Your invoices, receipts, and financial data are never stored in plain text.

Canadian Data Residency

All business data is stored on servers in Canada. Your data never leaves the country. We use AWS Canadian regions for all storage and processing.

Authentication

Secure authentication via Amazon Cognito with support for email/password, Google SSO, and two-factor authentication (2FA). Sessions expire automatically.

Access Controls

Multi-tenant architecture with strict data isolation. Your data is partitioned at the database level — no other user or tenant can access it.

PIPEDA Compliance

We comply with the Personal Information Protection and Electronic Documents Act. You have full control over your data, including the right to access, correct, and delete.

Regular Security Reviews

We conduct regular security assessments, dependency audits, and infrastructure reviews. Vulnerabilities are patched promptly.

Found a security vulnerability? Please report it responsibly to security@getnora.ca. We take all reports seriously and will respond within 48 hours.