Privacy Policy
Norman AI GmbH (hereinafter "Norman", "we" or "us") takes the protection of your personal data very seriously. This privacy policy informs you about how we collect, process, and use your data when you use our website norman.finance and our web-based accounting application (the "App"). Last updated: March 2026.
1. Name and Contact Details of the Data Controller
The party responsible for data processing is:
Norman AI GmbH
Kolonnenstr. 8
10827 Berlin
Email: support@norman.finance
Managing Directors: Petr Boiko
2. Collection and Storage of Personal Data, Type and Purpose of Use
a) When visiting the website
When you access our website, information is automatically sent to our server by your browser. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which access is made (referrer URL), browser used and, if applicable, the operating system of your computer and the name of your access provider. The aforementioned data is processed for the following purposes: ensuring a smooth connection to the website, ensuring comfortable use of our website, evaluating system security and stability, and for other administrative purposes. The legal basis for data processing is Art. 6 (1) (f) GDPR.
b) Registration and use of the App
When you register for our App, we collect the following data: first and last name, email address, phone number (optional), company data (company name, legal form, address, tax number, VAT ID), bank account details (IBAN, BIC) for bank data import. The legal basis is Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interest in providing the service).
c) Accounting data
In the course of using our App, we process the accounting data entered by you or imported via interfaces, in particular: incoming and outgoing invoices, receipts and vouchers, bank transactions, VAT advance returns (UStVA), business evaluations. This data is processed exclusively for the provision of our services (Art. 6 (1) (b) GDPR).
d) Use of our contact form
For questions of any kind, we offer you the option of contacting us via a form provided on the website. Providing a valid email address and your name is required. The processing of data entered in the contact form is based on Art. 6 (1) (f) GDPR (legitimate interest in responding to inquiries).
e) Subscription purchase
When you purchase a paid subscription, we additionally collect payment data, which is processed directly by our payment service provider. The legal basis is Art. 6 (1) (b) GDPR.
f) Newsletter registration
If you have expressly consented, we will regularly send you our newsletter with information about product updates, tax tips, and offers. The legal basis is Art. 6 (1) (a) GDPR. You may revoke your consent at any time.
g) Use of AI features
Our App uses artificial intelligence for automatic receipt processing, transaction categorization, and tax proposal generation. Your accounting data is transmitted to our AI infrastructure for this purpose. The legal basis is Art. 6 (1) (b) GDPR (contract performance). No automated decision-making within the meaning of Art. 22 GDPR takes place; all AI-generated suggestions require your confirmation.
3. Duration for Which Personal Data Is Stored
We store your personal data only as long as necessary for the purposes for which it was collected or as required by statutory retention periods. Accounting records are subject to commercial and tax law retention periods of 8 and 10 years respectively (§ 147 AO, § 257 HGB). After expiry of the retention period, the data is routinely deleted.
4. Sharing of Data
Your personal data will not be transferred to third parties for purposes other than those listed below. We only share your personal data with third parties if: you have given your express consent (Art. 6 (1) (a) GDPR), the sharing is necessary for the performance of a contract (Art. 6 (1) (b) GDPR), there is a legal obligation to share (Art. 6 (1) (c) GDPR), the sharing is necessary to protect legitimate interests and there is no reason to believe that you have an overriding interest in preventing the sharing of your data (Art. 6 (1) (f) GDPR).
5. Cookies and Consent
Our website uses cookies. Cookies are small text files that are stored on your device when you visit our website. Technically necessary cookies are set on the basis of Art. 6 (1) (f) GDPR. For all other cookies (analytics, marketing), we obtain your consent pursuant to Art. 6 (1) (a) GDPR via our cookie consent banner. You may revoke your consent at any time with effect for the future.
6. Analysis and Marketing Tools
a) Google Analytics 4
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the EU. If IP anonymization is activated on this website, your IP address will be truncated by Google within Member States of the EU. Use is based on your consent pursuant to Art. 6 (1) (a) GDPR.
b) Google Ads & Conversion Tracking
We use Google Ads to draw attention to our offers on external websites using advertising media. We can determine how successful individual advertising measures are in relation to the data of the advertising campaigns. We thereby pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you, and achieving a fair calculation of advertising costs. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR.
c) Microsoft Clarity
We use Microsoft Clarity to understand how users interact with our website. Clarity captures usage behavior (clicks, scroll behavior, mouse movements) and creates session recordings and heatmaps. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR.
7. Other Tools
a) Intercom
We use Intercom (Intercom, Inc., 55 2nd Street, San Francisco, CA 94105, USA) for customer communication, live chat, and support. When you interact with our chat, your inputs, email address, and usage data are transmitted to Intercom. The legal basis is Art. 6 (1) (b) GDPR (contract performance/pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in efficient customer communication). Data transfer to the USA is based on EU Standard Contractual Clauses.
8. Affiliate Programs
We participate in affiliate programs where third parties (e.g., Capterra, G2) refer users to our services. Cookies may be set to measure referral success. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR.
9. Payment Service Providers
For payment processing, we use the payment service provider Stripe (Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA). Your payment data (credit card data, SEPA mandates) is collected and processed directly by Stripe. We only receive confirmation of the payment status. The legal basis is Art. 6 (1) (b) GDPR (contract performance). Data transfer to the USA is based on EU Standard Contractual Clauses. For more information, please refer to Stripe's privacy policy: https://stripe.com/en-de/privacy.
10. Newsletter Dispatch and Communication
If you subscribe to our newsletter, we use your email address for the regular dispatch of product updates, tax tips, and information about our services. Registration is done via a double opt-in procedure. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR. You may unsubscribe from the newsletter at any time via the unsubscribe link in each email or by emailing support@norman.finance.
11. Integration of Third-Party Services and Content
We use content and services from third-party providers on our website to provide certain functionalities. This may involve the transmission of your IP address to the respective third-party providers. This is done in the context of our legitimate interest in an optimal presentation of our website (Art. 6 (1) (f) GDPR) or on the basis of your consent (Art. 6 (1) (a) GDPR).
12. Hosting Services
Our website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). The App is operated on cloud infrastructure within the EU. Vercel processes the aforementioned access data on our behalf. The legal basis is Art. 6 (1) (f) GDPR. Data transfer to the USA is based on EU Standard Contractual Clauses.
13. AI and Document Processing Services
For automatic receipt recognition and processing, we use AI models that analyze your uploaded documents. Document contents are transmitted in encrypted form to our AI infrastructure. Processing is carried out exclusively for the purpose of receipt capture and booking categorization. We do not use your data for training AI models. The legal basis is Art. 6 (1) (b) GDPR (contract performance).
14. Rights of Data Subjects
You have the right: to request information about your personal data processed by us pursuant to Art. 15 GDPR, to request the immediate correction of inaccurate or completion of your personal data stored by us pursuant to Art. 16 GDPR, to request the deletion of your personal data stored by us pursuant to Art. 17 GDPR, to request the restriction of processing of your personal data pursuant to Art. 18 GDPR, to receive your personal data in a structured, commonly used, and machine-readable format or to request the transfer to another controller pursuant to Art. 20 GDPR, to revoke your consent at any time pursuant to Art. 7 (3) GDPR, to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
15. Right to Object
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are grounds arising from your particular situation, or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without requiring you to state a particular situation. If you wish to exercise your right of revocation or objection, an email to support@norman.finance is sufficient.
16. Data Security
We use the widely adopted SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser during website visits. All data processed within the App is stored and transmitted in encrypted form. We employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.
17. Topicality and Changes to This Privacy Policy
This privacy policy is currently valid and was last updated in March 2026. Due to the further development of our website and offerings, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on our website.