How Northstar collects, uses, and protects your information
Data Collection, Use, and Protection Practices
Northstar Show Systems (“Northstar,” “we,” “our,” or “us”) is committed to protecting the privacy and security of the personal information and system data entrusted to us by our customers, partners, employees, and website visitors. This Privacy Policy (“Policy”) describes the types of information we collect, how we use and protect that information, the circumstances under which we may share it, and the rights and choices available to individuals regarding their personal data.
This Policy applies to all personal information and system data collected through:
Northstar commercial websites, including northstarshowsystems.com and associated subdomains;
The Northstar Customer Portal and Support Portal;
The Northstar Documentation Portal and Knowledge Base;
Demo, trial, and evaluation environments;
HelmOS, Cuemaster, and other Northstar software products;
Polaris, Bridge, and other Northstar hardware products;
Support interactions, including telephone, email, chat, and remote access sessions;
Professional services engagements, including installation, commissioning, and training;
Marketing communications, trade show registrations, and event participation;
Employment applications and contractor engagements.
We collect business contact information necessary to establish, maintain, and support customer relationships, including:
Company name, address, and business registration information;
Contact names, titles, email addresses, and telephone numbers;
Billing and shipping addresses;
Purchase order numbers and contract references;
Customer portal account credentials (usernames; passwords are stored using industry-standard hashing algorithms and are never stored in plaintext);
Communication preferences and marketing consent records.
Northstar products may collect operational telemetry data from deployed systems to support product performance, diagnostics, and customer support. System telemetry may include:
Hardware serial numbers, model identifiers, and firmware version information;
Software version numbers, license identifiers, and activation status;
System uptime, restart events, and operational health metrics;
Network configuration parameters (IP addresses, subnet masks, VLAN assignments);
Cue execution logs, show run reports, and timeline performance data;
Error logs, crash reports, and diagnostic dumps;
Resource utilization metrics (CPU, memory, storage, network throughput);
Connected device inventories and protocol interface status.
Note: System telemetry does not include show content, media files, creative assets, proprietary cue data, or guest/patron personal information. Customers may configure telemetry collection levels in the system administration settings.
When customers interact with our support organization, we collect information necessary to diagnose, troubleshoot, and resolve issues, including:
Support ticket content, including descriptions, attachments, and correspondence;
Remote access session logs, including timestamps, duration, and actions performed;
System configuration exports and diagnostic data bundles;
Voice recordings of support calls (with notice and consent);
Customer satisfaction survey responses.
We collect standard web analytics data when individuals visit our websites and portals, including:
IP addresses (anonymized for analytics processing);
Browser type, version, and operating system;
Pages viewed, time spent, and navigation paths;
Referring URLs and search terms;
Geographic location derived from IP address (city/region level only).
Our websites and portals use cookies and browser local storage for the following purposes:
Cookie Category
Purpose
Duration
Strictly Necessary
Session management, authentication, security tokens, CSRF protection
Session / 24 hours
Functional
User preferences, language settings, portal layout preferences
1 year
Analytics
Aggregated usage statistics, page performance metrics, feature adoption
26 months
Support
Support session identifiers, diagnostic data collection preferences
Session
We do not use advertising cookies, tracking pixels, or behavioral targeting technologies. Customers may manage cookie preferences through their browser settings or through the cookie preference banner displayed on our websites.
Our web properties use Cloudflare’s content delivery network (CDN) and security services. Cloudflare may process certain connection-level data (IP addresses, HTTP headers, TLS handshake data) in accordance with Cloudflare’s privacy policy. We use Cloudflare for performance optimization, DDoS protection, and web application firewall services only. We do not use Cloudflare’s analytics or advertising products.
We use the information we collect for the following purposes:
Providing, operating, and maintaining our Products and Services;
Processing orders, fulfilling contracts, and managing customer accounts;
Providing technical support, diagnostics, and troubleshooting;
Improving product quality, reliability, and performance;
Developing new features, products, and services;
Communicating with customers about orders, support cases, product updates, security advisories, and end-of-life notices;
Administering training and certification programs;
Detecting, investigating, and preventing fraud, security incidents, and unauthorized access;
Complying with legal obligations, regulatory requirements, and contractual commitments;
Generating aggregated, de-identified analytics for internal business intelligence.
Northstar does not sell, rent, trade, or otherwise commercially transfer personal information to third parties for their own marketing or commercial purposes. This commitment applies to all categories of personal information we collect, without exception.
We may share personal information and system data with the following categories of recipients, solely for the purposes described in this Policy:
Service Providers and Processors: Third-party companies that provide services on our behalf, including cloud hosting, email delivery, payment processing, shipping, and customer relationship management. All service providers are contractually bound to use personal information only for the services they provide to us and to maintain appropriate security measures.
Authorized Partners: Certified installation partners, resellers, and integrators who are authorized to sell, install, or support Northstar Products, solely to the extent necessary to fulfill their obligations to the Customer.
