Privacy Policy
How we collect, use, and protect your information.
Effective: April 16, 2026 · Last updated: April 16, 2026
1. Overview
Northline Digital ("we," "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights under Canadian privacy law. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada's Anti-Spam Legislation (CASL).
2. Information We Collect
From you (our client):
- Contact information: name, email, phone number, business address
- Business information: hours, services, pricing ranges, brand assets
- Payment information: processed securely through Stripe — we never store your card details
- Customer lists you provide for email campaigns (with your confirmed consent)
From your customers (through AI systems we operate on your behalf):
- Phone numbers of people who call or text your business
- Names and email addresses if provided during conversations
- Content of conversations with the AI (chatbot, SMS)
- Timestamps of interactions
From website visitors:
- Information you submit through forms (audit requests, booking forms, contact forms)
- Basic analytics data (pages visited, referring site) — we do not use tracking cookies
3. How We Use Your Information
| Data | Purpose |
|---|
| Your contact info | To deliver services, send invoices, and communicate about your account |
| Your business info | To configure AI systems, generate content, and create reports |
| Your customers' data | To operate AI systems on your behalf (call handling, chatbot, review requests) |
| Payment info | To process payments through Stripe |
| Form submissions | To respond to inquiries and deliver requested audits |
4. How We Protect Your Information
- All data is stored on our own infrastructure, encrypted at rest and in transit.
- Access to client data is restricted to authorized Northline Digital personnel only.
- We use secure, authenticated connections for all data transfers.
- AI processing is done through encrypted API connections to trusted providers (Anthropic, Twilio).
5. What We Never Do
- We never sell your data or your customers' data to anyone.
- We never use your customer data for marketing to those customers on our own behalf.
- We never share your business data with your competitors or other clients.
- We never store payment card details on our systems.
6. Aggregated & Anonymous Data
We may use aggregated, anonymous patterns from across our client base to improve our AI systems. For example: "businesses in this industry typically see X results." This data is never tied to your identity or your customers' identities, and is never shared in a way that could identify your business.
7. Third-Party Services
We use the following services to deliver our products. Each has its own privacy policy:
- Stripe — payment processing
- Twilio — phone calls and SMS messaging
- Anthropic (Claude) — AI processing for chatbots, content, and analysis
- Google — Business Profile integration (when you grant us access)
- Cloudflare — website security and performance
We only share the minimum data necessary for each service to function. We do not give these services access to your full dataset.
8. Data Retention
- Active clients: Data retained for the duration of your service.
- After cancellation: Data available for export for 90 days, then permanently deleted.
- Audit/form submissions: Retained for 12 months, then deleted.
- You can request data deletion at any time by contacting us.
9. Email Communications (CASL Compliance)
- We only send commercial emails with your express consent.
- Every email includes a clear unsubscribe link.
- Unsubscribe requests are honored within 24 hours.
- If you provide us with a customer list for email campaigns, you confirm that each contact has given you consent to receive commercial messages.
10. Your Rights Under PIPEDA
You have the right to:
- Know what personal information we hold about you
- Request a copy of your data
- Request correction of inaccurate information
- Request deletion of your information
- Withdraw consent for data collection (which may require ending the service)
- File a complaint with the Office of the Privacy Commissioner of Canada
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
11. Data Breach Notification
In the unlikely event of a data breach that poses a real risk of significant harm, we will:
- Notify affected individuals as soon as feasible
- Report the breach to the Privacy Commissioner of Canada as required by law
- Take immediate steps to contain and remediate the breach
- Document the breach and our response for accountability
12. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you by email at least 30 days before the change takes effect. The "last updated" date at the top reflects the most recent revision.
13. Contact
Privacy questions or data requests:
[email protected]
Northline Digital · Barrie, Ontario, Canada