NorthStarNORTHSTAR

Privacy Policy

Last updated: 6/25/2026

North Star App ("we", "us", "our"), operating the NorthStar service, respects your privacy. This policy explains what personal data we collect, why we collect it, how we share it, and your rights.

Data controller

North Star App is the data controller responsible for your personal data processed through the NorthStar service. You can reach us at hello@northstar.app.

What we collect

  • Account data: email, name, avatar (from Google sign-in if used).
  • Campaign content: the website URL, budget, location, goal, brand voice, and generated strategies you create.
  • Payment metadata: subscription status, plan, and transaction IDs (handled by Paddle, our merchant of record — we do not store full card details).
  • Technical data: session cookies and basic logs (IP, user agent) for security.

How we use it

  • Provide and improve the service.
  • Generate AI strategies via Lovable AI Gateway (Google Gemini, OpenAI). Your inputs are sent to these providers to produce outputs.
  • Process subscriptions and refunds via Paddle.
  • Communicate with you about your account.

Data sharing

We share data only with sub-processors needed to run the service: Lovable Cloud (hosting + database), Lovable AI Gateway (AI inference), and Paddle (payments). We do not sell your data.

Legal basis for processing (GDPR)

  • Contract: processing your account data, campaign content, and payment metadata is necessary to provide the service you signed up for.
  • Legitimate interests: securing the service, preventing fraud and abuse, basic analytics to improve the product, and responding to support requests.
  • Legal obligation: retaining transaction and tax records as required by law.
  • Consent: non-essential cookies and any optional marketing communications. You can withdraw consent at any time.

Your rights

Under GDPR / UK GDPR / CCPA you may request access, correction, export, restriction, objection, or deletion of your data, and withdraw consent where processing is based on it. You also have the right to lodge a complaint with your local data protection authority. Contact us at hello@northstar.app and we will respond within 30 days.

Retention

We keep account data while your account is active. On deletion request we remove it within 30 days, except where law requires retention (e.g. tax records).

Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), encryption at rest for our database, role-based access controls, secret management for API keys, and audit logging. No system is 100% secure, but we work to follow industry best practices and to promptly address any vulnerabilities.

International transfers

Some of our sub-processors may process data outside your country (e.g. in the US or EU). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

Contact

North Star App — hello@northstar.app