Cookie Policy
Last Updated: May 11, 2026
Norric — GDPR / UK GDPR / CCPA-CPRA / K-PIPA
Document ID: NRC-POL-CKE-001
Version: 1.0
Effective Date: 2026-05-06
Next Review: 2027-05-06
Policy Owner: Security Lead (security@norric.ai)
Application
This Cookie Policy applies to all visitors and users of the Norric websites operated by Norric, Inc. ("Norric," "we," "us," or "our"), including the marketing website at https://www.norric.ai and the authenticated product application at https://app.norric.ai (collectively, the "Sites"). It also applies to all Norric employees, contractors, and vendors who design, deploy, or maintain cookies and similar technologies on the Sites, including in connection with personal data of data subjects in the European Union, the European Economic Area, the United Kingdom, California, the Republic of Korea, and other jurisdictions with cookie or tracking-technology requirements.
Capitalized terms used in this Cookie Policy but not defined here have the meaning set forth in the Norric Privacy Notice, which provides additional detail about the collection and use of personal information at Norric.
What is a cookie?
Cookies are small text files placed on your computer or mobile device when you visit a website. They allow the site to recognize your device and remember information about your visit. Session cookies last only while your browser is open and are deleted when you close it. Persistent cookies remain on your device until they expire or you delete them. This Cookie Policy also applies to similar technologies such as web beacons, pixels, local storage, and SDK identifiers, even where they are not technically "cookies".
Does Norric use cookies?
Yes. Norric uses a small number of first-party cookies that are strictly necessary to operate the Sites and authenticate product users, together with optional analytics and marketing technologies that are loaded only after the visitor provides consent through the cookie banner (where consent is the legal basis under applicable law). Norric also uses a third-party content delivery network and bot-management provider (Cloudflare), which may set its own cookies on the Sites for security and reliability.
Lawful basis for our use of cookies
Where the EU GDPR, the UK GDPR, the ePrivacy Directive (and national implementations), K-PIPA, or other consent-based regimes apply, Norric stores and accesses cookies on your device on the following bases:
- Strictly necessary cookies — placed without consent because they are required to deliver the service you have requested (for example, signing you in or protecting against cross-site request forgery).
- Functional, analytics, and marketing cookies — placed only after you provide opt-in consent through our cookie banner. You may withdraw consent at any time using the Cookie Preferences link in the footer of the Sites.
Where the CCPA/CPRA applies, Norric does not "sell" personal information for monetary consideration. Where cookies could be considered a "sale" or "sharing" for cross-context behavioral advertising under California law, Norric honors Global Privacy Control (GPC) signals and the "Do Not Sell or Share My Personal Information" link exposed on the Sites.
How does Norric use cookies?
Norric uses cookies to keep authenticated users signed in to the product, to remember interface preferences such as language, to protect the Sites against abuse, and — only with your consent — to understand how visitors use our marketing pages so we can improve them. Cookies set by Norric are not used to build behavioral profiles, are not sold to data brokers, and are not used for cross-site advertising.
Categories of use
Authentication. Cookies on app.norric.ai keep you signed in to your Norric workspace and remember the workspace you are currently using.
Security. Norric uses cookies to enable session integrity, CSRF protection, and Cloudflare bot-management for the Sites.
Preferences and features. Cookies remember interface preferences such as language and your cookie-consent choices, so we do not have to ask you on every visit.
Analytics and product research (consent-gated). With your consent, Norric uses Google Analytics 4 on the marketing site to understand aggregate page traffic and to improve content. Norric does not deploy analytics cookies on the authenticated product surface at app.norric.ai.
Marketing. Norric does not currently use third-party advertising or retargeting cookies. Where we add such technologies in the future, they will appear in the cookie tables below and will be loaded only after you provide consent.
What third-party cookies does Norric use?
Norric uses Cloudflare for content delivery, DDoS protection, and bot management. Cloudflare may set strictly-necessary cookies on the Sites for these purposes. With your consent, Norric also loads Google Analytics 4. Both providers process information as Norric's processors under written agreements that include the GDPR Article 28 clauses and an appropriate cross-border transfer mechanism (Standard Contractual Clauses, with the UK International Data Transfer Addendum where applicable). The current third-party cookies are listed in the cookie tables below; the list may change from time to time, and the in-product Cookie Preferences view always reflects the current state.
How are cookies used for advertising purposes?
Norric does not use cookies, pixels, or similar technologies for cross-site advertising, retargeting, or audience-list building. We do not share cookie-derived data with advertising networks. If this changes, this Cookie Policy and the cookie banner will be updated before any such cookies are deployed.
