North Metric's privacy policy. Read-only Stripe access. No model training on customer data. GDPR and CCPA compliant.
## Key facts
- Stripe data is read-only. North Metric accesses subscriptions, customers, invoices, charges, and lifecycle events. Never payment methods, card numbers, or bank details.
- No model training. Customer data is never used to train AI models. AI processing happens server-side via Supabase Edge Functions to Anthropic, with no training opt-in.
- GDPR and CCPA compliant. Full data subject rights including export, deletion, and rectification. Exercise rights at legal@northmetric.io.
- Sub-processors include Supabase, Anthropic, Stripe, Vercel/Cloudflare, PostHog, GA4, Sentry, and Resend.
- Retention â customer data retained while active; 30-day export window post-termination.
- Data breach notification within 72 hours.
For full terms of service, see /terms.