Legal

Privacy Policy

Last Updated: March 15, 2026 · Effective Date: March 15, 2026

NuNorth Intelligence Inc. (“NuNorth,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share information in connection with our platform, including the Nero Discovery 15-Minute Audit service and related products (collectively, the “Services”).

1. Information We Collect

1.1 Account Information

When you create an account or authenticate via Google Sign-In, we receive your name, email address, and profile picture from your Google account. We use this information solely to identify you within the NuNorth platform.

1.2 GCP Project Metadata

If you choose the “Fast Track” onboarding path, we temporarily access a list of your Google Cloud Platform (GCP) projects to allow you to select a target project for the audit. This list is fetched directly from the Google Cloud Resource Manager API and is not stored by NuNorth after the session ends.

1.3 BigQuery Metadata (INFORMATION_SCHEMA Only)

During the 15-Minute Audit, our scanner reads metadata from your BigQuery INFORMATION_SCHEMA views (table schemas, partition configurations, job statistics). We do not read, copy, or analyze your actual table data, row contents, or query results.

1.4 Usage Data

We collect standard analytics data (page views, feature usage, browser type) through Vercel Analytics to improve our platform.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate you and provide access to the platform
  • Perform the 15-Minute Audit by analyzing BigQuery metadata in your selected GCP project
  • Generate optimization recommendations and cost savings projections
  • Communicate with you about the Services
  • Improve and develop new features

3. Zero-Retention Architecture

NuNorth employs a Zero-Retention data architecture. All BigQuery metadata analysis is performed in-flight within the northamerica-northeast1 (Montreal, Canada) region. Audit findings are stored temporarily in a client-scoped Firestore collection and are automatically purged after the analysis window expires. We do not maintain long-term copies of your BigQuery metadata.

4. Data Residency

All data processing and storage occurs exclusively in the northamerica-northeast1 (Montreal, Canada) GCP region. Your data never leaves Canadian jurisdiction, ensuring compliance with PIPEDA, Bill C-27 (CPPA), and provincial privacy legislation.

5. Google API Services Disclosure

NuNorth Intelligence's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When a user authenticates via the “Fast Track” setup, NuNorth requests the cloud-platform scope solely to programmatically provision a temporary, read-only service account in the user's Google Cloud project. NuNorth does not store, log, or retain the user's OAuth access tokens or refresh tokens after this provisioning step is complete.

Specifically:

  • Scopes requested: openid, profile, email (Phase 1), and https://www.googleapis.com/auth/cloud-platform (Phase 2, only when the user explicitly selects Fast Track)
  • Token handling: OAuth access tokens are used exclusively for a single provisioning operation and are revoked via the Google OAuth revocation endpoint immediately upon completion
  • No refresh tokens: NuNorth does not request or store refresh tokens. All access is ephemeral.
  • No data sharing: Information obtained through Google APIs is not transferred to any third-party application, service, or person

6. Service Account Security

After the onboarding step, NuNorth accesses your BigQuery metadata solely through GCP-native Service Account Impersonation — a mechanism that creates time-limited, scoped tokens without storing long-lived credentials. You retain full control over the service account created in your project and may revoke NuNorth's access at any time by deleting the nunorth-nero-discovery-agent service account from your IAM console.

7. Information Sharing

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

  • Service providers: We use Google Cloud Platform for infrastructure. Data processing occurs within your selected or our designated GCP project, both constrained to the Montreal region.
  • Legal obligations: We may disclose information if required by law, regulation, or valid legal process.
  • Business transfers: In the event of a merger, acquisition, or asset sale, user information may be transferred as part of that transaction.

8. Data Retention

Account information (name, email) is retained for as long as your account is active. Audit findings are retained for a maximum of 90 days unless you request earlier deletion. OAuth tokens are never retained — they are revoked immediately after use.

9. Your Rights

Under applicable Canadian privacy legislation (PIPEDA / Bill C-27), you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Withdraw consent for data processing

To exercise any of these rights, contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last Updated” date.

11. Contact

If you have questions about this Privacy Policy, please contact:

NuNorth Intelligence Inc.
Calgary, AB, Canada
[email protected]