Privacy Policy

NorthLoop ("we," "our," or "us") operates the NorthLoop platform, including the website at northloop.io, the NorthLoop mobile application, and the embeddable website widget (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, company name, and password when you create an account.
• Billing information: payment card details processed securely by our payment provider (Stripe). We do not store full card numbers.
• Widget caller information: name, company, and reason for calling submitted by website visitors through the NorthLoop widget.
• Communications: messages you send to our support team.

1.2 Information Collected Automatically

• Usage data: pages visited, features used, call duration, call outcomes, and interaction timestamps.
• Device information: device type, operating system, browser type, and IP address.
• Call metadata: call initiation time, duration, connection quality metrics. We do not record or store video or audio content of calls.
• Cookies and similar technologies: session cookies for authentication and analytics cookies to understand usage patterns.

1.3 Camera and Microphone

The NorthLoop mobile app and web widget request access to your device's camera and microphone solely for the purpose of conducting video calls. This data is transmitted directly between call participants via encrypted WebRTC connections and is never recorded, stored, or accessed by NorthLoop.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process and route video calls between website visitors and sales agents
• Send push notifications to agents about incoming calls
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Analyse usage patterns to improve the Service
• Send product updates and marketing communications (you may opt out at any time)
• Comply with legal obligations
• Detect and prevent fraud or abuse

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service providers: third-party vendors who help us operate the Service (e.g., cloud hosting, payment processing, analytics). These providers are contractually bound to protect your data.
• LiveKit: our real-time video infrastructure provider. Call media is transmitted through LiveKit's encrypted servers. LiveKit does not record calls.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• Legal requirements: when required by law, court order, or governmental authority.

4. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. Call metadata (caller name, company, duration, outcome) is retained for up to 24 months to support analytics features. You may request deletion of your data at any time by contacting [email protected].

5. Security

We implement industry-standard security measures including TLS encryption for data in transit, AES-256 encryption for data at rest, and end-to-end encrypted WebRTC for all video calls. Our infrastructure is hosted on SOC 2 Type II certified cloud providers. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your personal data
• Portability: request your data in a machine-readable format
• Objection: object to processing of your data for marketing purposes
• Withdrawal of consent: withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. GDPR (European Users)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases: (a) performance of a contract when providing the Service; (b) legitimate interests in operating and improving the Service; (c) compliance with legal obligations; and (d) your consent where applicable. You have the right to lodge a complaint with your local data protection authority.

8. California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, to request deletion of their personal information, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact [email protected].

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

10. Cookies

We use the following types of cookies:

• Essential cookies: required for authentication and core Service functionality. Cannot be disabled.
• Analytics cookies: help us understand how users interact with the Service. You may opt out via your browser settings.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: