Privacy Policy

Normaly LLC


Effective Date: 01/08/2026

1. Introduction

Normaly LLC (“Normaly,” “we,” “us,” or “our”) provides professional systems consulting, audit, implementation, and integration services for enterprise software platforms. This Privacy Policy explains how we collect, use, access, and protect information in connection with our website, services, and client engagements.

By using our website or services, you agree to the practices described in this Privacy Policy.

2. Information We Collect

a. Information You Provide Directly

We may collect information you voluntarily provide, including:

  • Name, email address, company name, and contact details

  • Information submitted through contact forms, intake forms, scheduling tools, and newsletters

  • Communications sent via email or support channels

b. Client System Data (Accessed During Services)

In the course of providing audits, implementations, integrations, or support services, Normaly may access data within client-owned systems that are in scope of an engagement. This may include:

  • Names, email addresses, mailing addresses, and phone numbers

  • Order, inventory, fulfillment, and warehouse data

  • Payment status information (excluding full payment instrument details)

  • Logs, error payloads, and system metadata

  • Internal user or employee identifiers

Normaly does not intentionally collect or process sensitive personal data such as government IDs, financial account numbers, health data, or biometric data.

c. Payment Information

Payments are processed by third-party payment processors. Normaly does not store raw bank account details, card numbers, or payment credentials. Payment data is processed and stored by our payment providers.

d. Automatically Collected Data

We may collect limited technical data such as IP address, browser type, device information, and usage analytics through standard analytics tools.

3. How We Use Information

We use information solely to:

  • Deliver and support professional services

  • Communicate regarding projects, support requests, and service updates

  • Process payments and prevent fraud

  • Improve our services and website

  • Comply with legal and regulatory obligations

We do not sell personal data.

4. Client System Access & Responsibilities

Access to client systems is:

  • Granted by the client

  • Limited to the scope of the purchased service

  • Provisioned using temporary or role-based permissions

  • Governed by least-privilege principles

Clients remain responsible for:

  • Granting and revoking access

  • Reviewing changes made within their systems

  • Confirming off-boarding and access removal after project completion

5. Credentials & Security

Normaly:

  • Does not store client passwords in documentation or ticketing systems

  • Stores credentials only in encrypted password managers with client-isolated vaults

  • Enforces multi-factor authentication where supported

  • Uses encrypted connections for system access

  • Applies access logging where available

  • Binds all staff and contractors to confidentiality obligations

6. Data Storage & International Access

Normaly’s systems and records are hosted with US-based service providers. Authorized personnel may access systems remotely from outside the United States (including India). Such access is authenticated, logged where available, protected by MFA, and conducted over encrypted connections.

No customer data is stored locally outside US-hosted systems.

7. Subprocessors

Normaly uses third-party service providers to support operations, including:

  • Website hosting and commerce platforms

  • Payment processing and bank verification services

  • Email, document storage, and collaboration tools

  • Project management and ticketing systems

  • Analytics providers

These providers process data only on our instructions and in accordance with their own privacy and security obligations.

8. Data Retention

We retain information:

  • For the duration of a project and up to 12 months thereafter, or

  • As required for accounting, legal, or contractual obligations

9. Data Deletion Requests

Clients may request deletion of their data by contacting us. We will respond within 30 days and delete data unless retention is legally required. If deletion is not possible due to legal obligations, we will notify the client accordingly.

10. Security Incidents

In the event of a suspected security incident involving client data, Normaly will notify affected clients without undue delay and, where feasible, within 72 hours of confirmation.

11. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data. Requests may be submitted to the contact email below.

12. Contact

Email: legal@normaly.io