Privacy Policy.

This Privacy Policy explains what information North Crow AI (“we,” “us,” “our”) collects when you use northcrow.ai (the “Site”) and what we do with it.

Information you give us

• First name and email when you sign up for our list, request a free tool, or join a product waitlist
• Payment and billing information when you buy a paid product. This is handled by Stripe — see section 4.
• Account information if you create an account to access a paid product (managed by Supabase — see section 4)
• Anything you send us when you contact us, ask a question, or request a consulting engagement

Information we collect automatically

We use Plausible for anonymous, aggregate analytics. Plausible does not use cookies, fingerprinting, or cross-site tracking. It captures things like which pages were viewed and which referrer brought a visitor, but does not capture or store personal information about you.

Information we don't collect

• Full payment card numbers (Stripe handles those — we never see them)
• Government IDs, social security numbers, or similar
• Anything we don't actively need to provide a service

• To deliver free tools you've requested
• To send emails you've opted in to (newsletter, product announcements, course content)
• To process purchases and provide paid products
• To respond to your messages
• To improve the Site, informed by anonymous Plausible data

We do not sell your information. Ever.

We work with a small number of service providers to operate the Site. Each one processes data only as necessary to provide their service to us:

• Loops — manages our email list and sends marketing emails
• Resend — sends transactional emails (account login links, receipts, lead magnet delivery)
• Stripe — processes payments
• Supabase — provides database, authentication, and account management for paid products
• Vercel — hosts the Site
• OpenAI — provides AI models that power some of our interactive products. When you use one of those products, the input you provide is sent to OpenAI's API to generate the response.
• Plausible — provides anonymous analytics

We don't share your personal information with anyone else for marketing purposes, and we don't authorize our service providers to use your information for theirs.

We do not use marketing cookies, tracking cookies, or third-party advertising cookies. If you create an account on the Site, we may use a small number of essential cookies (or equivalent storage) required to keep you signed in. Plausible analytics is cookie-free.

Depending on where you live, you may have specific rights:

California (CCPA / CPRA)

You have the right to know what personal information we have about you, to request deletion of it, to correct inaccurate information, and to opt out of any “selling” or “sharing” of your information for cross-context behavioral advertising. We don't sell or share your information for advertising regardless.

European Economic Area / United Kingdom (GDPR / UK GDPR)

You have rights of access, rectification, erasure, restriction of processing, data portability, and objection. The legal bases on which we process your information include consent (when you opt in to emails), contract (when you buy a product), and legitimate interests (operating and improving the Site).

How to exercise these rights

Contact us via the link in the footer. We'll respond within 30 days. We may need to verify your identity before responding to a deletion request — this protects you from someone else trying to delete your data.

• Email list information is retained until you unsubscribe or request deletion. Unsubscribing instantly stops emails; full deletion happens within 30 days.
• Account information is retained as long as you have an active account, plus a short period afterward for legal and tax recordkeeping.
• Stripe retains payment records as required by tax and financial law.

We take reasonable steps to protect your information using industry-standard practices: encryption in transit (HTTPS), encryption at rest (via our hosting and database providers), minimum-necessary data collection, and regular review of access. No system is perfectly secure, but we treat your information seriously.

The Site is not directed at children under 16, and we don't knowingly collect information from children. If you believe we have, contact us and we'll delete the information.

If you access the Site from outside the United States, your information may be transferred to and processed in the United States, where our service providers are based. By using the Site, you consent to this transfer.

We may update this Policy periodically. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated by email if we have your address.

Questions about this Policy or your data? Use the contact link in the footer of any page on the Site.