Privacy Policy
Last updated: 3 June 2026
This Privacy Policy explains how Noria Billing, operated by Noria Technologies LTD ("Noria", "we", "us"), collects, uses, and protects personal data when you use our invoicing, payment-collection, and payout platform (the "Service"). It should be read together with our Terms of Service.
1. Our roles
- Your account and workspace data (the people who sign in and administer a workspace): we act as the controller.
- Your customers' data that you load into the Service to invoice and collect payments (the "Customer Data"): we act as a processor on your behalf. You are the controller and are responsible for having a lawful basis and the necessary notices to process it.
2. Data we collect
- Account data - name, email, and authentication identifiers (we use one-time email codes and Google sign-in; we do not store passwords).
- Workspace data - company profile, logo, invoicing defaults, and (encrypted) payment-provider credentials you configure.
- Customer & transaction data - customers, invoices, line items, payments, and payment references you create or that providers return (e.g. payment receipt numbers, phone numbers used to request a payment, provider references, amounts).
- Disbursement data - details of payout recipients you enter (e.g. recipient name, phone number, or bank/till/paybill number) and the references providers return for a payout.
- Usage & technical data - log entries, IP address, request metadata, and aggregate metrics used for security, rate-limiting, and reliability.
- Cookies - a single secure, httpOnly session cookie to keep you signed in.
We do not store full card numbers, CVVs, or mobile-money PINs - those are handled by the payment providers, never by us.
3. How we use data
- to provide, operate, and secure the Service;
- to process and reconcile payments and send transactional emails (one-time codes, invoices, receipts, invitations, renewal reminders);
- to enforce plan limits and bill your subscription;
- to detect, prevent, and investigate abuse, fraud, and security incidents;
- to comply with legal obligations and enforce our Terms.
4. Legal bases
Where data-protection law applies, we rely on: performance of a contract (to provide the Service), legitimate interests (security, reliability, product improvement), consent (where required), and compliance with legal obligations.
5. Sub-processors
We use trusted third parties to run the Service. Each processes data only as needed to perform its function:
| Sub-processor category | Purpose |
|---|---|
| Mobile-money payment providers | Collecting mobile-money payments and sending payouts |
| Card and bank payment providers | Card and bank payment processing and subscription billing |
We also engage infrastructure providers for hosting, data storage, email delivery, and error monitoring. A current list of these sub-processors is available on request at [email protected].
Your configured payment providers receive the data necessary to process a given transaction.
6. Sharing and disclosure
We do not sell personal data. We share data only with the sub-processors above, at your direction, or where required by law or to protect our rights, users, or the public. If we are involved in a merger or acquisition, data may transfer subject to this Policy.
7. International transfers
Where data is processed outside your country, we take steps to ensure an adequate level of protection consistent with applicable law.
8. Retention
We retain account and Customer Data for as long as your workspace is active and as needed to provide the Service, then delete or anonymize it in line with our retention practices, unless a longer period is required by law (for example, financial-record obligations). You can delete your workspace at any time, which permanently removes its data.
9. Security
We apply industry-standard safeguards, including encryption in transit (TLS), encryption at rest for stored payment-provider credentials, strict per-workspace data isolation enforced at the database (row-level security), scoped access roles, and rate limiting. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to incidents.
10. Your rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing.
- Export - workspace owners/admins can download all workspace data from Settings → Export.
- Deletion - workspace owners can permanently delete the workspace and its data from Settings → Danger zone.
- For requests about your individual account data, contact us using the details below. If we process data on behalf of a Merchant (as a processor), please direct your request to that Merchant.
11. Cookies
We use a strictly necessary session cookie for authentication. We do not use third-party advertising or tracking cookies.
12. Children
The Service is not directed to children under 18, and we do not knowingly collect their personal data.
13. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, for material changes, provide reasonable notice.
14. Contact
Privacy questions or requests: [email protected].