Privacy Policy
Effective: February 27, 2026 · Contact: support@northcast.ca
1. Who We Are
Northcast ("Northcast," "we," "us," or "our") is a software-as-a-service platform operated from Canada. We provide AI-powered digital authority audits for local businesses. Our websites are northcast.ca and app.northcast.ca.
This Privacy Policy describes how we collect, use, disclose, and protect your personal information in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
2. Information We Collect
Account Information
When you register, we collect your name, email address, and a hashed password (or OAuth token if you sign in with Google). We never store your Google password.
Business Information
To run audits you provide business details: name, website URL, city, region, service category, YouTube channel, competitor URLs, and optional context such as your target audience and brand voice.
Payment Information
Payments are processed by Stripe. We do not store credit card numbers. We store your Stripe Customer ID, subscription status, and transaction history for billing records.
Usage Data
We collect information about how you use the platform: pages visited, features used, audit history, and browser/device information for security and product improvement.
Communications
If you submit a support ticket or bug report, we store the content of your message and any follow-up correspondence.
Cookies & Analytics
We use essential cookies (required for authentication) and, with your consent, Google Analytics cookies to understand usage patterns. See our Cookie Policy for details.
3. How We Use Your Information
- To provide, operate, and improve the Northcast platform
- To process payments and manage your subscription or credit balance
- To send transactional emails (audit completion, billing receipts, password resets)
- To respond to support requests and bug reports
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- To send product updates and feature announcements (you may unsubscribe at any time)
We do not sell your personal information to third parties.
4. Third-Party Service Providers
We share data with the following sub-processors to operate our service. All are contractually obligated to protect your data:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | Canada (ca-central-1) |
| Vercel | Hosting & edge network | USA / Global CDN |
| Stripe | Payment processing | USA |
| OpenAI | AI report generation | USA |
| Perplexity AI | AI citation checking | USA |
| OAuth login, Analytics, Maps, YouTube API | USA / Global | |
| Resend | Transactional email delivery | USA |
| Sentry | Error monitoring | USA |
| Apify | Web data collection (community insights) | Czech Republic / Global |
| Inngest | Background job processing | USA |
| Upstash | Rate limiting & caching (Redis) | USA |
Some providers are located outside Canada. By using Northcast, you consent to the transfer of your data to these countries, which may have different privacy laws than Canada.
5. Data Retention
We retain your personal data for as long as your account is active. Audit reports and business data are stored indefinitely to support historical comparisons unless you request deletion. Payment records are retained for 7 years as required by Canadian tax law. You may request deletion of your account and associated data at any time by contacting us at support@northcast.ca.
6. Your Rights Under PIPEDA
You have the right to:
- Access — request a copy of the personal information we hold about you
- Correct — request corrections to inaccurate or incomplete information
- Withdraw consent — withdraw consent for non-essential data uses (note: some uses are required to provide the service)
- Delete — request deletion of your account and personal data, subject to legal retention requirements
- Complain — file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca
To exercise any of these rights, email us at support@northcast.ca. We will respond within 30 days.
7. Security
We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords (bcrypt), rate limiting, and access controls. However, no system is completely secure. In the event of a data breach that poses significant risk of harm, we will notify affected users and the OPC as required by law.
8. Children's Privacy
Northcast is not intended for children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the platform at least 30 days before the change takes effect. Your continued use after the effective date constitutes acceptance.
10. Contact Us
Privacy Officer, Northcast
Email: support@northcast.ca
Canada