Privacy & Cookie Policy
Last updated: 2026-06-03
This Privacy & Cookie Policy explains how Polaris Works AB (Swedish org. no. 559587-6102), Gamla Lyckebyvägen 25 A, 13670 Vendelsö, Sweden (“we”, “us”), processes personal data when you visit northstarframework.com, use NSF Board (including Guest mode), purchase digital products, or contact us.
VAT registration is pending. A VAT registration number will be added here once registered.
1. Data controller and contact
Polaris Works AB is the data controller for personal data described in this policy, except where we process data on behalf of NSF Board business customers as described in Section 3.
Privacy and data protection enquiries: info@northstarframework.com
Product support: support@northstarframework.com
2. What we process and why
2.1 Website visitors and Guest mode
NSF Board Guest mode lets you try a board in your browser without an account. Board content is stored locally in your browser (local storage) on your device.
We may process:
- Technical data needed to deliver the site (server logs, IP address, browser type)
- Cookie consent preferences
- Analytics data if you consent (see Section 5)
- Minimal aggregate logging when you view or download the free NSF guide (guide name, action, page source, timestamp)
2.2 NSF Board accounts (business customers)
When you register and use NSF Board with an account, we process:
- Account data: name, email address, password (stored hashed by our auth provider)
- Company data: company name, organisation number (if provided)
- Workspace data: boards, cycles, cards, snapshots, and settings you create
- Membership data: role (owner, editor, viewer), invitations sent and accepted
- Billing data: subscription plan, status, and Stripe customer identifiers (payment card details are handled by Stripe)
- Security and operational logs
Legal basis: Performance of our contract with your organisation (GDPR Art. 6(1)(b)); legitimate interests in operating, securing, and improving the service (Art. 6(1)(f)); compliance with legal obligations where applicable (Art. 6(1)(c)).
2.3 Digital book purchases
When you purchase the digital Book (ePub), we process:
- Contact and billing data (name, email, payment information via Stripe)
- Purchase details (edition, language, date, amount)
- Delivery-related data (download access, support correspondence)
Legal basis: Performance of contract (Art. 6(1)(b)); legal obligations such as tax and accounting (Art. 6(1)(c)).
2.4 Contact forms and enquiries
If you contact us (for example about the book waitlist, guide, or general enquiries), we process the information you submit and our correspondence with you.
Legal basis: Legitimate interest in responding to enquiries (Art. 6(1)(f)); consent where you opt in to project updates (Art. 6(1)(a)).
3. NSF Board: controller and processor roles
For NSF Board business workspaces, your organisation is generally the data controller for personal data you and your users put on the board (for example employee names and business content).
Polaris Works AB acts as data processor for that workspace data on your organisation's instructions. Our Data Processing Addendum describes processor obligations and is accepted when you subscribe to NSF Board.
We act as independent controller for account administration, billing, service communications, and security processing related to NSF Board.
4. Essential cookies and local storage
We use essential technologies necessary for the site and product to function, including:
- Local storage to keep Guest mode board content on your device
- Authentication session cookies when you are signed in to NSF Board
- Cookie consent preferences stored locally
- Technical data needed to deliver the site securely and reliably
These are used based on legitimate interest in providing a secure, functional service. They do not require consent under EU ePrivacy rules, but we describe them here for transparency.
5. Analytics
If you consent via our cookie banner, we use Google Analytics 4 to collect aggregated information such as pages visited, features used, approximate region, device and browser type, and interaction events.
We use this to understand usage and improve the site and product. We do not use analytics for advertising or sell your data.
Legal basis: Consent (Art. 6(1)(a)). You can withdraw consent at any time via cookie settings or by clearing site data for northstarframework.com.
6. Your choices (cookies)
When you first visit, our cookie banner lets you choose:
- Accept all — essential technologies + analytics
- Only essential — no analytics
- Reject all — no analytics, only essential technologies
To change your choice later, clear cookies/local storage for northstarframework.com and reload the page, or use cookie settings if available in the footer.
7. Recipients and sub-processors
We share personal data with service providers who assist us, including:
- Supabase Inc. — database, authentication (EU Central, Frankfurt)
- Stripe, Inc. — payment and subscription processing
- Resend, Inc. — transactional email (invitations, notifications)
- Vercel Inc. — hosting and content delivery
- Google LLC — Google Analytics 4 (only with consent)
These providers process data on our instructions and under their own terms and data processing agreements. Some may process data outside the EU; where required we rely on appropriate safeguards such as Standard Contractual Clauses.
We do not sell personal data.
8. Retention
- Guest mode local storage: Until you clear it or your browser deletes it.
- NSF Board workspace data: For the subscription term, then up to 90 days read-only after cancellation, then deleted unless you use self-service deletion earlier (see our Terms).
- Account and billing records: As long as needed for the contract and to comply with accounting and tax law (typically up to seven years for financial records under Swedish law).
- Book purchase records: As required for contract fulfilment and legal obligations.
- Analytics: According to our Google Analytics retention settings, in aggregated form.
- Guide download logs: According to our hosting provider's log retention, used in aggregate.
9. Your rights
If you are in the European Economic Area or UK, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time.
NSF Board workspace owners can delete all workspace data via Settings > Subscription. For other requests, contact info@northstarframework.com. If your organisation is the controller for workspace content, you may need to contact your employer or workspace owner first.
You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or your local supervisory authority.
10. Security
We implement appropriate technical and organisational measures, including encryption in transit, access controls, and row-level security in our database. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
11. Changes to this policy
We may update this policy from time to time. We will post the updated version on this page and update the “Last updated” date. Material changes may be communicated by email or in-product notice where appropriate.
12. Related documents
- Terms and Conditions
- Data Processing Addendum (NSF Board business customers)