GDPR & Data Processing
Your North Star Works acts as data controller for personal data on https://www.yournorthstar.works. For business customers using our products to process data on behalf of others, we act as a processor on the terms below.
Last updated: 30 June 2026
1. Roles
For individuals visiting our site, buying a product or joining a waitlist, we are the controller. For business customers who upload their team's data into a paid product or sprint, we act as a processor on documented instructions in their order.
2. Lawful basis
We rely on contract, legitimate interest, consent and legal obligation as described in our Privacy Policy.
3. International transfers
Where personal data is transferred outside the EEA we use Standard Contractual Clauses and additional safeguards such as encryption in transit and at rest.
4. Subprocessors
We use a small set of vetted subprocessors for hosting, email delivery, payments, AI inference and analytics. A current list is available on request at privacy@yournorthstar.cc.
5. Security
Encryption in transit (TLS), encryption at rest, row-level security on our database, scoped access for staff, audit logging and least-privilege credentials. We notify affected customers and authorities of any qualifying personal-data breach within 72 hours.
6. Your rights
You can request access, correction, deletion, restriction, portability and objection. Write to privacy@yournorthstar.cc. We respond within 30 days.
7. Data Processing Agreement
Business customers can request a signed Data Processing Agreement. Email privacy@yournorthstar.cc with your order details to receive the current DPA.
Questions about this policy?
Write to privacy@yournorthstar.cc or our team at navigator@yournorthstar.cc.