Nodura

    Privacy Policy

    Last updated: December 12, 2025

    Our Commitment

    Your privacy is fundamental to our business. We're a compliance company—we hold ourselves to the same standards we help you meet. The key points: we operate a zero data retention policy for source code, we don't sell your data, and we give you full control over your information.

    Information We Collect

    We collect information you provide directly to us when you create an account, use our services, or contact us. This includes: • Account information (name, email address, company name) • Usage data (features accessed, compliance scans performed) • Technical data (IP address, browser type, device information) • Communication data (support requests, feedback) We operate a zero data retention (ZDR) policy for source code. Code is analyzed in real-time, never stored, and immediately discarded after analysis. No action is required from you to enforce this policy.

    Third-Party Services

    We use third-party AI providers to power our compliance analysis. These may include services from various large language model providers, and we select the most appropriate model for each analysis task. When using our service, you agree to comply with the usage policies of these providers. We also integrate with GitHub to access repository and pull request data you authorize. We only access the repositories and data you explicitly connect to Nodura.

    How We Use Your Information

    We use your information to: • Provide, maintain, and improve our compliance monitoring services • Process transactions and send related information • Send technical notices, updates, and security alerts • Respond to your comments, questions, and support requests • Monitor and analyze usage trends to improve user experience • Comply with legal obligations and enforce our terms

    Data Retention

    We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Compliance scan metadata is retained for audit trail purposes as configured by your organization. You may request deletion of your data at any time.

    Information Sharing

    We do not sell, rent, or trade your personal information. We may share information only: • With service providers who assist in operating our platform (under strict confidentiality agreements) • To comply with legal obligations, court orders, or government requests • To protect the rights, property, or safety of Nodura, our users, or others • With your consent or at your direction

    Data Security

    We implement industry-standard security measures including: • Encryption in transit (TLS 1.3) and at rest (AES-256) • SOC 2 Type II compliant infrastructure • Regular security audits and penetration testing • Access controls and authentication requirements • Incident response procedures No method of transmission over the Internet is 100% secure, but we strive to protect your information using commercially acceptable means.

    Your Rights

    Depending on your location, you may have rights including: • Access to your personal data • Correction of inaccurate data • Deletion of your data • Data portability • Opt-out of certain processing • Withdrawal of consent To exercise these rights, contact us at privacy@nodura.ai.

    International Transfers

    Our services are hosted and operated in the United States. By using Nodura, you consent to the transfer, storage, and processing of your information in the U.S. and potentially other countries. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers from the EEA, UK, or Switzerland.

    Data Processing Agreement

    For customers requiring a formal Data Processing Agreement (DPA), we provide a comprehensive agreement that details the nature and purpose of processing, duration, categories of data subjects, and categories of personal data. Our DPA ensures processing in accordance with your instructions and applicable laws including GDPR. Contact legal@nodura.ai to request a DPA.

    Aggregate Analytics

    To improve our compliance detection, we collect anonymized, aggregate metadata across our platform. This includes rule trigger frequency, violation type distribution, and framework usage patterns. This data contains no customer identifiers, code snippets, or personally identifiable information. It is used solely to improve detection accuracy for all users.

    Cookies and Tracking

    We use essential cookies to operate our platform and optional analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings. We do not use cookies for advertising purposes.

    Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

    Contact Us

    For privacy-related inquiries, contact us at privacy@nodura.ai. For general questions, reach us at hello@nodura.ai.