N
NORDVEST

Privacy Policy

Effective Date: May 22, 2026 Last Updated: May 22, 2026

Introduction

NORDVEST ("we," "our," or "us") is a service management platform built for compressed air service companies. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform.

In this policy, "Customer" refers to the organization that has contracted with us for access to NORDVEST. "Authorized Users" refers to individuals (such as service managers, technicians, and administrators) granted access by the Customer. "End-Customer Data" refers to information about the Customer's own clients stored within the platform.

Data Roles and Responsibilities

NORDVEST operates as a data processor on behalf of our Customers. The Customer is the data controller for all business data, user data, and end-customer data entered into the platform. This means:

  • The Customer determines what data is collected and how it is used within NORDVEST
  • The Customer is responsible for ensuring they have appropriate consent or legal basis to store their end-customers' information
  • Individual data access, correction, or deletion requests from Authorized Users or end-customers should be directed to the Customer's organization administrator
  • We process data solely according to the Customer's instructions and the terms of our service agreement

We act as a data controller only for data we collect independently, such as demo requests, website analytics, and direct communications with us.

Information We Collect

Information Provided by Customers

When a Customer sets up their organization, adds users, configures integrations, or uses the platform, we store the categories of data needed to provide NORDVEST:

  • Account and access data: User names, email addresses or usernames, encrypted passwords, roles, permissions, authentication settings, API tokens, OAuth connection metadata, and related access controls
  • Organization and configuration data: Tenant names, business details, platform preferences, workflow settings, integration configuration, and other administrative settings
  • Operational data: Customer records, contact details, addresses, assets, equipment details, service history, maintenance records, inventory, notes, photos, files, attachments, documentation, generated drafts, extracted metadata, and related operational records
  • Integration and sync data: Third-party identifiers, sync logs, connection status, mapping records, and related information needed to connect NORDVEST with systems the Customer chooses to use

This data is entered and controlled by the Customer. We store and process it to provide the NORDVEST platform.

Information We Collect Directly

We collect limited information in the course of operating our service:

  • Demo requests: Name, email, company name, and IP address (for security)
  • Technical and security data: IP addresses, browser type, session data, application logs, diagnostic records, and related data used for authentication, debugging, security monitoring, and platform reliability
  • First-party website analytics: Marketing page path, referrer host, UTM parameters, outbound link clicks, session identifier, and page duration. This analytics data is collected by NORDVEST directly and is not used for cross-site advertising
  • Usage data: Features accessed, actions performed, records created or modified, and similar activity data used to improve the platform, provide support, and monitor security

How We Use Information

We use information to:

  • Provide, operate, and maintain the NORDVEST platform
  • Authenticate users and enforce access controls
  • Process and track service requests and maintenance records
  • Generate AI-assisted drafts, document metadata, search helpers, or operational suggestions when the Customer or Authorized User chooses to use those features
  • Geocode customer addresses and support distance-based routing, nearby customer search, mapping, and dispatch features
  • Operate APIs, MCP tools, and integrations authorized by the Customer
  • Send transactional communications (password resets, system notifications)
  • Monitor security and prevent unauthorized access
  • Improve our services and develop new features
  • Respond to support requests
  • Comply with legal obligations

We do not use Customer data or end-customer data for third-party advertising, cross-context behavioral advertising, or unrelated profiling.

We may use Customer account and Authorized User contact information to send service-related communications, including product updates, security notices, account notices, support responses, onboarding messages, and changes to our services or policies.

AI-Assisted Features

NORDVEST may include AI-assisted features such as document extraction, report drafting, quote assistance, search helpers, and operational suggestions. These features are optional and may require Customer configuration or feature access.

When an Authorized User uses an AI-assisted feature, the relevant Customer Data may be sent to third-party AI providers to process the request. This may include prompts, document text, file excerpts, customer or asset records, service history, and the generated response. We use this information only to provide the requested feature, troubleshoot issues, maintain safety and security, and improve NORDVEST.

AI outputs are decision-support tools. Customers and Authorized Users are responsible for reviewing AI-generated content before relying on it, sending it to others, or using it for operational decisions.

Data Isolation and Security

Multi-Tenant Architecture

Each Customer's data is strictly isolated within our platform:

  • All database queries are automatically scoped by tenant ID
  • Users can only access data belonging to their organization
  • Cross-tenant data access is prevented at the database and application levels
  • Administrative access to production data is restricted to authorized personnel

Security Measures

We implement industry-standard security practices including:

  • Encrypted password storage using bcrypt
  • HTTPS encryption for all data in transit
  • Encrypted session management
  • Breach detection via Have I Been Pwned (HIBP) integration for passwords
  • Two-factor authentication (2FA) support
  • Minimum 12-character password requirements
  • Regular security monitoring and audit logging

Data Ownership and Portability

Customers own their data. We do not claim any ownership rights over Customer data, Authorized User data, or end-customer data stored in NORDVEST.

