v0.1 — Beta

Legal document

Privacy Policy

May 2026 Beta phase only GDPR applicable

This document applies to the North beta phase. North is an experimental product with no incorporated legal entity at this time. By using North, you acknowledge and accept this context.

Privacy Policy

How North handles your data

This privacy policy describes the nature of data collected by North, its use, retention, and your rights as a user. It applies to any person using North during the beta phase.

1.1 — Who we are

North is a product under development under the responsibility of David Lichtle, Product Manager and co-founder of North, based in France.

Contact: david@getnorth.co

1.2 — Data collected

By connecting your tools to North, you authorize access to and processing of the following data categories:

  • Gmail — email content (sender, recipients, subject, body), thread metadata
  • Google Calendar — events (title, participants, times, notes)
  • Slack — messages in monitored channels and threads
  • Notion — content from connected pages and databases

This data may include information relating to third parties (colleagues, partners, clients) appearing in your communications. You are responsible for ensuring that your use of North is compatible with your obligations toward these third parties.

1.3 — Purposes of processing

Data is processed exclusively for the following purposes:

  • Analysis of organizational signals and detection of strategic drifts
  • Generation of scored and prioritized action suggestions
  • Production of briefings and summaries exclusively for the connected user
  • Product improvement based on user feedback (reactions, acceptances, dismissals)

No data is used for advertising purposes. No data is sold or transferred to third parties for commercial purposes.

1.4 — Hosting & sub-processors

Data is hosted and processed exclusively in Europe:

  • Server infrastructure — Scalingo (French host, OVH datacenter, France)
  • PostgreSQL database — Scalingo, France
  • Language model (LLM) — Groq (processing in the United States — data transmitted via secure API for generation only, without permanent storage at Groq)
  • Embeddings computation — Hugging Face Space (processing potentially outside EU — data transmitted for vectorization only, without storage)

Processing at Groq and Hugging Face is punctual and limited to generation. No personally identifiable data is permanently stored with these providers. We are working to reduce these dependencies.

1.5 — Data retention

Ingested data (emails, messages, events) is retained for a maximum period of 6 months from the date of ingestion. Beyond this period, it is automatically deleted. User preferences and North configurations are retained until account deletion.

1.6 — Your rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679), you have the following rights:

  • Right of access — obtain a copy of your data processed by North
  • Right of rectification — correct inaccurate data
  • Right to erasure — request deletion of all your data (emails, signals, embeddings, reactions, briefings, configurations)
  • Right to data portability — receive your data in a structured format
  • Right to object — object to the processing of your data

To exercise any of these rights, contact david@getnorth.co. We commit to responding within 30 days.

In case of unresolved complaint, you have the right to contact the CNIL (French Data Protection Authority) or your local supervisory authority.

1.7 — Security

  • Authentication via OAuth 2.0 (Google) — no North password stored
  • Encrypted communications via HTTPS/TLS
  • Data access restricted to the relevant user accounts
  • No data sharing functionality between users

In the context of a beta product, vulnerabilities may exist. Please report any incident to david@getnorth.co.