New: Norrsent Copilot for better risk identification and mitigation planning

Legal

Terms of Service

Last updated: February 12, 2026

Website Terms of Use

These terms govern use of norrsent.com and information provided through this website. The actual platform operates under separate enterprise agreements.

About Norrsent

Norrsent is an AI-powered GRC platform — governance, risk, and compliance on one structured foundation. It helps organisations manage risks, controls, obligations, and audit evidence across their value chain, aligned to the ISO 31000 framework.

Website Usage

The website permits learning about our services, requesting demos, and accessing general governance, risk, and compliance information. Platform access requires a separate enterprise agreement.

Intellectual Property

All website content — text, graphics, logos, and software — belongs to Norrsent and receives full intellectual property protection. Reproduction or distribution requires prior written permission.

Demo and Trial Access

Demo access and trial periods are provided for evaluation purposes only and are subject to separate terms provided at the time of signup.

Information Accuracy

While Norrsent attempts to maintain current, accurate content, we make no warranties regarding the completeness or accuracy of the content on this website. Specifications and features may change.

Security and Compliance

The Norrsent platform is ISO 27001 + SOC 2 Type II aligned, GDPR + Schrems II compliant, hosted on AWS infrastructure that holds SOC 2, SOC 3, and ISO 27001 certifications. Data is AES-256 encrypted at rest and TLS 1.3 in transit; comprehensive audit trails are cryptographically signed.

Limitation of Liability

To the maximum extent permitted by law, Norrsent shall not be liable for any damages arising from your use of this website.

Data Processing Agreement

Norrsent acts as a Data Processor for customer data, providing a comprehensive DPA compliant with GDPR. Sub-processors are listed below.

Sub-Processors

AWS

Cloud infrastructure in EU (Frankfurt, Ireland) and US. SOC 2 and ISO 27001 certified.

OpenAI

AI analytics with Standard Contractual Clauses. Zero data retention policy. SOC 2 Type II certified.

Norrsent provides 30 days' notice before adding new sub-processors.

Key Data Processing Terms

  • Processing solely for contracted services
  • AES-256 encryption at rest and in transit
  • 30-day data deletion post-termination
  • JSON / CSV / Excel export available
  • 72-hour breach notification
  • Security architecture pack and AWS SOC 2 / SOC 3 attestation reports available on request
  • EU primary processing with Standard Contractual Clauses for international transfers

AI Processing and GDPR Article 22

Norrsent does not engage in automated decision-making with legal effects. All AI outputs are recommendations only — every decision requires human review and approval. AI-generated content is clearly labelled throughout the platform.

Enterprise Agreements

Platform usage requires individual enterprise agreements that address operational requirements, service levels, data processing obligations, and termination terms.

Contact

For any questions about these terms, contact us at contact@norrsent.com.