Trust center

What NorthFirn collects and why

NorthFirn limits collection to information needed for contact, service delivery, support, security, and approved analytics.

Information submitted through the contact form

The form collects an email address, an optional organization name, the selected topic, the message, and consent to use that information for a response. The form service also receives a browser user-agent string and hashes the sender's IP address to enforce an hourly submission limit. The plain IP address is not stored in the contact-request table.

Site measurement

If analytics is enabled, NorthFirn sends approved event names with limited fields such as the page route, content category, button placement, referrer domain, and general device type. Contact messages, email addresses, credentials, payment details, and customer datasets are not approved analytics fields.

How information is used

Information is used to answer a request, plan or deliver authorized work, provide support, maintain business records, protect the site from abuse, understand site performance, and meet applicable legal or accounting duties.

What should stay out of public forms

Do not send passwords, authentication codes, payment-card data, protected health information, regulated records, private keys, incident evidence, or full customer datasets through the public contact form. NorthFirn will establish an appropriate transfer and access method when a scoped service requires sensitive information.

Service providers and disclosure

NorthFirn may use hosting, form processing, database, scheduling, payment, communication, and approved analytics providers to operate the site and deliver a requested service. Information may also be disclosed when required by law or needed to protect people, accounts, or systems. NorthFirn does not sell personal information.

Retention

Contact and service records are kept while a request or engagement is active and may be archived for support, security, accounting, dispute, or legal needs. Records are reviewed and removed when they no longer serve a reasonable business or legal purpose.

Security practices

The public contact table is not readable from the anonymous site client. The form validates input, uses a honeypot, limits repeated submissions, and stores the minimum fields needed for follow-up. No internet service can promise absolute security.

Access, correction, deletion, and marketing choices

You may ask NorthFirn to identify, correct, or delete personal information associated with your request, subject to records that must be retained for security, contracts, accounting, or law. Marketing consent is separate from service and support communication.

Children and policy changes

The site and services are intended for businesses and are not directed to children. Material privacy changes will be reflected on this page with a new review date.