1. Introduction
Northtec ("we", "our", "us") operates the NTX AI platform, including the web dashboard at clients.northtec.io, the embeddable chat widget at chat.northtec.io, the WhatsApp Business integration, and the REST API. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
2. Information We Collect
We may collect the following types of information:
- Account Information: name, email address, phone number, and company details provided during registration.
- Conversation Data: messages exchanged through WhatsApp Business, the chat widget, or the API, including text content, timestamps, and metadata.
- Documents: files uploaded for AI knowledge base indexing (RAG), including PDFs, text documents, and spreadsheets.
- Email Data: when you connect Gmail or Microsoft Outlook, we access email content in read-only mode for AI-assisted search and indexing. We do not send emails on your behalf.
- Usage Data: message counts, API usage, token consumption, and interaction patterns for billing and analytics.
- Technical Data: IP address, browser type, device information, and cookies for security and service optimization.
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve our AI assistant services.
- Process and respond to messages using AI models (OpenAI, Google Gemini).
- Index and search your documents and emails for contextual AI responses (RAG).
- Monitor usage for billing, rate limiting, and plan enforcement.
- Send service notifications, security alerts, and product updates.
- Detect and prevent fraud, abuse, and security threats.
4. AI Processing & Third-Party Services
Your conversation data and documents are processed by third-party AI providers to generate responses. These providers include:
- OpenAI — for chat completions and text embeddings.
- Google Gemini — for document indexing and OCR processing.
- Pinecone — for vector storage and semantic search.
5. Data Storage & Security
Your data is stored in Google Cloud Platform (GCP) infrastructure in the us-central1 region. We implement industry-standard security measures including:
- AES-256-GCM encryption for sensitive data at rest.
- HMAC-SHA256 verification for webhook integrity.
- SHA-256 hashed API keys (we never store keys in plaintext).
- Input sanitization against injection attacks.
- Per-tenant data isolation in our database and vector store.
6. Data Retention
Conversation data and documents are retained for as long as your account is active. You may delete individual conversations, documents, or your entire account at any time through the dashboard. Upon account deletion, all associated data is permanently removed within 30 days.
7. Data Sharing
We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:
- With AI processing providers as described in Section 4.
- When required by law, regulation, or legal process.
- To protect the rights, safety, or property of Northtec or its users.
- With your explicit consent.
8. Chat Widget (chat.northtec.io)
When end users interact with the NTX AI chat widget embedded on third-party websites, we collect the conversation content and basic session data (session token, domain origin). The widget does not use tracking cookies. Conversation data is associated with the business account that deployed the widget, not with individual end users.
9. Your Rights
You have the right to:
- Access, correct, or delete your personal data.
- Export your conversation history and documents.
- Disconnect third-party integrations (Gmail, Outlook) at any time.
- Request a copy of all data we hold about you.
- Withdraw consent for data processing.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: