Northboost

Privacy Policy

Effective date: April 23, 2026

This Privacy Policy describes how Northboost Solutions ("we", "us", or "our") collects, uses, and protects your personal information when you use the Northboost platform ("Service"). We are committed to compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec Law 25, and applicable Canadian privacy law.

1. Information We Collect

We collect information you provide directly when you create an account, use the Service, or contact us. This includes:

  • Account information: name, email address, company name, and password (stored as a one-way bcrypt hash).
  • Billing information: plan selection and Stripe customer ID. Full payment card details are processed exclusively by Stripe and are never stored on our servers.
  • Content you upload: project files, documents, photos, and videos uploaded to the platform.
  • Usage data: pages visited, features used, timestamps, and in-app actions.

2. Automatically Collected Information

When you use the Service, our servers automatically record certain technical information, including:

  • IP address — used for rate limiting, fraud prevention, and security monitoring.
  • User-agent string — used to identify the browser or client making the request.
  • Access logs — timestamped records of authenticated API requests, retained for 180 days then automatically purged.
  • Session tokens — HttpOnly cookies with a 24-hour expiry, never accessible to JavaScript.

We do not use third-party advertising trackers. Analytics (PostHog) and error monitoring (Sentry) are used solely for product improvement and reliability.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Process billing and manage your subscription through Stripe.
  • Send transactional emails (account verification, invoice copies, password reset). We do not send unsolicited marketing emails without your consent.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations under applicable Canadian law.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Access logs and audit logs: 180 days.
  • Revoked session tokens: until the original token expiry date.
  • Account data: retained until you request deletion or close your account. Upon closure, data is deleted within 30 days, except where retention is required by law (e.g., billing records for tax purposes).
  • Uploaded files: deleted when you remove them or close your account.

5. Your Rights (PIPEDA / Law 25)

Under PIPEDA and Quebec Law 25, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated personal data.
  • Withdraw consent for uses beyond what is strictly necessary to provide the Service (note: withdrawal may require account closure).
  • Data portability — request an export of your data in a common machine-readable format.

To exercise any of these rights, email us at hello@northboostsolutions.com. We will respond within 30 days.

6. Data Sharing and Third Parties

We do not sell your personal information. We share data only with service providers that are necessary to operate the platform, including:

  • Stripe — payment processing (Canada/USA).
  • Sentry — error and crash reporting.
  • PostHog — product analytics (anonymized where possible).
  • OpenAI — AI features (Marketing AI, Blueprint AI). Content you submit to AI features may be processed by OpenAI subject to their data retention policies. We recommend not submitting sensitive personal information to AI features.

All sub-processors are contractually bound to protect your data and may not use it for their own purposes.

7. Security

We implement industry-standard security measures, including TLS encryption in transit, bcrypt password hashing, HttpOnly/SameSite=Strict session cookies, rate limiting, two-factor authentication (TOTP), and regular security audits. No system is perfectly secure; if you discover a vulnerability, please contact us at hello@northboostsolutions.com.

8. Cookies

We use a single session cookie (nbs_token) that is HttpOnly, SameSite=Strict, and Secure. It is used solely for authentication and expires after 24 hours. We do not use third-party tracking cookies.

9. Children

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the platform. Continued use of the Service after changes take effect constitutes your acceptance of the revised policy.

11. Contact

For privacy questions, requests, or complaints, contact our Privacy Officer at:

Northboost Solutions
Ontario, Canada
hello@northboostsolutions.com

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.

Terms of Service·Back to app