Data Collection, Use, and Protection Practices
Northstar Show Systems (“Northstar,” “we,” “our”) is committed to protecting the privacy of our customers, partners, and website visitors. This Privacy Policy describes the types of information we collect, how we use and protect it, when we share it, and the rights available to individuals regarding their personal data.
This Policy applies to all Northstar products, services, websites (northstarshowsystems.com and subdomains), the Customer Portal, and Hardware telemetry systems.
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Provide products and services | Contract performance | Account, purchase, device data |
| Customer support | Contract performance | Account, tickets, device telemetry |
| Product improvement | Legitimate interest | Telemetry, usage analytics |
| Security and fraud prevention | Legitimate interest | Login logs, IP addresses |
| Legal compliance | Legal obligation | As required by applicable law |
| Marketing communications | Consent | Email address, preferences |
Northstar does not sell personal information. We share data only in these circumstances:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information | Duration of account + 3 years | Legal/contractual requirements |
| Support tickets | 7 years | Compliance and audit |
| Device telemetry | 2 years rolling | Product improvement |
| Portal audit logs | 7 years | Security and compliance |
| Financial records | 7 years | Tax and legal requirements |
| Website analytics | 26 months | Google Analytics default |
| Marketing consent records | Duration of consent + 3 years | GDPR/CCPA compliance |
Northstar implements industry-standard security measures including: TLS 1.2+ encryption for all connections; bcrypt password hashing (cost factor 12); JWT tokens signed with RS256; Cloudflare WAF and DDoS protection; role-based access control with MFA; quarterly key rotation; and regular security audits.
| Cookie Type | Purpose | Duration | Required |
|---|---|---|---|
| Session | Authentication, CSRF protection | Session / 8 hours | Yes |
| Preferences | Language, theme, notification settings | 1 year | No |
| Analytics | Website usage, page views, traffic sources | 26 months | No |
| Security | Bot detection, rate limiting, WAF | Session | Yes |
Northstar processes data primarily in the United States using Cloudflare’s global edge network (300+ data centers). For EEA/UK data subjects, transfers are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission.
Northstar products and services are designed for business use and are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children.
Northstar may update this Policy from time to time. Material changes will be communicated via the Customer Portal announcement system and email notification at least 30 days before the effective date. Continued use of Northstar products after the effective date constitutes acceptance of the updated Policy.
For privacy inquiries, data access requests, or complaints: privacy@northstarshowsystems.com
DOCUMENT CROSS-REFERENCES:
Reach our legal team at legal@northstarshowsystems.com.