Privacy notice.

This notice explains what personal data NorthPoint collects when you use this site, the subscriber portal, or the free compliance checks — who processes it on our behalf, how long we keep it, and the rights you have under the EU General Data Protection Regulation.

Who we are.

NorthPoint Marketing Solutions Oy. Helsinki, Finland. VAT FI34987341. Contact for all privacy matters: hello@northpoint.fi.

What we collect.

Sign-up form. Email, company name, and the situation textarea you fill in when starting an AI Crypto CMO subscription.

Stripe Checkout. Payment information — card details, billing address, billing email. Card details are handled entirely by Stripe; we never see or store them. We receive the billing email, the Stripe customer ID, and the subscription status.

Magic-link sign-in. Your email and a short-lived session token that proves you signed in. No password is collected.

Portal usage. The asset text, URL, or image you submit to a Pro compliance check; the verdict and rule output returned; the timestamp; and the resulting entry in your audit history.

Free check pages. The seven public checks (MiCA, GDPR, FCA, SEC, MAS, VARA, Ad Creative) run in your browser or via a server-side fetch. We log your anonymous IP address for rate-limiting only. Submission contents are not stored.

Analytics. Google Analytics 4 runs on public marketing pages. It collects anonymous traffic data — pages viewed, device class, rough region. No personally identifiable information. GA4 does not run inside the authenticated subscriber portal.

Why we are allowed to process it.

Under GDPR Article 6: contract performance for paid subscribers (we cannot deliver the AI Crypto CMO service without the data above); legitimate interest for IP-level rate-limiting on the free check pages (preventing abuse of a free public tool); consent for any marketing email you actively opt in to receive.

Who else touches your data.

We use a short list of sub-processors. Each operates under its own GDPR-compliant terms.

• Stripe — subscription billing and payment processing. Data flows EU/US under standard contractual clauses.
• EmailJS — relays transactional emails (magic-link sign-in, receipts, account notifications).
• Vercel — hosting and edge runtime for the site, portal, and MCP server. EU region; Vercel KV stores subscriber records.
• Anthropic — LLM inference for Pro audit packs. Audit inputs are sent to Anthropic for processing and are not used to train models.
• Google Analytics 4 — anonymous traffic analytics on public marketing pages only. Opt out by enabling Do-Not-Track in your browser or installing the Google Analytics Opt-out add-on.

We do not share data with any third party for marketing purposes. We do not sell, rent, or trade subscriber data. There is no marketing list.

How long we keep it.

• Subscriber account data — while the subscription is active, plus 30 days after cancellation, then deleted.
• Portal audit history — capped at 200 entries per company, automatically rolling off after 30 days.
• Free check submissions — not stored. Anonymous IP rate-limit counters reset hourly.
• Billing records — retained for 7 years to satisfy Finnish accounting law.
• Analytics — 14 months in Google Analytics 4, then deleted automatically.

What you can ask us to do.

Under GDPR you have the right to access the personal data we hold about you, ask for it to be corrected, ask for it to be deleted, ask for it in a portable format, restrict our processing, or object to processing. Email hello@northpoint.fi with “GDPR request” in the subject line. We respond within 30 days.

If you are unhappy with how we handle your data, you can lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) at tietosuoja.fi.

What we set in your browser.

np_session — HttpOnly session cookie set after you sign in to the portal. Expires after 30 days. Strictly necessary; no consent banner required.

Google Analytics 4 cookies — set on public marketing pages only (not inside the portal). Anonymous traffic measurement. Opt out using the methods linked above.

When this notice changes.

Material changes are notified to active subscribers by email. The revised notice and a new “Last updated” date are posted on this page.

Questions: hello@northpoint.fi