Privacy Policy

1. Information We Collect

We collect information you provide directly to us:

• Account Information: Email address, name, and password when you create an account
• Payment Information: Processed securely by Dodo Payments; we do not store your full card details
• Quiz Responses: Your answers to the onboarding quiz to personalize your learning path
• Progress Data: Your learning progress, lesson completions, module progress, and feature usage
• Content You Create: Case studies, proposals, and other artifacts you build using our tools
• Support Requests: Information provided when you contact our support team

2. Automatic Information

We automatically collect certain information when you use our service:

• Log Data: IP address, browser type, device information, pages visited, and timestamps
• Cookies: We use essential cookies for authentication and session management
• Usage Data: Features used, content accessed, and interaction patterns

3. How We Use Your Information

We use the collected information to:

• Provide and maintain our services
• Personalize your learning experience
• Process payments and prevent fraud
• Send transactional emails (receipts, password resets)
• Respond to support requests
• Maintain records for dispute resolution and chargeback defense
• Improve our services based on usage patterns (anonymized)

4. Information Sharing

We do NOT sell your personal information. We may share information only in these limited circumstances:

• Payment Processing: With Dodo Payments to process your payments (transaction details, order IDs)
• Email Delivery: With Resend to send verification, transactional, and support emails (email address only)
• Hosting and Infrastructure: With Render (application hosting and database) and Cloudflare (DNS and CDN) as part of service delivery
• Legal Requirements: When required by law or to respond to legal process
• Fraud Prevention: To investigate potential fraud or security issues
• Dispute Resolution: With payment processors or banks when resolving chargebacks (IP addresses, timestamps, consent records, usage logs)

5. Data Security

We implement appropriate security measures to protect your information:

• Encrypted data transmission (HTTPS/TLS)
• Secure password hashing
• Regular security updates and patches
• Limited access to personal data by team members

6. Data Retention

We retain your data as follows:

• Account Data: As long as your account is active, plus 2 years after deletion
• Payment Records: 7 years for tax and legal compliance
• Consent Records: 7 years for dispute resolution
• Progress Logs: 2 years after last activity

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update incorrect or incomplete information
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Grievance: File a complaint with us or with the relevant data protection authority in your jurisdiction if you believe your personal data has been mishandled

To exercise these rights, contact us at admin@northstardesi.com. We will respond to data access, correction, and deletion requests within 30 days.

8. Cookies

We use only essential cookies required for the service to function:

• Authentication cookies: To keep you logged in
• Session cookies: To maintain your session state

We do not use tracking cookies or third-party advertising cookies.

9. Third-Party Services

Our service uses the following third-party providers:

• Dodo Payments (dodopayments.com): Payment processing
• Render (render.com): Application hosting and database infrastructure in Oregon, United States
• Cloudflare (cloudflare.com): DNS, CDN, and DDoS protection. Processes IP addresses and request metadata.
• Resend (resend.com): Transactional email delivery for verification emails and support responses.
• Upstash (upstash.com): Redis-based rate limiting. Processes IP addresses transiently.

Your personal data may be transferred to and processed in countries outside India, including the United States and Canada, as part of service delivery. We ensure that our third-party providers maintain appropriate data protection measures.

10. Children's Data

NorthStarDesi is intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor without verifiable parental consent, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us at admin@northstardesi.com.

11. Data Breach Notification

In the event of a personal data breach that is likely to cause harm to affected users, we will notify affected users without unreasonable delay. Notification will include the nature of the breach, the data affected, and steps being taken to mitigate harm.

12. Changes to This Policy

We may update this privacy policy from time to time. We will provide at least 15 days' notice before material changes take effect, via email to your registered address. Non-material changes may take effect immediately upon posting. Your continued use of the service after the notice period constitutes acceptance of the updated policy.

13. Legal Basis and Applicable Law

NorthStarDesi is operated by an individual based in Canada. This Privacy Policy is published in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA, Canada). We also respect the privacy rights of our users in India under applicable Indian law.

By creating an account and using our services, you provide explicit consent to the collection, storage, and processing of your personal data as described in this Policy. You may withdraw consent at any time by contacting us or deleting your account, subject to legal retention requirements outlined in Section 6 above.

Processing for service delivery, payment, and fraud prevention is carried out under contractual necessity and legitimate uses as permitted by applicable law. Personalization and usage analytics are consent-based.

14. Grievance Officer

We have designated a point of contact to address privacy-related complaints:

15. Contact Us

For privacy-related questions or requests, contact us at admin@northstardesi.com