Privacy Promise
Privacy Policy
Your privacy matters at Northstar Technologies. Our Nexus ERP platform follows strict security, compliance, and data protection standards while supporting clubs, communities, and organizations with secure operations, responsible data handling, and trusted technology solutions worldwide.
Northstar Technologies—Privacy Policy
Last Updated: May 8, 2026
Applicability: This policy applies to all Northstar Technologies products and services under the Nexus ERP suite, including the core platform mobile applications (Member and Employee), and integrated POS/Web modules.
1. Scope
At Northstar Technologies, we recognize privacy as a fundamental right. This Privacy Policy explains how we collect, use, disclose, share, and protect personal data when you use the Nexus Product Suite, including our core ERP platform, mobile applications (Member and Employee), and integrated POS/Web modules.
2. Our Role: Data Processor vs. Controller
To ensure transparency, it is important to understand our role regarding your data:
Data Processor: For the majority of our services, Northstar acts as a Data Processor on behalf of our Customers (e.g., private clubs, HOA organizations, and businesses), who act as Data Controllers. If you are a member or employee of an organization using Nexus ERP, your primary point of contact for data rights is the organization itself.
Data Controller: Northstar acts as a Data Controller only in limited circumstances, such as when you interact with our website, engage with our marketing materials, or when we collect diagnostic data for system improvements.
3. Information We Collect
A. Customer Data
- Member PII: Names, family relationships, birthdays, contact details
- Financial Records: Transactions, ledger entries, encrypted payment tokens (PCI DSS
aligned) - Operational Data: Reservations, scores, registrations
- Sensitive Data: Dietary or location data (if enabled by the Club)
B. Usage & Diagnostic Data
- IP addresses, device IDs, browser types
- System logs and user activity
- Feature usage and telemetry
- Cookies and tracking technologies
4. Data Minimization & Purpose Limitation
We collect and process only the personal data necessary for specified and legitimate purposes. Personal data is not used for purposes incompatible with this policy.
5. How We Use Information
We process personal data under the following legal bases:
- Contractual Necessity – Service delivery
- Legitimate Interests – Security, monitoring, performance
- Consent – Marketing and optional features
- Legal Obligations – Tax, audit, AML
We map each category of personal data to an appropriate legal basis.
6. Data Sharing and Disclosure
- We may share data with:
- Service providers (hosting, analytics, support)
- Affiliates and subsidiaries
- Legal authorities where required
All third parties are contractually bound to protect data.
7. Sub-Processors
We maintain an up-to-date list of sub-processors (e.g., AWS, SendGrid, Snowflake). All sub-processors are subject to strict data protection agreements.
8. Data Security & Retention
We implement industry-standard technical and organizational measures, including encryption-at-rest and encryption-in-transit, strict access controls, and regular vulnerability scanning.
Retention: We retain data only as long as necessary to fulfill the purposes outlined in our service agreements or to comply with statutory retention periods (e g., 7 years for financial records).
9. International Data Transfers
Northstar operates globally. To ensure your data remains protected when transferred across borders, we implement:
- Standard Contractual Clauses (SCCs) for transfers from the EU/UK.
- Compliance with APP 8 for Australian data transfers.
- Rigorous Security Assessments of all international recipients.
10. Logging & Monitoring
Logs are collected for:
- Security monitoring
- Troubleshooting
- Audit and compliance
Logs are retained securely and protected against unauthorized access.
11. Data Breach Notification
In the event of a data breach:
- We will respond and assess impact promptly
- Notify customers and regulators without undue delay
- Where required, notify within 72 hours
- Support customers in notifying affected individuals
12. Cookies and Tracking
We use cookies for:
- Essential functionality
- Analytics and performance
- User preferences
Where required, users will be provided with a consent mechanism.
13. Your Rights
As a data processor, Northstar:
- Does not respond directly to data subject requests unless legally required
- Assists Customers in fulfilling requests, including:
- Access
- Correction
- Deletion
- Portability
Data subjects should contact the relevant Customer (data controller).
14. Children’s Privacy
Our services are not intended for individuals under 16. If such data is identified, it will be deleted promptly.
15. AI and Automated Processing
Northstar utilizes limited-risk AI for operational efficiency. We confirm:
- No Automated Decision-Making: We do not use AI for decisions with legal or significant impacts on individuals.
- Human Oversight: All AI-driven insights are subject to human review.
- No Training on Customer Data: We do not use your private organization data to train third-party public AI models without an explicit agreement.
16. Compliance and Certifications
Northstar maintains compliance with:
- ISO/IEC 27001
- PCI DSS (where applicable)
We continuously improve our controls to meet evolving standards.
17. Regional Compliance & Rights
Northstar supports Customer compliance with applicable laws, including:
- EU GDPR
- U.S. privacy laws (including CCPA/CPRA)
- Australia Privacy Act
18. Contact Us
For privacy-related inquiries:
Where required, a Data Protection Officer (DPO) will be appointed.