Privacy Policy

Northlight (“we,” “us,” or “our”) provides software that enables users to execute tasks across applications using AI. This Privacy Policy describes how we collect, use, and handle information when you use our services.

Northlight operates by interacting with applications on a user’s device and executing actions at the user’s direction. The system may access data within connected applications only when explicitly instructed by the user.

a. Account Information

We collect basic account information such as name, email address, and billing details.

b. User Inputs and Outputs

We store:

• prompts, instructions, and commands submitted by users
• outputs generated by the system
• conversation history

c. Usage Data

We collect limited technical and usage data, such as:

• session activity
• feature usage
• performance metrics

e. Website Visitor Identification

We use RB2B, a third-party visitor identification service, to identify business visitors to our website. RB2B may collect information such as IP address, browser type, pages visited, and publicly available business contact information (e.g. name, company, job title, and business email) associated with your visit. This data is used solely for B2B sales and marketing purposes. RB2B does not track individuals in a personal capacity. For more information, see RB2B’s Privacy Policy.

d. Data Accessed Through User Actions

Northlight may access data within third-party applications (e.g. email, calendar, CRM, messaging tools) only when explicitly instructed by the user. We do not independently initiate access to such data.

Northlight does not store:

• passwords
• session cookies
• OAuth tokens
• API keys

We operate without requiring persistent access credentials to user accounts.

We use collected information to:

• provide and operate the service
• execute user-requested actions across applications
• improve system performance and reliability
• analyze usage patterns to improve the product

Northlight uses third-party AI model providers, including OpenAI and Anthropic, to process user inputs and generate outputs.

• Data is sent to these providers only as needed to fulfill user requests
• We do not use customer data to train our own models
• We do not use identifiable customer data to train third-party models

We may review anonymized interactions internally for product improvement and analytics.

We store:

• conversation history
• inputs and outputs
• limited usage logs

We retain this data for as long as necessary to provide the service and improve the product. We may delete or anonymize data upon request, subject to operational constraints.

We implement industry-standard security practices to protect data, including:

• encryption in transit
• access controls

Northlight is in the process of obtaining SOC 2 Type II certification and aligning its systems with those standards.

We do not sell personal information.

We may share data only:

• with service providers required to operate the system (e.g. AI model providers)
• with analytics and visitor identification providers (e.g. Google Analytics, RB2B) to understand website traffic and identify prospective business customers
• as required by law

Depending on your jurisdiction, you may have the right to:

• access your data
• request deletion
• request correction

Requests can be submitted to: [email protected].

We may update this policy from time to time. Continued use of the service constitutes acceptance of updates.

For questions, contact: