Legal

Privacy Policy

Last updated: July 1, 2025

1. Introduction

NorthBooks Inc. (“NorthBooks”, “we”, “us”, or “our”) is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use the NorthBooks web application and website (collectively, the “Service”), in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy law.

By using the Service, you consent to the collection and use of information as described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password (stored as a hashed value — we never store plaintext passwords). You may optionally provide your business name, province, and HST registration number.

2.2 Financial Data You Enter

NorthBooks stores the financial and tax data you input: invoices, expenses, transactions, payroll information, mileage logs, and tax calculations. This data belongs to you. We process it solely to provide the Service.

2.3 Uploaded Documents

If you use the bank statement import or AI receipt parsing features, you may upload PDF documents. These documents are processed to extract structured data and are stored securely. Uploaded documents may be deleted from our systems after processing is complete — see Section 7 for retention details.

2.4 Usage Data

We collect anonymized usage data (pages visited, features used, errors encountered) to improve the Service. This data is not linked to your identity in any reports we review.

2.5 Payment Information

NorthBooks uses Helcim, a Canadian payment processor, to handle subscription billing. We do not store your credit card number. Payment data is governed by Helcim's privacy policy and PCI-DSS compliance program.

3. How We Use Your Information

  • To provide, operate, and improve the Service
  • To process subscription payments through Helcim
  • To send transactional emails (account confirmation, password reset, billing receipts)
  • To send CRA deadline reminders you have opted into
  • To respond to support requests
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties.

We do not use your financial data to train AI models for purposes outside your own use of the Service.

4. Data Residency

Your data is stored in Canadian data centres operated by Supabase (hosted on AWS Canada Central — ca-central-1 region). Your financial data does not leave Canada as part of normal Service operations.

AI document parsing uses Google Gemini API. When you use AI features, document content is transmitted to Google's servers for processing under Google's data processing terms. If this is a concern, AI features can be avoided without affecting core bookkeeping functionality.

5. Sharing Your Information

We share personal information only in these limited circumstances:

  • Service providers: Supabase (database hosting), Helcim (payments), Google (AI parsing), and email delivery providers — each bound by confidentiality and data processing agreements.
  • Accountant access: If you share a read-only access token with your accountant through the Service, they can view your financial data in NorthBooks.
  • Legal requirements: When required by law, court order, or regulatory authority.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred with advance notice.

6. Security

We implement industry-standard security measures: TLS encryption in transit, AES-256 encryption at rest, row-level security on all database tables, and regular security reviews. However, no system is 100% secure — we encourage you to use a strong password and enable multi-factor authentication when available.

7. Data Retention and Deletion

We retain your account and financial data for as long as your account is active, plus 7 years (the CRA document retention requirement for Canadian businesses).

You can request deletion of your account and associated data by emailing privacy@northbooks.ca. Upon verified request, we will delete your data within 30 days, subject to legal retention obligations.

8. Your Rights Under PIPEDA

You have the right to:

  • Know what personal information we hold about you
  • Request correction of inaccurate information
  • Withdraw consent for non-essential processing (with the understanding that some features may become unavailable)
  • Request deletion of your personal information (subject to legal retention requirements)
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise these rights, contact us at privacy@northbooks.ca.

9. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and by posting a notice in the app. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your rights:
Email: privacy@northbooks.ca
NorthBooks Inc., Ontario, Canada