N
Nordvest Ops

Privacy Policy

Effective Date: February 12, 2026 Last Updated: February 12, 2026

Introduction

Nordvest Ops ("we," "our," or "us") is a service management platform built for compressed air service companies. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform.

In this policy, "Customer" refers to the organization that has contracted with us for access to Nordvest Ops. "Authorized Users" refers to individuals (such as service managers, technicians, and administrators) granted access by the Customer. "End-Customer Data" refers to information about the Customer's own clients stored within the platform.

Data Roles and Responsibilities

Nordvest Ops operates as a data processor on behalf of our Customers. The Customer is the data controller for all business data, user data, and end-customer data entered into the platform. This means:

  • The Customer determines what data is collected and how it is used within Nordvest Ops
  • The Customer is responsible for ensuring they have appropriate consent or legal basis to store their end-customers' information
  • Individual data access, correction, or deletion requests from Authorized Users or end-customers should be directed to the Customer's organization administrator
  • We process data solely according to the Customer's instructions and the terms of our service agreement

We act as a data controller only for data we collect independently, such as demo requests, website analytics, and direct communications with us.

Information We Collect

Information Provided by Customers

When a Customer sets up their organization and adds users, the following data is stored:

  • Account information: Name, email address or username, encrypted password, role and permissions
  • Organization settings: Tenant name, configuration preferences, business details
  • Business data: Customer records (names, addresses, business hours, notes), asset and equipment data (serial numbers, maintenance records, runtime hours), service records and work history, component and inventory information, photos and documentation

This data is entered and controlled by the Customer. We store and process it to provide the Nordvest Ops platform.

Information We Collect Directly

We collect limited information in the course of operating our service:

  • Demo requests: Name, email, company name, and IP address (for security)
  • Technical data: IP addresses in session logs, browser type, session data for authentication, and application logs for debugging and security
  • Usage data: Features accessed, actions performed, and service records created or modified — used to improve the platform and provide support

How We Use Information

We use information to:

  • Provide, operate, and maintain the Nordvest Ops platform
  • Authenticate users and enforce access controls
  • Process and track service requests and maintenance records
  • Send transactional communications (password resets, system notifications)
  • Monitor security and prevent unauthorized access
  • Improve our services and develop new features
  • Respond to support requests
  • Comply with legal obligations

We do not use Customer data or end-customer data for advertising, profiling, or any purpose unrelated to delivering and improving our service.

Data Isolation and Security

Multi-Tenant Architecture

Each Customer's data is strictly isolated within our platform:

  • All database queries are automatically scoped by tenant ID
  • Users can only access data belonging to their organization
  • Cross-tenant data access is prevented at the database and application levels
  • Administrative access to production data is restricted and logged

Security Measures

We implement industry-standard security practices including:

  • Encrypted password storage using bcrypt
  • HTTPS encryption for all data in transit
  • Encrypted session management
  • Breach detection via Have I Been Pwned (HIBP) integration for passwords
  • Two-factor authentication (2FA) support
  • Minimum 12-character password requirements
  • Regular security monitoring and audit logging

Data Ownership and Portability

Customers own their data. We do not claim any ownership rights over Customer data, Authorized User data, or end-customer data stored in Nordvest Ops.

Customers may:

  • Export their data in a standard, portable format at any time
  • Request deletion of all their data upon termination of their account
  • Access a complete copy of their stored data upon request

Upon contract termination, we will return or delete all Customer data within 30 days of request, except where retention is required by law.

Data Sharing and Disclosure

We do not sell, rent, or trade any information to third parties.

We may share information only in the following limited circumstances:

  • Within the Customer's Organization: Data is accessible to Authorized Users within the same tenant as necessary for collaboration and service delivery
  • Sub-Processors: We use trusted third-party service providers to operate our platform (see Sub-Processors below)
  • Legal Compliance: When required by law, subpoena, or other legal process — we will notify the affected Customer where legally permitted
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, Customer data may be transferred. We will provide advance notice and Customers may choose to terminate and export their data
  • Safety and Security: To protect the rights, property, or safety of Nordvest Ops, our users, or others in cases of imminent harm or fraud

Sub-Processors

We use the following categories of third-party service providers to deliver Nordvest Ops:

Category Purpose
Cloud infrastructure Application hosting and database management
Email delivery Transactional emails (password resets, notifications)
Authentication providers SSO identity verification (when enabled)

A current list of specific sub-processors is available upon request. We will notify Customers before adding new sub-processors that handle Customer data, providing reasonable opportunity to review the change.

Data Retention

We retain information as follows:

  • Active accounts: Data is retained for as long as the Customer's account is active and the service agreement is in effect
  • After termination: Customer data is deleted within 30 days following account termination, except where retention is required for legal or regulatory compliance
  • Backups: Automated backups are retained for disaster recovery purposes and are purged on a rolling schedule
  • Logs: Security and application logs are retained for up to 12 months for debugging and security monitoring

Cookies and Tracking

Nordvest Ops uses only essential cookies to:

  • Maintain authenticated sessions
  • Store user preferences
  • Ensure platform security

We do not use third-party tracking cookies, advertising networks, or behavioral analytics tools.

Single Sign-On (SSO)

If enabled by the Customer, Nordvest Ops supports SSO through Google OAuth (with additional providers planned). When using SSO, we receive basic profile information (name, email) from the identity provider. We do not receive or store SSO passwords. Use of third-party identity providers is governed by their respective privacy policies.

Children's Privacy

Nordvest Ops is a business-to-business application designed for use by compressed air service companies. It is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

Data Processing Location

Nordvest Ops is hosted in the United States. All data processing occurs within the United States. By using our services, Customers consent to the transfer and processing of information in the United States.

Compliance with Applicable Laws

Nordvest Ops is designed for US-based business operations. We comply with applicable US federal and state privacy laws, including the California Consumer Privacy Act (CCPA) where applicable.

For the avoidance of doubt:

  • We do not sell personal information
  • We do not share personal information for cross-context behavioral advertising
  • Customers and their Authorized Users will not be discriminated against for exercising their privacy rights

If our service expands to other jurisdictions, we will update this policy to reflect additional applicable regulations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify Customers via email or in-app notification at least 30 days before material changes take effect
  • Post the revised policy on our website

Continued use of Nordvest Ops after the effective date of changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: support@pad19labs.com Website: https://nordvestops.com

For data access, correction, or deletion requests related to information stored within a Customer's Nordvest Ops account, please contact your organization administrator first. If your organization is unable to resolve your request, contact us at the email above.

← Back to home