Privacy Policy

Noarka is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, products, and services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Services.

Profile Information: Name, email address, and profile photo when you create an account or sign in via a third-party provider (Google, GitHub).

Authentication Data: Password hashes (stored via Better Auth), OAuth tokens, and multi-factor authentication setup data.

Session Data: IP address, browser type, operating system, and login timestamps for security and activity logging.

Payment Information: Card details are tokenised by Stripe and never stored on our servers. We retain only the last four digits and card brand for display purposes.

Product Access Records: Which Noarka products you have access to and your role within each product.

Audit Logs: Security events such as logins, password changes, 2FA changes, and profile updates.

Support Communications: Messages, attachments, and metadata submitted through our support ticket system.

We use your information to:

• Provide, operate, and maintain the Services
• Authenticate your identity and manage your account
• Process payments and manage billing through Stripe
• Send security alerts, verification emails, and transactional communications
• Detect and prevent fraud, abuse, and unauthorised access
• Improve and develop new features for the Services
• Comply with legal obligations

We do not sell your personal information. We share data only in the following circumstances:

• Service Providers: Stripe (payment processing), Resend (transactional email), Vercel (hosting), and Google/GitHub (OAuth authentication).
• Legal Requirements: When required by law, subpoena, or other legal process.
• Product Access: When you authorise a Noarka product (e.g., Invoisor), we share the minimum necessary profile information to enable single sign-on.

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.3), secure password hashing, rate limiting, and regular security audits. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide the Services. When you delete your account, we permanently remove all associated data including profile information, sessions, linked accounts, product access, and audit logs in a single transaction.

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your personal data
• Export your data in a portable format
• Object to or restrict certain processing activities

You can exercise most of these rights directly through your account settings (Account → Privacy). For additional requests, contact us at privacy@noarka.com.

We use essential cookies to maintain your session and authenticate your account. These are strictly necessary for the Services to function and cannot be disabled. We do not use tracking or advertising cookies.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Services after changes constitutes acceptance of the updated policy.

For questions about this Privacy Policy or our data practices:

Email: privacy@noarka.com

General: legal@noarka.com