Privacy Notice

Last updated: 2026-03-15 · Effective: 2026-04-01

1. Who we are

This Privacy Notice covers Northpoint Systems, Inc., a Delaware C-Corporation registered at 401 4th Avenue, Seattle, WA 98104, USA, and Northpoint Systems Ireland Limited, a private company limited by shares registered at 25 Sir John Rogerson's Quay, Dublin 2, Ireland (CRO 718401). EEA-resident customer data is controlled by the Irish entity.

2. What we collect

• Customer-system data. Operational and financial data customers connect via Atlas connectors. Treated as Customer Confidential under the MSA.
• Account data. User name, work email, role, login timestamps, audit log of administrative actions.
• Usage telemetry. Page views, click events, performance metrics. Aggregated. No keystroke logging.
• Marketing form submissions. The contact form. Stored in HubSpot; retained 24 months.

3. Lawful basis (GDPR)

For EEA customers we rely on Contract for delivery of the Atlas service, Legitimate Interest for product telemetry, and Consent for marketing email. EEA users may withdraw consent at any time at privacy@northpointsys.example.

4. Sub-processors

We use AWS (compute + storage), MongoDB Atlas (operational DB for our own metadata), Snowflake (internal analytics), Auth0 (customer SSO), HubSpot (marketing CRM), and Slack (internal communications). The current sub-processor list is published at /security#subprocessors (publication of detailed sub-processor list scheduled Q3 2026).

5. Your rights (GDPR + CCPA)

• Right of access — request a copy of personal data we hold about you.
• Right of rectification — correct inaccuracies.
• Right of erasure — request deletion (subject to retention obligations).
• Right of portability — request a machine-readable export.
• Right to object to processing.
• Right to opt-out of "sale" or "sharing" of personal information (CCPA / CPRA).

Email privacy@northpointsys.example to exercise any of these rights. We respond within 30 days.

6. Retention

Customer ledger data: lifetime of contract + 30 days termination grace. Account audit logs: 7 years (financial-services retention norm). Marketing form data: 24 months.

7. Contact

Data Protection Officer: dpo@northpointsys.example. EU representative: Northpoint Systems Ireland Limited, address above.