Last updated: June 16, 2026
This Privacy Policy explains how Tilework Inc. (“Tilework,” “we,” “us,” or “our”), operator of the Nori Sessions product and the norisessions.com website (together, the “Service”), collects, uses, and protects your information. Nori Sessions provides managed cloud development sessions for AI coding agents.
By using the Service, you agree to the collection and use of information in accordance with this Policy.
When you sign in, we authenticate you through Google OAuth and Firebase Authentication. Through this process we receive your email address, basic profile information (such as your name and profile picture), and a Google OpenID identifier. We use this information solely to create and secure your account and to identify you within your organization.
To deliver the Service, you may connect third-party accounts such as GitHub (to clone repositories, push branches, and open pull requests) and Slack (to trigger and follow sessions from your workspace). When you do, we store the OAuth access tokens needed to act on your behalf. These tokens are held by our credential proxy and are not exposed to the session virtual machine.
When you run a session, we process the content you and your agents create or supply — including source code, commands, agent prompts and transcripts, and command output — to operate the session and return results to you.
We collect operational data such as log records, IP addresses, timestamps, and session metadata to run, secure, debug, and improve the Service.
What we access: When you sign in with Google, we request only the
non-sensitive email, profile, and openid scopes.
How we use it: We use this Google user data exclusively for authentication and identity — to sign you in, create your account, and identify you within your organization.
What we don’t do: We do not sell your Google user data, and we do not use it for advertising or share it with third parties beyond what is necessary to provide the Service or as required by law. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We do not sell your personal information. We share information only in these limited cases:
We retain personal information for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account and associated data as described below.
We design the Service with security in mind. Integration credentials are held by a credential proxy and are not placed on session virtual machines, access is gated by your organization’s single sign-on and access controls, and data is encrypted in transit. No method of transmission or storage is completely secure, but we work to protect your information using reasonable safeguards.
Depending on your location, you may have the right to access, correct, export, or delete your personal information, or to object to or restrict certain processing. You can revoke Nori Sessions’ access to your Google account at any time from your Google Account permissions page. To exercise any of these rights, contact us at the address below.
The Service is intended for businesses and developers and is not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal information from children.
We operate in the United States, and your information may be processed and stored there or in other countries where we or our service providers operate. By using the Service, you consent to such transfer.
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
If you have questions about this Privacy Policy or our data practices, contact us at contact@tilework.tech.