Privacy Policy
Last updated: June 25, 2026
1. Who we are
North is an analytics and advertising optimisation dashboard for e-commerce founders, operated by Tamir Levy ("we", "our", "us"). North connects to your Meta Ads account, Shopify store, and Google Analytics 4 property to display performance data in a single dashboard.
Contact: 7tamir@gmail.com
2. What data we access
North accesses the following data on your behalf when you connect each integration:
- Meta Ads: Campaign spend, impressions, clicks, conversions, reach, frequency, creative thumbnails, audience targeting, and ad account structure. We use the Meta Marketing API with your explicit OAuth authorisation.
- Shopify: Order revenue, refunds, customer email addresses (hashed for matching only), product inventory, and fulfilment status. Accessed via Shopify Admin API with your OAuth authorisation.
- Google Analytics 4: Sessions, traffic sources, conversion events, and funnel metrics. Accessed via Google Analytics Data API with your OAuth authorisation.
- Account information: Your email address and name as provided during sign-up via Clerk.
3. How we use your data
- Display your own advertising and revenue performance to you in your North dashboard.
- Compute analytics such as true ROAS, funnel conversion rates, and audience breakdowns.
- Generate AI-assisted recommendations using Claude (Anthropic). Only aggregated metrics — never raw customer data — are sent to the AI model.
- Store historical performance data in Google BigQuery so you can view trends over time.
We do not sell your data, share it with third parties for advertising, or use it to train AI models.
4. Storefront tracking (North Pixel)
When you install North on your Shopify store, we install a lightweight JavaScript file (North Pixel) as a Shopify script tag, and register a Web Pixel extension in Shopify Customer Events. These track visitor behaviour on your storefront to power attribution and analytics.
The pixel operates in two modes based on visitor consent:
- Consented visitors (Path A): A persistent visitor ID is stored in
localStorage(_at_id). Events are tracked and forwarded server-side to Meta Conversions API and GA4. A cart attribute links the session to the purchase for attribution. Legal basis: consent (GDPR Art. 6.1.a / ePrivacy Art. 5.3). - Non-consented visitors (Path B): No cookies, no
localStorage— zero device storage. Our server computes a one-way daily session hash from the visitor's IP and browser headers; the raw IP is discarded immediately and the hash expires at UTC midnight. No data is forwarded to Meta or Google. Legal basis: legitimate interest (GDPR Art. 6.1.f) — aggregate funnel analytics with no device footprint and no third-party sharing. - Events tracked (both paths): Page views, product views, add-to-cart, checkout initiation, and purchases. Each event is sent to our server (
/api/track) and stored in our database. - Order webhook: North registers an
orders/createwebhook to receive order data (order ID, total, email, UTM source) for purchase attribution. Customer emails are used only for matching and are never shared.
North respects Shopify's native _tracking_consent cookie, Pandectes, Cookiebot, and major consent management platforms. Path B session hash rows are deleted automatically after 90 days.
5. Meta Platform data
Data obtained through the Meta Marketing API is used solely to display your own ad account performance within North. We do not use Meta Platform Data to target advertising, build audience profiles, or share data with other advertisers. Our use complies with Meta's Platform Terms and Developer Policies.
6. Data storage and security
Performance data is stored in Google BigQuery (EU region) and a PostgreSQL database hosted on Neon. Access tokens are stored encrypted in our database and are never logged or exposed to other users. All data is scoped to your account — you can only see your own data.
7. Data retention and deletion
You can disconnect any integration at any time from the Settings page. Upon disconnection, your access tokens are deleted immediately. To request full deletion of all stored data, email us at 7tamir@gmail.com and we will delete your data within 30 days.
8. Your rights
Under GDPR and applicable data protection law, you have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at 7tamir@gmail.com.
9. Changes to this policy
We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of North after changes constitutes acceptance of the updated policy.
Tamir Levy · 7tamir@gmail.com