Trust & data control¶
Nora is built for people and organisations who cannot hand their inbox to a black box. The whole design answers one question: what leaves your control, and what never does.
1. She never sends as you¶
Nora drafts — you send. She has no permission to send mail on your behalf, and for any
outward action she proposes it and waits for your explicit confirmation (AG) before doing
anything. There is no "auto-send," no "reply on my behalf as the CEO." This is structural, not a
setting: the trust model is the product.
2. Choose how far your mail travels — the assurance ladder¶
Nora runs at the rung you're comfortable with. You can start high-assurance and never move.
| Rung | Where drafting happens | Where your mail lives | For whom |
|---|---|---|---|
| R1 — Cloud | Our service calls a hosted LLM | Passes through our infrastructure (DPA-covered) | Individuals; low-sensitivity inboxes |
| R2 — In-tenant | Drafts are written into your own Google/M365 Drafts | Stays inside your tenant; only a DPA-covered model call leaves | Firms that must keep mail in their own Workspace/365 |
| R3 — Sovereign | Self-hosted, local inference on hardware you control | Never leaves your walls — zero egress | Regulated / privacy-critical: legal, finance, health, public sector |
R3 is the one incumbents structurally can't offer. Superhuman, Shortwave, Fyxer and the like are US multi-tenant SaaS that process your mail on their servers. Under the US CLOUD Act, a US provider can be compelled to produce data even when the servers sit in Frankfurt. Nora's R3 removes that exposure by construction: the model runs inside your perimeter and nothing goes out.
3. Per-message control: keep-local¶
Any message can be marked keep-local (KL) — Nora handles it on-device only, with no external
model call at all, regardless of the rung you normally run at. The sensitive email stays put.
4. What we do not do with your mail¶
- We do not train on your email. Your messages, drafts and calendar are never used to train or fine-tune any model.
- We do not sell or share your data.
- Least-privilege access. The Gmail connection uses
gmail.modify(read, label, draft) — there is no send scope. Nora cannot send even if something went wrong.
5. Don't trust us — read it, or run it¶
Nora is transparent by design. You (or your security team) can read exactly what it does, and at R3 you run the whole thing yourself — the strongest possible assurance is code you control on hardware you own. We would rather earn trust with transparency than ask for it with a logo.
Regulatory note: the EU AI Act becomes broadly applicable on 2 August 2026. Nora's human-in-the-loop (never-send) design and R2/R3 deployment options are built to sit inside those obligations — human oversight, data control, and auditability — rather than fight them.