At Normain, safeguarding our customers’ data is at the heart of everything we do. Our clients work with critically sensitive information—financial, legal, regulatory, and more—which is why Normain was built from the ground up with enterprise-grade security and privacy practices.
This page outlines the key principles, infrastructure, and certifications that underpin our approach to data protection.

Vanta Trust Center
We partner with Vanta, the industry leader in security and compliance automation, to ensure our practices meet the highest standards.
We are currently working towards certification for ISO 27001 and SOC 2
You can monitor our progress, view completed controls and audit-ready tests, and explore our compliance posture at any time via our Trust Center.

Your data & IP stays with you
You own all inputs and outputs: This includes templates, client data, and the configuration of your Normain frameworks.
We maintain the platform: The Normain product and its underlying functionality are developed and maintained by us, and your business logic and proprietary knowledge are never shared or reused.
No vendor lock-in or IP leakage: Everything you build stays within your secure environment.

Hosting to suit your needs
We offer flexible deployment models to match your risk profile and compliance requirements:
Shared Hosting: Normain’s secure environment on Microsoft Azure.
Dedicated Hosting: Isolated infrastructure and database within our cloud environment.
Customer Cloud: Full deployment within your own virtual public cloud (Azure, AWS, GCP)—no data ever leaves your environment.

We understand the importance of trust. That’s why we make security and privacy non-negotiable—so you can confidently automate the work that matters most.
If you have any questions about our information security policies or require documentation for your internal review, please reach out to us at security@normain.com.