Privacy Policy

Last updated: March 31, 2026

Your privacy matters to us. This Privacy Policy explains what information NorthStar AI collects, how we use it, and your rights regarding that information. We're committed to being transparent — no legalese mazes, no selling your data.

1. Information We Collect

We collect the following categories of information when you use NorthStar:

Account Information
When you register, we collect your username, email address, and a hashed (never plain-text) password. You may optionally provide additional profile details such as your name, school, graduation year, and target field.

Resume & Document Content
When you upload or paste a resume, cover letter, or other career document, we process the text content to generate AI feedback. This text is stored in our database linked to your account so you can access your history. We also send it to the Anthropic Claude API to produce your analysis results (see "Third-Party Services" below).

Usage Data
We collect information about how you use the Service — such as features accessed, analysis counts, and session activity — to enforce fair-use limits, improve the platform, and understand which features are most useful.

Payment Information
Subscription payments are processed entirely by Stripe. We never see, receive, or store your full credit card number or bank details. We receive a Stripe customer ID and subscription status to manage your account tier.

Communications
If you contact us by email or submit a support request, we keep a record of that communication to respond to you and improve our support.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the NorthStar AI platform
• Generate AI-powered resume feedback, interview questions, and career suggestions
• Enforce usage quotas and subscription tiers (free vs. Pro)
• Send transactional emails (verification, password reset, weekly digest if you opt in)
• Respond to support requests and troubleshoot issues
• Detect and prevent abuse, fraud, and violations of our Terms of Service

We do not use your data for advertising, we do not sell your data to any third party, and we do not use your resume content to train AI models.

3. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Supabase (hosted in the United States). All connections to our servers use HTTPS/TLS encryption in transit. Passwords are hashed using bcrypt and are never stored in plain text.

We implement reasonable technical and organizational security measures to protect your data. However, no system is 100% secure. If you believe your account has been compromised, contact us immediately at franklin10@ptd.net.

We do not currently offer end-to-end encryption for stored resume content. Do not upload documents containing sensitive personal identifiers (Social Security numbers, financial account numbers, etc.) beyond what is standard on a professional resume.

4. Third-Party Services

Anthropic (Claude API)
When you request a resume analysis, interview prep, ATS scan, cover letter, or similar AI feature, the relevant text from your document is sent to Anthropic's Claude API. Anthropic processes this text to generate a response, which is then returned to you through NorthStar. Anthropic's use of this data is governed by Anthropic's Privacy Policy. Anthropic does not use API inputs to train its models by default.

Stripe
Payment processing and subscription management is handled by Stripe. When you subscribe, you interact directly with Stripe's secure payment form. NorthStar receives only tokenized billing identifiers — never your raw card data.

Hosting & Infrastructure
NorthStar is deployed on Render.com. Our database is hosted on Supabase. These services may store data in the United States. Both maintain their own privacy and security standards.

5. Data Retention

We retain your account and resume data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance reasons (e.g., billing records).

Resume analyses stored in your history are retained unless you delete them individually or delete your account. Usage statistics may be retained in aggregated, anonymized form after account deletion.

6. Your Rights

Depending on where you live, you may have certain rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Request that we delete your account and associated data.
• Portability: Request an export of your data in a machine-readable format.
• Opt-out: Unsubscribe from optional emails (e.g., weekly digest) at any time from your Settings page.

To exercise any of these rights, email us at franklin10@ptd.net. We will respond within 30 days.

7. Cookies & Local Storage

NorthStar uses browser localStorage to store your authentication token and theme preference. We do not currently use third-party tracking cookies or advertising pixels. If this changes, we will update this policy and notify users.

8. Children's Privacy

NorthStar is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top. For significant changes, we will notify registered users by email or in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy? We're an independent developer and we take this seriously — reach out directly.