Privacy Policy

Last updated: December 22, 2024

This Privacy Policy explains how DuNorth, a Delaware limited liability company, d/b/a "DuNorth" ("DuNorth," "we," "us") collects, uses, and shares information when you use our websites, apps, browser extensions, and related services (the "Service").

1. Controller and Contact

DuNorth LLC is the data controller. Address: 16192 Coastal Highway, Lewes, DE 19958. Contact: privacy@dunorth.ai.

2. Information We Collect

• Account Data: Such as name, email, password hash, institution, class schedule, and notification preferences.
• Transactional Data: Such as plan and billing status; payment processing is handled by Stripe and we do not store full card numbers.
• Device and Usage Data: Such as IP address, user agent, operating system, crash logs, timestamps, and limited interaction events needed to trigger notifications.
• Canvas Integration Data: When you connect your Canvas account, we collect your Canvas authentication cookies, course information, assignments, pages, files metadata and extracted text, and announcements via the Canvas REST API.
• Communications: Messages you send to us.
• Consent Records: Including policy versions accepted, timestamp, IP, user agent, and the text shown at sign-up.

3. How We Use Information

• To provide and secure the Service.
• Send notifications you request.
• Process payments and prevent fraud.
• Improve and debug the Service.
• Send product updates and marketing with opt-out options.
• Comply with legal obligations.
• Enforce our Terms.
• Provide AI-powered study features (chat answers, summaries) based on your course content.

4. Chrome Extension

The DuNorth extension is narrowly scoped. It has access to Canvas domains only and uses the cookies permission to read your Canvas sign-in cookie for your Canvas host. It transmits that cookie to your DuNorth account over HTTPS only when you initiate a sync from the DuNorth website. The extension does not scrape pages, track browsing, or share data with third parties.

5. Sharing

We share information with service providers such as hosting, logging, analytics, email or SMS vendors, and Stripe, under contracts that limit their use to our instructions. We may share information with legal or safety recipients where required by law and in connection with a business transfer. We do not sell personal data.

6. International Transfers

If data is transferred outside your region, appropriate safeguards will be used where required, such as the EU Standard Contractual Clauses.

7. Retention

We retain data as long as necessary for the purposes described above and to satisfy legal and accounting requirements. Canvas session information is short-lived and refreshed as needed. Synced course data is retained until you delete it or close your account. Consent logs may be kept longer to prove compliance.

8. Your Choices

Manage account and notification settings at any time. Opt out of marketing emails via the link provided and of SMS by replying STOP. Browser settings can be used to control cookies. You can disconnect or resync your Canvas account, delete specific synced items, or request full account deletion at any time.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, port, or object to or restrict certain processing. To exercise rights, contact privacy@dunorth.ai. You may also lodge a complaint with your local authority.

10. Children

We do not knowingly collect data from children under 13 years old or under the applicable age of digital consent. Do not use the Service if you are under that age.

11. Security

We implement reasonable administrative, technical, and physical safeguards including HTTPS, access controls, and industry-standard protections. No system is perfectly secure.

12. Changes

We may update this Policy. The new date will be posted and, where required, we will seek consent.

13. Contact

DuNorth LLC
16192 Coastal Highway
Lewes, DE 19958
privacy@dunorth.ai