Your Privacy. Our Responsibility.
Privacy & Data
Security Policy
Effective · Transparent · Compliant
At NorTech, we take your privacy seriously. Every piece of personal information you share with us is treated with confidentiality, care, and respect — backed by industry-leading security standards and ethical business practices.
Section 01
Data Protection & Security Practices
NorTech safeguards all customer data through advanced, continuously updated security measures designed to prevent unauthorized access, misuse, or disclosure. Our data protection framework is built on four core technical pillars.
Advanced Encryption
All customer data — in storage and in transit — is protected by advanced encryption protocols. This ensures that your personal information cannot be intercepted, read, or tampered with during transmission between your device and our systems.
Secure Authentication & Multi-Factor Verification
Account access is protected by secure authentication systems and multi-factor verification where available. This adds a critical layer of security beyond passwords, ensuring that only verified users can access their account data and service history.
Restricted Access Controls
Customer information is accessible only to authorized NorTech personnel with a specific, legitimate need. Access is role-based, logged, and regularly reviewed to prevent unauthorized exposure — internally or externally.
Regular System Audits & Updates
Our security infrastructure is continuously monitored and updated. Regular audits identify vulnerabilities before they can be exploited, and security patches are applied promptly to maintain the integrity of all systems that store or process your data.
Regulatory Compliance
Our data protection practices align with applicable privacy and data protection regulations. NorTech maintains compliance across applicable jurisdictions and updates our practices as regulations evolve.
CCPA
GDPR Aligned
Industry Standards
Continuously Updated
Section 02
Personal Data Usage & Confidentiality
NorTech limits data use strictly to legitimate operational purposes that benefit our customers and ensure quality service delivery. We do not monetize your personal information — ever.
Your Data Is Never Sold or Shared Without Authorization
NorTech does not sell, lease, or share your personal information with any unauthorized third party — ever. Your data belongs to you. We use it only to serve you, not to profit from it through advertising, data brokerage, or any other means.
Permitted Uses of Your Personal Data
Your information is used only for the following operational purposes:
- Service facilitation and appointment scheduling
- Account creation, management, and authentication
- Billing, invoicing, and payment processing
- Customer support, communications, and follow-up
- Quality assurance and service improvement
Access Restricted to Authorized Personnel Only
Only authorized NorTech employees or contracted service providers may access your information — and only under binding confidentiality obligations. Every person with data access has agreed to strict privacy requirements as a condition of their role.
Data Retention & Secure Deletion
NorTech retains personal data only for as long as necessary to fulfill business or legal obligations. Once data is no longer required, it is securely deleted or anonymized — ensuring that your information is not retained indefinitely or used beyond its original purpose.
Section 03
Third-Party & Vendor Compliance
In cases where NorTech partners with third-party vendors or platforms — such as payment processors, communication systems, or logistics partners — we hold them to the same rigorous privacy and security standards we uphold ourselves.
Vendors Must Meet Equal or Higher Security Standards
Every third-party partner integrated into NorTech’s operations must demonstrate equal or higher security and privacy standards before being approved. We do not work with vendors who cannot meet our baseline data protection requirements.
Strict Data Protection Agreements
All vendors and third-party platforms are bound by strict data protection agreements. These contracts define exactly how your information may be used, prohibit unauthorized data sharing, and require compliance with applicable privacy regulations. Violations are grounds for immediate contract termination.
No Partner May Use Your Data for Marketing or Resale
NorTech does not authorize any partner, vendor, or platform to use customer data for marketing campaigns, resale, profiling, or any purpose unrelated to the specific contracted operational need. Your information flows through third parties only where functionally necessary — and nothing more.
Examples of Authorized Third-Party Integrations
Payment processors (to handle billing securely), communication platforms (for appointment reminders and notifications), and logistics coordination tools (for scheduling and dispatch). All governed by binding data protection agreements.
Section 04
User Responsibilities & Platform Security
Data security is a shared responsibility. While NorTech implements robust protections on our end, users play a critical role in maintaining the security of their own accounts and interactions with our platform.
Use Strong, Unique Passwords & Enable MFA
We recommend using a strong, unique password for your NorTech account — one that is not shared with other services. Where multi-factor authentication is available, we strongly encourage enabling it to add an additional layer of account protection.
Keep Login Credentials Private
Never share your NorTech account credentials — including your password, verification codes, or access links — with any unauthorized individual. NorTech staff will never ask you for your password via phone, email, or any other channel.
Report Suspicious Activity Immediately
If you notice any suspicious activity on your account — unauthorized logins, unexpected service changes, or unusual communications — report it to NorTech Support immediately. Early reporting helps us contain potential issues and protect your data before further exposure occurs.
Do Not Misuse the NorTech Platform
Users must refrain from engaging in any activity that could compromise system security, harm other users’ privacy, or violate NorTech’s terms of service. This includes unauthorized access attempts, data scraping, or any actions intended to circumvent security controls.
Noncompliance May Result in Account Suspension
Users who fail to uphold their platform security responsibilities — or who engage in activity that compromises NorTech systems or other users’ privacy — may have their access temporarily suspended or permanently restricted in accordance with our Terms & Conditions.
Section 05
Data Breach Response & Incident Handling
In the unlikely event of a data breach or security incident, NorTech will take immediate and transparent action. Our incident response protocol is structured to minimize exposure, protect affected users, and restore full security as quickly as possible.
Investigation
Upon detection of a potential breach, our security team immediately initiates a full investigation to identify the source, scope, and nature of the incident. No assumptions — only facts-based analysis.
Containment & Mitigation
We take immediate action to contain the breach — isolating affected systems, revoking compromised credentials, and patching vulnerabilities — to stop any further exposure of customer data.
User Notification
Affected users will be notified promptly and transparently, in compliance with all applicable legal notification requirements. You’ll be informed of what happened, what data was involved, and what steps we’re taking on your behalf.
Prevention & Reinforcement
Following resolution, NorTech implements additional safeguards to prevent recurrence. This includes security architecture reviews, updated controls, and — where warranted — third-party security audits to validate our defenses.
Our Commitment
Swift resolution, full accountability, and complete transparency — in every security incident, at every stage. We will never downplay or conceal a data breach that affects our customers.
Section 06
Policy Updates & User Acknowledgment
NorTech may periodically update this policy to reflect improvements in technology, security standards, or regulatory requirements. We are committed to keeping you informed of any meaningful changes.
Significant Changes Will Be Communicated
Any significant updates to this Privacy Policy will be communicated through our platform, customer channels, or via direct notification. Minor clarifications and formatting updates may be made without notice, but substantive changes to how your data is used will always be announced.
Continued Use Constitutes Acknowledgment
By engaging with NorTech’s services or digital platforms, users acknowledge that they have read, understood, and agreed to this Privacy & Data Security Policy. Continued use of NorTech’s services after a policy update constitutes acceptance of the revised terms.
Your Agreement
By using NorTech’s services or digital platforms, you acknowledge that you have read, understood, and agreed to this Privacy & Data Security Policy. If you have questions about any section of this policy, our support team is available to help.