Professional Advisors: Attorneys, accountants, auditors, and insurance providers, subject to professional confidentiality obligations.
Legal and Regulatory: Government authorities, law enforcement, and regulatory bodies when required by applicable law, subpoena, court order, or to protect the rights, safety, and property of Northstar, its customers, or the public.
Corporate Transactions: In connection with a merger, acquisition, reorganization, or sale of assets, subject to the acquirer agreeing to honor the terms of this Policy.
The following categories of third-party processors may process data on our behalf:
Processor Category
Purpose
Data Types Processed
Cloud Infrastructure
System hosting, data storage, backup
Account data, telemetry, support data
Email Services
Transactional and marketing email delivery
Contact names, email addresses
Payment Processing
Invoice processing, payment collection
Billing contact info, transaction records
CRM Platform
Customer relationship management
Contact data, interaction history
Support Platform
Ticket management, knowledge base
Support tickets, contact data
Analytics Platform
Web analytics (aggregated)
Anonymized browsing data
We retain personal information and system data for as long as necessary to fulfill the purposes for which it was collected, as described in this Policy, and as required by applicable law:
Data Category
Retention Period
Basis
Customer account data
Duration of relationship + 7 years
Contract, legal obligation
System telemetry
24 months from collection
Legitimate interest
Support tickets
5 years from resolution
Contract, quality assurance
Remote access logs
3 years from session date
Security, audit
Website analytics
26 months
Legitimate interest
Marketing consent records
Duration of consent + 3 years
Legal obligation
Financial/billing records
7 years
Legal obligation
Employment applications
2 years from decision
Legitimate interest
Upon expiration of the applicable retention period, data will be securely deleted or anonymized using industry-standard methods.
Northstar implements administrative, technical, and physical safeguards to protect information from unauthorized access, disclosure, alteration, and destruction, including:
Encryption of data in transit using TLS 1.2 or higher;
Encryption of sensitive data at rest using AES-256 or equivalent;
Role-based access controls and least-privilege principles;
Multi-factor authentication for administrative and portal access;
Regular vulnerability assessments and penetration testing;
Intrusion detection and prevention systems;
Incident response procedures and breach notification protocols;
Employee security awareness training and background checks;
Physical access controls for data center and office facilities;
Secure software development lifecycle (SDLC) practices.
While we employ commercially reasonable security measures, no method of transmission or storage is completely secure. Customers are responsible for maintaining the security of their own network infrastructure, access credentials, and system configurations.
Northstar is headquartered in the United States. Information collected from individuals in other jurisdictions may be transferred to, stored in, and processed in the United States or other countries where Northstar or its service providers maintain facilities. When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries, we rely on appropriate legal mechanisms, which may include:
Standard Contractual Clauses approved by the European Commission;
The UK International Data Transfer Agreement or Addendum;
Binding Corporate Rules (where applicable);
The individual’s explicit consent;
Other legally recognized transfer mechanisms.
[LEGAL REVIEW REQUIRED: Confirm applicable international data transfer mechanisms based on company operations and customer base.]
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under applicable data protection law:
Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request correction of inaccurate or incomplete personal data.
Right to Erasure: You may request deletion of your personal data, subject to legal retention obligations.
Right to Restriction: You may request that we restrict processing of your personal data in certain circumstances.
Right to Data Portability: You may request a machine-readable copy of your personal data.
Right to Object: You may object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
Right to Lodge a Complaint: You may file a complaint with your local data protection authority.
To exercise any of these rights, please contact us using the information provided in Section 11 of this Policy.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
The right to know what personal information we collect, use, and disclose;
The right to request deletion of your personal information;
The right to correct inaccurate personal information;
The right to opt out of the sale or sharing of personal information (Northstar does not sell personal information);
The right to limit the use of sensitive personal information;
The right to non-discrimination for exercising your privacy rights.
To submit a request, please contact us using the information provided in Section 11. We will verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf.
Northstar Products and Services are designed for use by businesses and professionals. We do not knowingly collect personal information from children under the age of sixteen (16). If we become aware that we have inadvertently collected personal information from a child under sixteen, we will take steps to delete such information promptly.
For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact:
Northstar Show Systems — Privacy Office
[Street Address]
[City, State, ZIP Code]
Email: privacy@northstarshowsystems.com
Phone: [Phone Number]
For data protection inquiries from the EEA/UK:
[EU/UK Representative Name and Address, if applicable]
[LEGAL REVIEW REQUIRED: Designate EU/UK representative if required under GDPR Art. 27.]
Northstar reserves the right to update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. We will post the updated Policy on our website and update the “Effective Date” at the top of this document. Material changes will be communicated to customers via email or portal notification at least thirty (30) days prior to the effective date.
DOCUMENT CROSS-REFERENCES:
Northstar Terms of Service (NSS-LEGAL-TOS-001)
Northstar Support Policy (NSS-LEGAL-SUP-001)
Northstar Warranty Policy (NSS-LEGAL-WTY-001)
Reach our legal team at legal@northstarshowsystems.com.