Privacy Policy
Effective: February 27, 2026 · Contact: support@northcast.ca
1. Who We Are
Northcast ("Northcast," "we," "us," or "our") is a software-as-a-service platform operated from Canada. We provide AI-powered digital authority audits for local businesses. Our websites are northcast.ca and app.northcast.ca.
This Privacy Policy describes how we collect, use, disclose, and protect your personal information in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
2. Information We Collect
Account Information
When you register, we collect your name, email address, and a hashed password (or OAuth token if you sign in with Google). We never store your Google password.
Business Information
To run audits you provide business details: name, website URL, city, region, service category, YouTube channel, competitor URLs, and optional context such as your target audience and brand voice.
Payment Information
Payments are processed by Stripe. We do not store credit card numbers. We store your Stripe Customer ID, subscription status, and transaction history for billing records.
Usage Data
We collect information about how you use the platform: pages visited, features used, audit history, and browser/device information for security and product improvement.
Communications
If you submit a support ticket or bug report, we store the content of your message and any follow-up correspondence.
Cookies & Analytics
We use essential cookies (required for authentication) and, with your consent, Google Analytics cookies to understand usage patterns. See our Cookie Policy for details.
3. How We Use Your Information
- To provide, operate, and improve the Northcast platform
- To process payments and manage your subscription or credit balance
- To send transactional emails (audit completion, billing receipts, password resets)
- To respond to support requests and bug reports
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- To send product updates and feature announcements (you may unsubscribe at any time)
- To improve our scoring models by analyzing aggregated audit outcomes and signal patterns (see section 3a below)
We do not sell your personal information to third parties.
3a. Machine Learning & Scoring Improvement
Northcast uses internal machine learning systems to improve the accuracy and relevance of audit recommendations over time. These systems collect and process:
- Scoring signals — technical data points gathered during each audit (e.g., page speed, schema types, word count, video count). These are publicly available signals from your website, not personal information.
- Outcome tracking — when you run a follow-up audit, we compare your current scores to previous audits to measure which recommendations had the greatest impact.
- Client profile — we maintain an aggregated profile per business tracking audit frequency, strongest/weakest areas, and which types of recommendations you tend to act on. This helps us prioritize more relevant recommendations.
This data is used only internally to improve our scoring algorithms. It is not shared with any third party, not used for advertising, and not sold. ML training data is permanently deleted when you delete your account.
You may request exclusion from scoring model improvement by emailing support@northcast.ca. Your audits will continue to function normally.
3b. Authority Profiles
After an audit, we may generate a structured authority profile for your business containing your authority scores, topic expertise, and publicly available content links. Authority profiles are private by default and are not published unless you explicitly opt in.
If you choose to make your profile public, it will be accessible via our API and may appear in search results. You can change your profile visibility at any time from your business dashboard. Deleting your account permanently removes your authority profile.
4. Third-Party Service Providers
We share data with the following sub-processors to operate our service. All are contractually obligated to protect your data:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | Canada (ca-central-1) |
| Vercel | Hosting & edge network | USA / Global CDN |
| Stripe | Payment processing | USA |
| OpenAI | AI report generation | USA |
| Perplexity AI | AI visibility checking | USA |
| OAuth login, Analytics, Maps, YouTube API | USA / Global | |
| Google Gemini | AI verdict scoring & newsletter generation | USA |
| Resend | Transactional email delivery | USA |
| Sentry | Error monitoring | USA |
| Apify | Web data collection (community insights) | Czech Republic / Global |
| Inngest | Background job processing | USA |
| Upstash | Rate limiting & caching (Redis) | USA |
Some providers are located outside Canada. By using Northcast, you consent to the transfer of your data to these countries, which may have different privacy laws than Canada.
5. Data Retention
We retain your personal data for as long as your account is active. Audit reports and business data are stored indefinitely to support historical comparisons unless you request deletion. Payment records are retained for 7 years as required by Canadian tax law.
When you delete your account, all personal data is permanently removed within 7 days, including: your profile, businesses, audit reports, scoring signals, ML training data, client profiles, authority profiles, and recommendation history. Only anonymized, aggregated statistics may be retained.
You may request deletion of your account and associated data at any time from your profile settings or by contacting us at support@northcast.ca.
6. Your Rights Under PIPEDA
You have the right to:
- Access — request a copy of the personal information we hold about you
- Correct — request corrections to inaccurate or incomplete information
- Withdraw consent — withdraw consent for non-essential data uses (note: some uses are required to provide the service)
- Delete — request deletion of your account and personal data, subject to legal retention requirements
- Complain — file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca
To exercise any of these rights, email us at support@northcast.ca. We will respond within 30 days.
7. Security
We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords (bcrypt), rate limiting, and access controls. However, no system is completely secure. In the event of a data breach that poses significant risk of harm, we will notify affected users and the OPC as required by law.
8. Children's Privacy
Northcast is not intended for children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the platform at least 30 days before the change takes effect. Your continued use after the effective date constitutes acceptance.
10. Contact Us
Privacy Officer, Northcast
Email: support@northcast.ca
Canada