Privacy Policy — NorthPoint Delivery

Plain-English summary: We collect what we need to deliver your order — your name, contact info, address, and (via Stripe) payment details. We share that data with restaurants and couriers only as needed to complete your order, and with vetted service providers like Stripe, Cloudinary, and Apple/Google for payments, hosting, and authentication. We don't sell your data. You can request access, correction, or deletion at any time by emailing hello@northpointdelivery.com.

Introduction
Information we collect
How we use your information
How we share your information
Data retention
Security
Your rights and choices
California residents (CCPA)
Children's privacy
International users
Changes to this policy
Contact us

1. Introduction

NorthPoint Delivery ("NorthPoint," "we," "us," or "our") operates a mobile food and grocery delivery marketplace serving the Healy and Denali, Alaska area through the NorthPoint Delivery mobile application and website at northpointdelivery.com (collectively, the "Service").

This Privacy Policy describes the information we collect from and about you when you use the Service, how we use and share that information, and your rights and choices regarding our practices.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with our practices, please do not use the Service.

2. Information we collect

Information you provide to us

Account information. When you create an account, we collect your name, email address, phone number, password (hashed — we never store plaintext passwords), and account role (customer, restaurant partner, or courier).
Profile information. Optional information you choose to add, such as a profile photo, preferred language, currency, and notification preferences.
Delivery addresses. Addresses you save for delivery, including street address, city, ZIP code, and any delivery instructions you provide.
Order information. Items you order, special instructions, order history, ratings, and tips.
Payment information. We use Stripe to process payments. Card details are entered directly into Stripe's PCI-compliant systems and are never transmitted to or stored on our servers. We receive a token from Stripe that allows us to charge your saved payment method.
Communications. Messages you send through in-app chat with restaurants, couriers, or support; support tickets you open; and feedback or survey responses.

Information collected automatically

Location information. With your permission, we collect precise location data from your device to display nearby restaurants, suggest your address, and (for couriers) provide real-time delivery tracking. You can disable location access in your device settings at any time.
Device and usage information. Device type, operating system, app version, IP address, language settings, time zone, crash logs, and basic usage analytics (which screens you visit, how often).
Push notification tokens. An identifier from Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) that allows us to send you order updates. You can disable push notifications in your device settings.

Information from third parties

Sign-in providers. If you sign in with Apple or Google, we receive your name, email, and a unique user identifier from those providers per the scope you authorize.
Payment processors. Stripe shares limited transaction metadata with us (payment status, last four digits of the card used, card brand) so we can display your payment methods and order history.

3. How we use your information

We use the information we collect to:

Operate the Service — create accounts, process orders, route deliveries, process payments, send transactional notifications
Communicate with you — order updates, support responses, account-related notices
Improve the Service — analyze usage patterns, debug crashes, plan new features
Personalize your experience — show relevant restaurants based on your location and order history, save your preferences
Detect and prevent fraud, abuse, and unauthorized access
Comply with legal obligations, enforce our Terms of Service, and protect the rights, safety, and property of NorthPoint, users, and the public

We do not use your information for advertising, do not sell your personal information to third parties, and do not engage in cross-context behavioral advertising.

We share your information only as described below:

With other users of the Service

Restaurants receive your name, delivery address, order items, special instructions, and contact phone number so they can prepare and hand off your order.
Couriers receive your name, pickup and delivery addresses, contact phone number, and any special delivery instructions so they can complete the delivery.
You receive limited information about the restaurant and courier handling your order (name, photo, vehicle info if applicable, and live location during the delivery).

With service providers

We share information with vendors that help us operate the Service:

Stripe — payment processing, fraud detection, payouts to restaurants
MongoDB Atlas — database hosting
Railway — application hosting
Cloudinary — image hosting (restaurant menu photos, profile photos)
Expo / EAS — mobile app build infrastructure and push notification delivery
Apple Push Notification service and Firebase Cloud Messaging — delivering push notifications
Google Maps and Google Places — map display and address autocomplete
Cloudflare — DNS, content delivery, email routing
Email service providers — transactional emails (password resets, receipts)

These providers are contractually obligated to use your information only to provide services to us and to maintain reasonable security measures.

For legal reasons

We may disclose information when required by law, court order, or government request, or when we believe disclosure is necessary to protect the rights, property, or safety of NorthPoint, our users, or the public.

In a business transfer

If NorthPoint is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your information.

5. Data retention

We retain your information for as long as your account is active and as reasonably needed to provide the Service. After account deletion, we retain limited information (transaction records, communications, and any data we are required to keep by law — e.g., tax records for at least seven years under U.S. federal tax law) and delete the rest within 30 days.

Aggregated or de-identified data that cannot be used to identify you may be retained indefinitely.

6. Security

We use industry-standard safeguards to protect your information, including:

HTTPS / TLS encryption for all network traffic
Passwords hashed with bcrypt — we cannot recover or view your password
Payment card data handled exclusively by Stripe (PCI-DSS Level 1 compliant); we never see your card number
JWT-based authentication with short-lived access tokens
Apple Sign-In identity tokens verified against Apple's published JWKS keys
Hardened access controls on databases and infrastructure

No system is perfectly secure. If we ever experience a data breach that affects your personal information, we will notify you as required by applicable law.

7. Your rights and choices

Access, correction, and deletion

You can access and update most of your personal information directly in the app under Profile → Settings. To request a copy of your data, correct information you can't edit yourself, or delete your account, email us at hello@northpointdelivery.com. We'll respond within 30 days.

Communication preferences

Transactional emails (order confirmations, receipts, security alerts) are required and cannot be turned off while your account is active
Push notifications can be disabled per category in the app or globally in your device settings
Marketing emails (if we add them later) will always include an unsubscribe link

Location and device permissions

You can revoke location, camera, photo library, and push notification permissions at any time from your device's Settings app. Some features of the Service (most importantly delivery tracking) will not work without location access.

8. California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act gives you the following rights, which we honor:

The right to know what personal information we collect about you and how we use and share it
The right to request deletion of your personal information
The right to correct inaccurate personal information
The right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
The right not to be discriminated against for exercising your privacy rights

To exercise these rights, email hello@northpointdelivery.com. We may need to verify your identity before fulfilling certain requests.

9. Children's privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us information, please contact us at hello@northpointdelivery.com.

10. International users

The Service is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your country.

11. Changes to this policy

We may update this Privacy Policy from time to time. We'll post the updated version here with a new "Last updated" date. For material changes, we'll give you advance notice through the app or by email. Your continued use of the Service after changes take effect means you accept the updated policy.

12. Contact us

Questions, requests, or concerns about this Privacy Policy or our data practices? Reach us at:

NorthPoint Delivery
Email: hello@northpointdelivery.com
Mail: PO Box 717, Healy, AK 99743

Contents