Privacy Policy North Drive
Last updated: 05/12/2025
1. Introduction
Welcome to North Drive, a service operated by DigitalCrust ("we," "us," or "our"), located in Belgium. We are committed to protecting your personal data and preserving your right to privacy.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://north-drive.com and use our cloud storage services.
As a company based in the European Union, we adhere strictly to the General Data Protection Regulation (GDPR). We believe that your data belongs to you.
Information We Collect
We collect information in three ways: directly from you, automatically through your use of our services, and from third-party sources.
2.1. Information You Provide to Us
• Account Information: When you register via Supabase, we collect your email address, password (hashed), and basic profile details.
• Payment Information: We do not store full credit card numbers on our servers. Transactions are processed by our third-party payment providers (e.g., Stripe), who provide us with a token to facilitate the purchase of your Lifetime Deal or subscription.
• Customer Support Data: Any information you provide when contacting our support team.
2.2. User Content (Your Files)
• File Data: We store the files, photos, documents, and videos you upload to North Drive.
• Encryption Status:
Standard Encryption: By default, files are encrypted in transit and at rest. We hold the keys to manage the service.
Private Encryption (Zero-Knowledge): If you opt for user-managed encryption, we store only the encrypted binary data. We do not possess the decryption keys and cannot access, view, or recover this content under any circumstances.
2.3. Information Collected Automatically
• Usage Data: We use PostHog and Google Analytics to understand how you navigate our platform. This includes your IP address, browser type, device type, pages visited, and timestamps.
• Performance Metrics: Data regarding upload/download speeds and server response times to ensure service stability.
How We Use Your Information
We use your data for specific, limited purposes:
3.1. Providing Cloud Services
To create your account, authenticate your identity via Supabase, store your files, and enable file sharing and synchronization across your devices.
3.2. Improving Our Platform
We analyze usage trends via PostHog and Google Analytics to optimize our landing page (hosted on Framer) and improve the "North Drive" app experience.
3.3. Marketing and Targeted Advertising
We use data trackers to show you relevant advertisements for North Drive on other platforms. We do not sell your personal files or contact details. We only share pseudonymized browsing data (cookies/pixels) with the following advertising partners:
• Meta (Facebook/Instagram)
• TikTok
• X (formerly Twitter)
Note: This tracking is strictly for marketing our own services to you (e.g., retargeting) and does not involve selling your data to data brokers.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
• Essential Cookies: Necessary for Supabase authentication and keeping you logged in.
• Analytics Cookies: Used by Google Analytics and PostHog to report on website traffic.
• Marketing Pixels: We use pixels from Meta, Reddit, TikTok, and X. These allow us to measure the effectiveness of our ads and serve ads to you based on your visit to our landing page.
Cookie Control: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept essential cookies, you may not be able to use the login functionality of North Drive.
Data Sharing and Third-Party Processors
We do not sell, trade, or rent your personal identification information to others. We share data only with the following trusted third-party service providers required to operate our business:
Supabase => Authentication & Database Management => Global/EU
Framer => Website Hosting (Landing Page) => Global
Google Analytics => Website Traffic Analysis =>Global
PostHog => Product Analytics =>Global
Meta, Reddit, TikTok, X => Marketing & Ad Targeting =>Global
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). However, per Section 5.3 of our User Agreement, we will not comply with non-EU foreign data requests unless compelled by a valid EU court order.
6. Data Security and Sovereignty
6.1. Security Measures
We utilize industry-standard security measures, including SSL/TLS encryption for data in transit and AES-256 encryption for data at rest. Access to your account is secured via Supabase authentication.
6.2. EU Infrastructure
Your data is stored on servers located exclusively within the European Union. We prioritize servers powered by green energy and restored hardware to minimize e-waste.
6.3. Zero-Knowledge Promise
If you utilize our "User-Managed Encryption" feature, the privacy of your data is absolute. North Drive has no technical ability to decrypt your files.
Data Retention
• Active Accounts: We retain your personal data and files for as long as your account is active (including Lifetime Deal holders).
• Deleted Accounts: If you delete your account, your data is flagged for deletion and removed from our active servers within 30 days.
• Inactive Free Accounts: We reserve the right to delete free accounts that have been inactive for an extended period (12+ months), typically after providing notice.
International Data Transfers
While our primary servers are in the EU, our third-party processors (like Google or Meta) may process some metadata (not your stored files) in the United States. We ensure that these providers adhere to the EU-US Data Privacy Framework or utilize Standard Contractual Clauses (SCCs) to guarantee GDPR compliance.
Your Data Protection Rights (GDPR)
Under the GDPR, you have the following rights:
Right to Access: You have the right to request copies of your personal data.
Right to Rectification: You have the right to request that we correct any information you believe is inaccurate.
Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data and files.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data.
Right to Object: You have the right to object to our processing of your personal data (specifically regarding our marketing trackers).
Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you.
To exercise these rights, please contact us at the email provided below.
Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will notify you via email or a prominent notice on our service.
12. Contact us
For questions regarding this Agreement, legal notices, or support, please contact us at:
North Drive (DigitalCrust)
Support: support@north-drive.com
