Effective date: October 24, 2025
This Privacy Policy explains how North Star ("North Star", "we", "us", or "our") collects, uses, and safeguards personal information when you use the North Star Private App (the "App"). The App is a self‑hosted internal tool used only by North Star to deliver and support our services. We do not use third‑party vendors or subprocessors for the App; all processing is performed by North Star on infrastructure we control. This Policy also covers limited interactions through our secure client portal at northstarshop.net insofar as they are necessary to operate the App.
This document is tailored for a private, self‑hosted WHMCS‑based application. Replace bracketed placeholders (company details, hosting region, retention periods) before publishing. This is not legal advice.
1) Who we are and how to contact us
Controller: North Star (brand). The North Star Private App is operated directly by North Star.
How to contact us about privacy: Use the Privacy Request option in the secure client portal at northstarshop.net (no login needed for a request) or the in‑app Contact form. We do not publish postal addresses, direct emails, or phone numbers in this policy.
2) Scope
This Policy applies to information we collect through:
-
The North Star Private App and its secure client portal areas at northstarshop.net;
-
Account management, ordering/fulfillment, invoicing, and support tickets handled within the App.
This Policy does not apply to third‑party websites, services, or applications because the App does not integrate with third‑party vendors. If you interact with other North Star properties that use external services, those are governed by their own policies.
3) Information we collect
A. Information you provide to us
-
Account details (name, email, password – stored in hashed form, phone, company, billing/shipping address, VAT/tax ID).
-
Order & billing information (products/services purchased, invoices, order history, tax status).
-
Support content (ticket messages, email correspondence through the portal, attachments/diagnostics you upload).
-
Preferences (language, currency, consent choices).
B. Information collected automatically (first‑party only)
-
Device & log data: IP address, device identifiers, browser type/version, operating system, referral URLs, pages viewed, date/time, session ID, error logs.
-
Security telemetry: authentication events, rate‑limit counters, and abuse prevention metrics.
C. Payments
The App does not use third‑party payment processors or gateways. If you remit payment to North Star (e.g., bank transfer/PIX/boleto), settlement occurs outside the App and is recorded only as invoice metadata (e.g., paid/unpaid status, reference number) inside the App. The App does not store full card numbers or bank credentials.
D. No third‑party sources
We do not ingest personal information about you from marketing networks, data brokers, or analytics vendors for the App.
4) How we use your information & legal bases
We process personal information solely to operate the App and our direct relationship with you:
-
Provide and operate the App (create/manage accounts, deliver products/services, provision licenses, fulfill orders, issue invoices).
-
Legal basis: Contract performance and legitimate interests.
-
-
Customer support & service communications (respond to tickets, notify about incidents or policy/terms changes).
-
Legal basis: Contract performance and legitimate interests.
-
-
Billing, accounting & fraud prevention (record payments, comply with tax rules, detect/mitigate abuse).
-
Legal basis: Legal obligation and legitimate interests.
-
-
Security & service integrity (access controls, audit logs, DDoS/abuse mitigation performed in‑house).
-
Legal basis: Legitimate interests and legal obligation.
-
What we don’t do in the App:
-
No third‑party analytics or advertising technologies.
-
No behavioral profiling or cross‑site tracking.
-
No marketing communications sent from the App (you may still receive necessary service emails).
5) Sharing your information
We do not share personal information with third parties for the App. We have no subprocessors and do not sell or "share" personal information for cross‑context behavioral advertising.
Disclosures may occur only if:
-
Compliance & safety: We are legally required to disclose information to competent authorities, or we must do so to protect rights, safety, security, or enforce agreements.
-
Business transfer: In connection with a merger, acquisition, financing, or sale of assets involving North Star; if this happens, we will notify you of any material changes.
6) International data transfers
The App is self‑hosted by North Star on infrastructure under our control. We do not routinely transfer personal information internationally as part of App operations. Network traffic may traverse other jurisdictions solely for connectivity. Where a transfer is unavoidable, we apply safeguards required by applicable law.
7) Data retention
We keep personal information only for as long as necessary for the purposes described in this Policy, including to comply with legal, tax, and accounting requirements, resolve disputes, and enforce our agreements. Typical examples (customize to your needs):
-
Account data: retained while your account is active and for [24] months after closure.
-
Invoices & tax records: retained for [5–10] years (per local law).
-
Support tickets: retained for [24] months (unless you request earlier deletion where lawful).
-
Web server logs & security logs: retained for [7–180] days, unless required longer to investigate incidents.
When retention is no longer necessary, we will securely delete or anonymize the data.
8) Cookies & similar technologies
The App uses first‑party, essential cookies only for session management, authentication, and security. We do not use third‑party analytics, marketing, or social media cookies in the App. Specific cookie names may change as part of security hardening and are not publicly listed; they are available upon verified request.
9) Your privacy rights
Your rights depend on where you live. Subject to legal limits and verification, you may have the right to:
-
Access your personal information and obtain a copy;
-
Correct inaccurate or incomplete data;
-
Delete personal information;
-
Restrict or object to processing;
-
Portability (receive data in a usable format to transmit to another controller);
-
Withdraw consent at any time (does not affect prior lawful processing).
Region‑specific disclosures:
-
EEA/UK (GDPR): You may lodge a complaint with your local supervisory authority. If we rely on legitimate interests, you can object.
-
Brazil (LGPD): You may request confirmation of processing, access, correction, anonymization, blocking or deletion of unnecessary/excess data, portability, information about sharing, and revocation of consent.
-
California (CCPA/CPRA): We do not sell personal information, nor do we "share" it for cross‑context behavioral advertising. You may request access or deletion and to limit use/disclosure of sensitive personal information.
10) Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including TLS encryption in transit, access controls, role‑based permissions, password hashing, least‑privilege access, and regular backups on infrastructure we control. However, no method of transmission or storage is 100% secure; we cannot guarantee absolute security.
11) Children’s privacy
Our Services are not directed to children, and we do not knowingly collect personal information from individuals under 16 years old (or the minimum age required by your jurisdiction). If you believe a child has provided personal information to us, contact us to request deletion.
12) Third‑party links & integrations
Our website may include links to third‑party sites, plug‑ins, or integrations. Their privacy practices are governed by their own policies. We encourage you to review them before providing information.
13) Changes to this Policy
We may update this Policy from time to time. We will post any changes on this page and update the “Effective date” above. If we make material changes, we will notify you via the client portal, email, or another appropriate method.
14) Contact
For privacy inquiries or to exercise your rights, submit a request via the Privacy Request option in the client portal at northstarshop.net or the in‑app Contact form. We intentionally minimize publicly disclosed business information in this Policy.
Appendix — Data handling summary (private app)
All processing for the App is performed in‑house by North Star. We use no external vendors or subprocessors for App data.
What we keep: Account information (for authentication and invoices), basic billing records (for tax/legal compliance), support tickets (for troubleshooting), and security logs (for service integrity).
How long: Only as long as necessary for the purposes described in this Policy and to meet legal requirements. We do not publish specific retention periods; details are available upon verified request.
Where: On infrastructure controlled by North Star. Specific locations and architecture are not published for security reasons.
