Northern State Technologies

Effective Date: October 15, 2025

1. Who we are

Northern State Technologies, 106 Page Road, Litchfield, NH 03052 
Email: info@northernstate.tech
Phone: (603) 450-4019

If you purchase managed services (e.g., monitoring, remote management) on behalf of a business, we may act as a processor/service provider for certain data under your instructions. See Section 12 (Data Processing for Business Clients).

2. Information we collect

We collect the following categories of information:

Cookies & Similar Tech: pixels, local storage, and analytics beacons (see Section 9).

Contact & Account Data: name, email, phone, billing/shipping address, company, role, service preferences.

Service & Site Details: floor plans or room lists you provide, device lists/labels, network topology, VLAN/SSID names (not credentials unless expressly needed), access schedules, scenes/automations.

Device & Technical Data: IP/MAC addresses, device identifiers, Wi‑Fi signal metrics, firmware versions, crash logs, browser type, pages viewed, and timestamps.

Support Interactions: tickets, emails, call/chat recordings or summaries, remote session metadata.

Security/Access Data (if enabled): user/guest identifiers, badge or PIN assignment, door event logs, alarm arming/disarming events, and access audit trails configured by you.

Video/Audio Data (if applicable): camera thumbnails, motion events, and video streams only where you explicitly opt‑in and provide storage/processing instructions (e.g., NVRs you own or cloud services you choose). By default, we do not view or store footage unless needed for support with your permission or as required by law.

Payment Data: processed via our third‑party payment processors; we do not store full card numbers.

3. Sources of information

Directly from you during discovery, design, installation, and support.

Automatically from your devices or our site/app when you use connected features.

From third‑party providers (e.g., payment processors, shipping carriers, parts distributors, and authentication services) where permitted.

4. How we use information

Provide & Maintain Services: design, installation, configuration, onboarding, monitoring, and support.

Improve & Secure Systems: diagnostics, firmware planning, performance tuning, and threat mitigation.

Communications: quotes, invoices, updates, educational content, and service notices.

Business Operations: accounting, auditing, project management, forecasting, legal compliance, and dispute resolution.

Marketing (light‑touch): newsletters or promos you can opt‑out of anytime.

5. Legal bases (GDPR/UK GDPR)

Where applicable law requires a legal basis, we process data on:

Legal Obligation: tax, accounting, and regulatory requirements.

Contract: to deliver the services you requested.

Legitimate Interests: to secure, improve, and support systems in ways that do not override your rights.

Consent: for optional features (e.g., marketing emails, camera access for support).

6. Sharing of information

We share data only as needed to run our business:

• Service Providers/Processors: hosting, ticketing/CRM, remote management tools, payment processing, shipping/logistics, and subcontracted installers under confidentiality and data‑protection terms.
• Customer‑Designated Platforms: if you choose integrations (e.g., voice assistants, cloud backups, M365), we connect under your account settings.
• Legal/Compliance: to comply with valid legal process or protect people, property, and our rights.
• Business Transfers: as part of a merger, acquisition, or asset sale with appropriate protections.

We do not sell your personal information.

7. Retention

We retain data only as long as necessary for the purposes above:

Video Footage: per your NVR/cloud settings; we do not store footage unless you request temporary access for support.
We may retain minimal records to meet legal obligations or resolve disputes.

Support Tickets/Project Files: typically 7 years after project closure (accounting/legal).

Monitoring & Network Logs: typically 90–365 days depending on the signal type; configurable in managed agreements.

Access Control Logs: default 12 months or as you configure.

8. Security

We use administrative, technical, and physical safeguards: principle of least privilege, role‑based access, MFA on admin tools, encryption in transit, secure device onboarding, and change control. No method is 100% secure; we continuously improve our controls.

9. Cookies & analytics

We use necessary cookies for site functionality and may use analytics to understand site usage.

Your Choices: browser settings, cookie banners, or opting out of analytics where offered.

Necessary: session management, security, load balancing.

Analytics: page views, referrers, and device patterns; aggregated and de‑identified where possible.

10. Your choices & rights

• Email Preferences: unsubscribe links in emails or contact us.
• Access/Correction/Deletion: request a copy, correction, or deletion of your personal data, subject to legal exceptions.
• Device/Service Controls: you may disable or reconfigure features (e.g., cameras, logs, integrations). Some capabilities may require minimal telemetry to function.

California & U.S. State Privacy Notices (CCPA/CPRA and similar)

Depending on your state, you may have rights to know, access, correct, delete, and opt‑out of certain data uses. We do not sell personal information or share it for cross‑context behavioral advertising. To exercise rights, email privacy@.com or use our web form.

EEA/UK/Swiss Residents

You may have rights to access, rectify, delete, restrict/oppose processing, data portability, and to withdraw consent. You may lodge a complaint with your local supervisory authority.

11. International transfers

If we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful mechanisms.

12. Data processing for business clients (DPA)

For managed services where we process data on your instructions, we act as a processor/service provider. Upon request, we will execute a Data Processing Addendum (DPA) reflecting roles, security, sub‑processors, and international transfer terms. You remain responsible for providing lawful instructions and notices to your end users.

13. Children’s privacy

Our services are not directed to children under 13 (or the age defined by local law). We do not knowingly collect personal data from children.

14. Do Not Track

Some browsers send a DNT signal. We currently do not respond to DNT, but you can control cookies and analytics as described above.

15. Changes to this Policy

We may update this Policy to reflect changes in technology, law, or our services. We’ll post updates with a new Effective Date and, where required, notify you.