Privacy Policy | NorthStar Synergy

1. Introduction

NorthStar Synergy LLC ("NorthStar," "we," "us," or "our") operates the NorthStar Synergy restaurant website platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

Account Information: When you create an account, we collect your restaurant name, contact name, email address, phone number, and business address.

Payment Information: Payment details are processed securely through Stripe. We do not store credit card numbers on our servers.

Website Content: Menu items, photos, business hours, and other content you provide for your restaurant website.

Order Data: When your customers place orders through your website, we process order details, customer contact information, and payment data through Square.

Usage Data: We collect analytics about how you and your customers interact with the platform, including page views, feature usage, and performance metrics.

Support Communications: When you contact our support team, we retain the correspondence to improve our service.

3. How We Use Your Information

To provide, maintain, and improve the NorthStar platform
To build, host, and manage your restaurant website
To process online orders and payments
To send order confirmations, receipts, and status updates
To provide customer support and respond to inquiries
To send billing notifications and service updates
To monitor website uptime and performance
To detect and prevent fraud or abuse

4. Restaurant Customer Data

When customers place orders through restaurant websites we host, we process the following data on behalf of the restaurant:

Customer name, email, phone number, and delivery address
Order details and preferences
Payment information (processed securely through Square — we never store card numbers)

In this context, the restaurant is the data controller and NorthStar acts as a data processor. We process customer data only as necessary to operate the ordering platform. We do not sell restaurant customer data or use it for our own marketing purposes.

Restaurant owners are responsible for their own privacy disclosures to their customers.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to improve our services:

Essential cookies: Required for the platform to function (session management, security).
Analytics cookies: We use Google Analytics to understand how visitors interact with our site. These cookies are only set after you consent via our cookie banner.

You can manage your cookie preferences at any time through the cookie banner or your browser settings. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

6. Third-Party Services

We use the following third-party services that may process your data:

Stripe: Subscription billing and payment processing
Square: Restaurant order payment processing
Vercel: Website hosting and deployment
Google Analytics: Website traffic analysis (with consent)
Resend: Transactional email delivery
Twilio: SMS order notifications

Each provider has their own privacy policy governing how they handle your data.

7. Data Security

We implement industry-standard security measures including:

SSL/TLS encryption for all data in transit
Secure hosting on Vercel's edge network
PCI-compliant payment processing through Stripe and Square
Regular security monitoring and updates

8. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, we retain your data for 30 days to allow for reactivation. After 30 days, your data is permanently deleted.

Order data is retained for 7 years for tax and legal compliance purposes.

9. Your Rights

You have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data
Export your data in a portable format
Opt out of marketing communications

To exercise these rights, contact us at privacy@northstarsynergy.org.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@northstarsynergy.org. We will verify your identity before processing your request and respond within 45 days.

Categories of information collected: Identifiers (name, email, phone), commercial information (subscription plan, order history), internet activity (site usage analytics), and professional information (business name, address).

11. International Users

Our services are primarily intended for users in the United States. If you are accessing our services from outside the US, please be aware that your data may be transferred to and processed in the United States.

If you are a resident of the European Economic Area (EEA) or United Kingdom, you have additional rights including the right to lodge a complaint with your local data protection authority. Our lawful basis for processing is contract performance (for our clients) and legitimate interest (for analytics and service improvement).

12. Children's Privacy

Our services are not directed to individuals under 13. We do not knowingly collect personal information from children under 13.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform.

14. Contact Us

NorthStar Synergy LLC
Woodinville, WA
privacy@northstarsynergy.org