How to control or remove cookies
You can withdraw or change your consent at any time through the "Cookie Preferences" link in the footer of the Sites. Disabling categories other than "Strictly Necessary" will not affect your ability to use the core product, but some marketing-site features may behave differently.
Most browsers also let you block or delete cookies through their settings menu. Disabling strictly-necessary cookies through your browser may prevent you from signing in to app.norric.ai or from completing forms on the Sites. Norric honors Global Privacy Control (GPC) signals: when GPC is enabled, non-essential cookies are not loaded and we do not share personal information for cross-context behavioral advertising.
Does Norric respond to Do Not Track signals?
Norric does not track visitors across third-party websites or services over time. Because there is no industry consensus on how to interpret "Do Not Track" (DNT) browser signals, Norric does not change its behavior in response to DNT. We do, however, honor Global Privacy Control (GPC) signals as described above.
Children
The Sites are intended for business users and are not directed to children. Norric does not knowingly set cookies on the devices of children under the age of 16 (or the applicable minimum age in your jurisdiction).
Appendix A: Cookie Tables
Strictly Necessary Cookies
These cookies are required for the Sites to function and to keep you signed in to the product. They are set without consent because they are necessary to deliver a service you have requested. Blocking them through your browser will break parts of the Sites.
| Domain | Cookie name | Provider | Purpose | Expiry |
|---|---|---|---|---|
| app.norric.ai | norric_session | First party | Authenticated user session for the Norric product. | Session |
| app.norric.ai | csrftoken | First party | CSRF token used to protect form and API submissions. | Up to 12 months |
| www.norric.ai, app.norric.ai | norric_consent | First party | Stores your cookie-consent choices so we do not re-prompt on every visit. | 12 months |
| www.norric.ai, app.norric.ai | __cf_bm | Cloudflare (processor) | Bot management and abuse protection for the Sites. | 30 minutes (rolling) |
| www.norric.ai, app.norric.ai | cf_clearance | Cloudflare (processor) | Confirms the browser passed Cloudflare's security challenge. | Up to 30 days |
Functional Cookies
These cookies remember choices you make to give you a more personalized experience. They are loaded only after you provide consent through the cookie banner.
| Domain | Cookie name | Provider | Purpose | Expiry |
|---|---|---|---|---|
| www.norric.ai, app.norric.ai | norric_locale | First party | Remembers the language you selected for the interface. | 12 months |
Performance and Analytics Cookies
Norric uses Google Analytics 4 on the marketing site to understand aggregate visitor behavior and improve content. IP addresses are truncated and Google Signals features (advertising personalization) are disabled. These cookies are loaded only after you provide consent through the cookie banner. To opt out at any time, change your choice in "Cookie Preferences" or install the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
| Domain | Cookie name | Provider | Purpose | Expiry |
|---|---|---|---|---|
| www.norric.ai | _ga | Google Analytics 4 (processor) | Distinguishes unique visitors for aggregate analytics. | Up to 24 months |
| www.norric.ai | _ga_<container-id> | Google Analytics 4 (processor) | Persists session state for the GA4 property. | Up to 24 months |
Marketing Cookies
Norric does not currently set marketing, advertising, or retargeting cookies. If this changes, the new cookies will be added to this table and will be loaded only after consent.
Third-Party Website Cookies
When you follow links from the Sites to third-party services (for example, Norric's documentation, status page, or external integrations), those services may set their own cookies. Norric does not control cookies set by other websites; review their respective cookie notices for details.
Appendix B: Controlling Cookies in Your Browser
You can manage cookies through the "Help," "Tools," or "Settings" menu of your browser. Disabling a cookie through your browser does not delete cookies that were previously stored — you may need to clear them manually. If you delete cookies after visiting the Sites, the information already collected before the change may still be used. Once a cookie is disabled or its consent is withdrawn, Norric will stop using it to collect any further information from your visit.
Contact and Complaints
Questions or complaints about this Cookie Policy can be sent to security@norric.ai. Where Norric is unable to resolve a complaint, EU/EEA and UK data subjects have the right to lodge a complaint with their competent supervisory authority; California consumers may contact the California Privacy Protection Agency or the California Attorney General; and Korean data subjects may contact the Personal Information Protection Commission (PIPC) or the Korea Internet & Security Agency (KISA).
Version History
| Version | Date | Description | Author | Approved by |
|---|---|---|---|---|
| 1.0 | 2026-05-06 | Initial Cookie Policy. | Security Lead | Chief Executive Officer |