NormSuite← Back to Home

Privacy Policy

Last updated: February 28, 2026

1. Who We Are

NormSuite is operated by CalMax Systems. Our suite of regulatory compliance tools is available at normsuite.com and its subdomains. This policy covers all NormSuite products: TariffCalc, IEEPA Refund Assistant, W-2 Tip & OT Compliance, AI Content Disclosure, and CMMC Tracker.

2. Information We Collect

Account information: When you sign up, we collect your name and email address. You can also sign in with Google, in which case we receive your Google profile name and email.

Usage data: We collect information about how you use our tools, including pages visited, features used, and calculation inputs. This helps us improve the product.

Payment information: Payments are processed by Stripe. We do not store your credit card numbers. Stripe's privacy policy governs payment data handling.

Device information: We collect standard web analytics data including browser type, device type, and IP address.

3. How We Use Your Information

  • To provide and maintain our regulatory compliance tools
  • To authenticate your account and manage your subscription
  • To send transactional emails (account verification, password resets, subscription receipts)
  • To improve our products based on usage patterns
  • To respond to support requests

We do not sell your personal information. We do not send marketing emails unless you opt in.

4. Data Storage and Security

Your data is stored on Cloudflare's global network using Cloudflare D1 (database), KV (cache), and R2 (file storage). All data is encrypted in transit via HTTPS. Authentication is handled by a dedicated auth service with secure, httpOnly cookies.

5. Third-Party Services

  • Cloudflare: Hosting and infrastructure
  • Stripe: Payment processing
  • Google OAuth: Optional sign-in method
  • SMTP2GO: Transactional email delivery
  • Anthropic (Claude API): AI-powered features in select tools

6. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the service to function. We do not use advertising or tracking cookies.

7. Your Rights

You can request to view, export, or delete your account data at any time by contacting us at support@normsuite.com. Account deletion removes all stored data within 30 days.

8. Children's Privacy

NormSuite is designed for business use and is not directed at children under 13. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of NormSuite after changes constitutes acceptance.

10. Contact

For privacy questions or data requests, email us at support@normsuite.com.

CalMax Systems
NormSuite Privacy Team