Services Privacy Policy

NorthStar Utilities is committed to protecting privacy in compliance with international data protection regulations, including the PIPEDA, the California Consumer Privacy Act (CCPA), and security and privacy frameworks such as SOC 2.

NorthStar Utilities provides software and hosting infrastructure that enables our clients in the utilities sector to collect and manage customer data. We do not determine the purposes or means of processing personal information, and act solely as a data processor on behalf of our clients.

NorthStar Utilities collects personal information from clients and users when they create accounts, request services, or interact with our platforms. This includes contact details (name, email, phone numbers), account credentials, billing information, and content submitted during use, such as support inquiries or uploaded files. We also automatically collect technical data such as IP addresses, browser types, device identifiers, system logs, and interaction patterns through cookies and other tracking technologies.

As a software provider for clients in the utilities sector, we may handle personal data, such as utility customer addresses or consumption records, solely on behalf of our clients during the delivery of our services.

In these cases, we act strictly as a data processor, and our clients (the data controllers) are responsible for lawful data collection and sharing.

We use this information to provide, maintain, and improve our services, ensure secure access, offer support, analyze usage, and fulfill legal obligations, strictly for supporting platform functionality. Under PIPEDA and CCPA, our lawful bases for processing include the performance of a contract, compliance with legal requirements, legitimate interest, and, where required, user consent. Under SOC 2, we implement, and document defined purposes for data collection and processing.

NorthStar Utilities does not sell personal information. We may share data with trusted third-party service providers under written agreements that enforce confidentiality and purpose limitation. These service providers support hosting, technical operations, analytics, and security. We may disclose data to authorities if legally required or if necessary to protect our rights or users’ safety. In the event of a corporate transaction such as a merger or sale, personal data may be transferred as part of the transaction, under data protection safeguards.

To protect your information, we follow the SOC 2 Trust Services Criteria by implementing access controls, encryption in transit and at rest, multi-factor authentication, regular vulnerability scans, and employee training. We log and audit system access and monitor for anomalies to ensure data is accessed only by authorized personnel. Our cloud infrastructure and development processes are designed with security, availability, and confidentiality in mind.

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, unless a longer period is required for legal, regulatory, or audit purposes. We take reasonable steps to delete the personal information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your personal information if we believe it is incomplete, inaccurate, or that our continued storage of your personal information is contrary to our legal obligations or business objectives. To the extent permitted by law, we may retain and use anonymous, de-identified, and aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement. When we delete data, it will be removed from our active servers and databases; but it may remain in our archives when it is not practical or possible to delete it.

We are required by law to maintain records of consumer requests submitted under the California Consumer Privacy Act and how we responded to such requests for at least 24 months. We only use this information for recordkeeping purposes.

Retention policies and secure disposal processes are reviewed regularly and enforced as part of our internal controls.

Individuals have rights under PIPEDA, CCPA, and similar privacy laws. These include the right to access their personal data, request corrections or deletion, object to or restrict processing, and receive a copy of their data in a portable format. California residents may also opt out of the sharing of personal data and request information about data disclosed to third parties for business purposes. To exercise these rights, users can contact us at via privacy@northstar.com. We will respond within the timeframe required by applicable law.

We may update this policy periodically to reflect changes in law, technology, or our practices. Updates will be posted on this page, https://www.northstarutilities.com/services-privacy-policy, with a new effective date. We encourage you to review this policy regularly.

For questions or concerns about this Privacy Policy or our privacy and security practices, please contact us at 1 (888) 847-7747. We are committed to addressing your inquiries promptly and ensuring your privacy is protected.

NorthStar Utilities
1 Antares Dr, Ottawa, Ontario, K2E 8C4
https://www.northstarutilities.com/support