Customers may:

  • Export their data in a standard, portable format at any time
  • Request deletion of all their data upon termination of their account
  • Access a complete copy of their stored data upon request

Upon contract termination, we will return or delete all Customer data within 30 days of request, except where retention is required by law.

Data Sharing and Disclosure

We do not sell, rent, or trade any information to third parties.

We may share information only in the following limited circumstances:

  • Within the Customer's Organization: Data is accessible to Authorized Users within the same tenant as necessary for collaboration and service delivery
  • Sub-Processors: We use trusted third-party service providers to operate our platform (see Sub-Processors below)
  • Legal Compliance: When required by law, subpoena, or other legal process — we will notify the affected Customer where legally permitted
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, Customer data may be transferred. We will provide advance notice and Customers may choose to terminate and export their data
  • Safety and Security: To protect the rights, property, or safety of NORDVEST, our users, or others in cases of imminent harm or fraud

Sub-Processors

We use the following categories of third-party service providers to deliver NORDVEST:

Category Purpose
Cloud infrastructure Application hosting and database management
Email delivery Transactional emails (password resets, notifications)
Authentication providers SSO identity verification (when enabled)
AI providers Optional AI-assisted extraction, drafting, search, and operational support features
Geocoding providers Converting Customer-provided addresses into coordinates and formatted address data
Payment and invoicing providers Subscription billing, invoice delivery, and payment processing
Monitoring and security tools Application health, error tracking, security monitoring, and audit logging

A current list of specific sub-processors is available upon request. We may update our sub-processors from time to time as needed to operate and improve NORDVEST. We will update this Privacy Policy or otherwise notify Customers when a change materially affects how Customer Data is processed.

Data Retention

We retain information as follows:

  • Active accounts: Data is retained for as long as the Customer's account is active and the service agreement is in effect
  • After termination: Customer data is deleted within 30 days following account termination, except where retention is required for legal or regulatory compliance
  • Backups: Automated backups are retained for disaster recovery purposes and are purged on a rolling schedule
  • Logs: Security and application logs are retained for up to 12 months for debugging and security monitoring

Cookies and Tracking

NORDVEST uses only essential cookies to:

  • Maintain authenticated sessions
  • Store user preferences
  • Ensure platform security

On our public marketing pages, we also collect limited first-party analytics described above to understand page visits, referral sources, outbound link clicks, and page duration.

We do not use third-party tracking cookies, advertising networks, or cross-site behavioral analytics tools.

Single Sign-On (SSO)

If enabled by the Customer, NORDVEST supports SSO through Google OAuth (with additional providers planned). When using SSO, we receive basic profile information (name, email) from the identity provider. We do not receive or store SSO passwords. Use of third-party identity providers is governed by their respective privacy policies.

Geocoding and Mapping

When enabled, NORDVEST may send Customer-provided address components to a geocoding provider to return latitude, longitude, formatted address, accuracy, and related match metadata. We store that geocoding data with the Customer record to support nearby customer search, routing, mapping links, and dispatch workflows.

API Tokens and Connected Clients

Customers may create API tokens or authorize connected clients to access their NORDVEST data. The Customer is responsible for deciding which clients receive access, limiting token permissions, rotating credentials, and revoking access when it is no longer needed. We log API and integration activity for security, audit, and support purposes.

Children's Privacy

NORDVEST is a business-to-business application designed for use by compressed air service companies. It is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

Data Processing Location

NORDVEST is hosted in the United States. All data processing occurs within the United States. By using our services, Customers consent to the transfer and processing of information in the United States.

Compliance with Applicable Laws

NORDVEST is designed for US-based business operations. We comply with applicable US federal and state privacy laws, including the California Consumer Privacy Act (CCPA) where applicable.

For the avoidance of doubt:

  • We do not sell personal information
  • We do not share personal information for cross-context behavioral advertising
  • Customers and their Authorized Users will not be discriminated against for exercising their privacy rights

If our service expands to other jurisdictions, we will update this policy to reflect additional applicable regulations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify the Customer's account administrator or primary account contact by email at least 30 days before material changes take effect
  • Post the revised policy on our website

Continued use of NORDVEST after the effective date of changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: privacy@nordvestops.com Website: https://nordvestops.com

For data access, correction, or deletion requests related to information stored within a Customer's NORDVEST account, please contact your organization administrator first. If your organization is unable to resolve your request, contact us at the email above.

← Back to home