Information submitted through the contact form
The form collects an email address, an optional organization name, the selected topic, the message, and consent to use that information for a response. The form service also receives a browser user-agent string and hashes the sender's IP address to enforce an hourly submission limit. The plain IP address is not stored in the contact-request table.
Site measurement
If analytics is enabled, NorthFirn sends approved event names with limited fields such as the page route, content category, button placement, referrer domain, and general device type. Contact messages, email addresses, credentials, payment details, and customer datasets are not approved analytics fields.
How information is used
Information is used to answer a request, plan or deliver authorized work, provide support, maintain business records, protect the site from abuse, understand site performance, and meet applicable legal or accounting duties.
What should stay out of public forms
Do not send passwords, authentication codes, payment-card data, protected health information, regulated records, private keys, incident evidence, or full customer datasets through the public contact form. NorthFirn will establish an appropriate transfer and access method when a scoped service requires sensitive information.
Retention
Contact and service records are kept while a request or engagement is active and may be archived for support, security, accounting, dispute, or legal needs. Records are reviewed and removed when they no longer serve a reasonable business or legal purpose.
Security practices
The public contact table is not readable from the anonymous site client. The form validates input, uses a honeypot, limits repeated submissions, and stores the minimum fields needed for follow-up. No internet service can promise absolute security.
Access, correction, deletion, and marketing choices
You may ask NorthFirn to identify, correct, or delete personal information associated with your request, subject to records that must be retained for security, contracts, accounting, or law. Marketing consent is separate from service and support communication.
Children and policy changes
The site and services are intended for businesses and are not directed to children. Material privacy changes will be reflected on this page with a new review date.