1. Who We Are

Northlight Vault is a desktop application developed and operated by Northlight.

2. Our Commitment to Your Privacy

Northlight Vault is designed with privacy as a default. The app does not collect, transmit, or store your personal information on any Northlight servers. Everything stays on your device.

This policy explains how the app works with third-party cloud storage providers, what that means for your data, how we handle user feedback, and what rights you have as a Canadian user under the Personal Information Protection and Electronic Documents Act (PIPEDA).

3. Information We Collect

Personal Information in the App

Northlight Vault does not collect personal information from your use of the app. Your files, browsing activity, and preferences remain on your device. The app stores the following locally on your device only:

All stored data remains on your device and is not accessible to Northlight or transmitted to any server.

Personal Information in Feedback

When you submit feedback through the in-app feedback form, we collect limited personal information to respond to you and improve the app. See Section 5 for full details.

4. Third-Party Cloud Storage Providers

To provide its core functionality, Northlight Vault connects to cloud storage services that you choose to authorise. Currently supported providers:

• Google Drive (Google LLC)
• Microsoft OneDrive (Microsoft Corporation)
• Dropbox (Dropbox, Inc.)

How it works

When you browse files in Vault, the app retrieves file lists and metadata — names, dates, folder structure, file types — directly from your connected cloud provider and displays them on your device. This data is processed locally and is not sent to Northlight or stored on Northlight servers.

Your cloud provider's responsibility

Each provider has its own privacy policy governing how they handle your data. We encourage you to review them:

• Google Drive Privacy Policy
• Microsoft OneDrive Privacy Statement
• Dropbox Privacy Policy

Revoking access

You can revoke Northlight Vault's access to any connected account at any time:

• In Vault: Disconnect your account by clicking the × next to the account name in the sidebar
• Google Drive: myaccount.google.com/permissions
• Microsoft OneDrive: account.microsoft.com/permissions
• Dropbox: dropbox.com/account/connected_apps

5. User Feedback

When you submit feedback through the in-app feedback form, you provide explicit consent before submission by checking a required consent checkbox.

What we collect

• Your name (optional)
• Your email address (required)
• Feedback type: bug report, feature idea, or general feedback
• Cloud provider you were using, if applicable
• Your feedback text
• Northlight Vault version number, if reporting a bug

How we use it

We store this information in ClickUp, a task management platform, so we can review your feedback, respond to you, and improve Northlight Vault. We do not use your information for marketing, and we do not share it with third parties.

Data location and security

Your consent

The feedback form displays a required consent checkbox before you can submit. The checkbox states:

By checking this box and clicking Submit, you explicitly consent to us storing your name, email, and feedback in ClickUp for these purposes.

Your rights

You may request deletion of your feedback at any time by contacting support@bynorthlight.ca. Include your email address and details of the feedback you submitted. We will delete your data within 30 days of your request.

6. Data Retention

App data: Northlight Vault does not collect personal information from app usage, so there is nothing to retain or delete on our end. Local app data — authentication tokens, account metadata, and preferences — can be removed at any time by uninstalling the application or disconnecting accounts within the app.

Feedback data: We retain user feedback for 12 months from the date of submission. After 12 months, all feedback is deleted from our system, including your name, email, and feedback text. If you request deletion before this period ends, we will delete your feedback within 30 days of your request.

7. Analytics, Crash Reporting, and Software Updates

Analytics and crash reporting: Northlight Vault does not currently use analytics or crash reporting tools.

Software updates: Northlight Vault includes an automatic update check that connects to GitHub to determine whether a newer version is available. This request is made directly between your device and GitHub's servers. Northlight does not log or store connection data from update checks. GitHub Privacy Statement →

8. Your Rights Under PIPEDA

As a Canadian resident, you have the right to:

• Know whether Northlight holds personal information about you
• Request access to any personal information we hold
• Request correction of inaccurate information
• Withdraw consent for the collection or use of your personal information
• Lodge a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at support@bynorthlight.ca. Please include relevant details, such as your email address if you submitted feedback.

Office of the Privacy Commissioner of Canada →

9. Children's Privacy

Northlight Vault is not directed at anyone under the age of 18. If you are under 18, please do not use this app or submit feedback without parental consent.

10. Changes to This Policy

We will notify users of material changes to this privacy policy through in-app messages and updated release notes. Material changes include:

• Adding new data collection practices
• Changing data retention periods
• Adding or removing third-party data processors
• Changes to how we use or share personal information

Minor clarifications or corrections do not require notification. Continued use of the app after notification of material changes constitutes acceptance of the updated policy.

11. Contact Us

Questions about this privacy policy or your privacy rights?