User Agreement & Privacy Policy

Northern Light Group LLC, its subsidiaries and affiliates (collectively, “Northern Light”), is committed to keeping any and all personal information collected from individuals who visit Northern Light websites (including by way of example and not by limitation, northernlight.com, discovery.northernlight.com, engage.northernlight.com, and singlepoint.northernlight.com), together with any other websites or online services operated by Northern Light that reference or link to this Privacy Policy (collectively, “the Site”), accurate, confidential, secure, and private. This Privacy Policy has been designed and created to ensure those affiliated with Northern Light of our commitment and realization of our obligation to meet and, where possible, exceed existing privacy standards.

Northern Light complies with various Data Protection and Privacy Legislations across the United States, including, but not limited to:

• the California Consumer Privacy Act (CCPA)
  
• the Colorado Privacy Act (CPA)
• the Connecticut Data Privacy Act (CTDPA)
• the Delaware Personal Data Privacy Act (DPDPA)
• the Iowa Consumer Data Protection Act (ICDPA)
• the Nebraska Data Privacy Act (NDPA)
• the New Hampshire Privacy Act (NHPA)
• the New Jersey Data Privacy Act (NJDPA)
• the Maryland Online Data Privacy Act (MODPA)
• the Minnesota Consumer Data Privacy Act (MCDPA)
• the Tennessee Information Protection Act (TIPA)
• the Virginia Consumer Data Protection Act (VCDPA)
• the Utah Consumer Privacy Act (UCPA).

Northern Light continues to monitor and incorporate, if appropriate, requirements from emerging or amended U.S. state privacy laws to maintain compliance across its operations.

Northern Light complies with various Data Protection and Privacy Legislations around the world, including but not limited to:

• the General Data Protection Regulation (GDPR) in the European Economic Area
  
• the New Federal Act on Data Protection (nFADP) in Switzerland
• the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in United Kingdom
• the Personal Information Protection and Electronic Document Act (PIPEDA) in Canada
• the General Personal Data Protection Law (LGPD) in Brazil

In this policy document, all applicable U.S. state and global data protection laws are collectively referred to as "Data Protection and Privacy Legislations".

Northern Light complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Northern Light has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Northern Light has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the policies in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

This Privacy Policy shall apply to Northern Light, and shall govern, all data collection, processing, and use. By using or registering to use the Site, you consent to the following data practices expressed within this Privacy Policy.

This Privacy Policy describes the types of data we collect and how we collect and process it, as well as how we use, and disclose your information, including personal information, in conjunction with your access to and use of the Site, products, and services.

Northern Light has a legitimate interest in running a successful and efficient business and in providing you with the Site and useful content, and therefore collects information for the following purposes:

• to provide services, useful content, and applications
• to understand how users navigate the Site and use our services
  
• to offer improvements and technical support
  
• to diagnose problems with our Site and our services.
  
• to measure the effectiveness of marketing activities, understand business interest in our products and services, and support account-based marketing initiatives. 
  

Northern Light limits the personal information it collects to what is relevant and necessary for the purposes of providing, operating, and improving the Site, products, and services. The collection and processing of marketing-related information apply to Northern Light's marketing website (northernlight.com and its public subdomains) and the activities of visitors to those sites. It does not apply to authenticated users of Northern Light SinglePoint customer portals, whose information is processed under the contractual terms between Northern Light and the customer organization, and not for Northern Light's own marketing purposes.

There are two general categories of information we collect:

We require and collect the following personal information about you when you use certain functions of the Site. In some cases, this information is necessary because, without it, we may not be able to provide you with all features or services offered by the Site.

• Account Information. If you choose to register for an account at the Site, we require personal information such as your first name, last name, email address, phone number, and the password you choose.
  
• Communications with Northern Light. When you communicate with Northern Light, we collect information about your communication and any information you choose to provide.

If you wish to use the Site, we require the aforementioned information. If you do not want to provide this information, you should not use the Site or, if you do, you should not use functions that require an account and you should not send us communications.

When you use the Site, we automatically collect information, including personal information about your use of the Site, the services and content you access, and your interactions with the Site. We collect this information based on our legitimate interest in providing, maintaining, improving, and promoting our products and services.

• Log Data, IP Address, and Device Information. We automatically collect log and device data such as your IP address, operating system, browser type, access dates and times, device identifiers, and details about how you navigate and interact with the Site, including features you use, links you click, documents you access, and the pages you view before or after visiting the Site. We may also collect diagnostic and crash data to help us maintain security and troubleshoot performance issues.
  
• Usage Information. We collect usage information about how you engage with the Site, such as referral source information, campaign attribution information, page engagement metrics, search queries, content viewed, and other interactions with Site content and functionality. This helps us understand user behavior, measure marketing effectiveness, and improve the Site’s functionality.
• Cookies and Similar Technologies. The Site uses cookies and similar technologies, including pixels and web beacons, to support core features, remember user preferences, understand usage patterns, and enhance performance. We may also allow certain service providers or business partners to use these technologies on our behalf. Certain cookies are necessary for the Site to function and cannot be disabled. Analytics and marketing technologies are activated only after you provide consent through our cookie preference center.
• Business and Organization Information. Subject to your cookie preferences and where permitted by applicable law, we may infer information about the business organization associated with a visit to the Site based on information collected through cookies and similar technologies.

We process, store, and use information, including personal information, about you for the purposes described below and to comply with our legal obligations.

• Provide, operate, protect, and improve the Site and overall user experience, including by performing analytics and conducting research.
  
• Enable you to access and use the Site.
• Enable you to communicate with other users and customers.
• Provide customer service.
• Send you service or support messages, updates, security alerts, and account notifications.
• Measure the effectiveness of marketing campaigns, support account-based marketing activities, better understand business interest in our products and services, and provide more relevant business-to-business marketing communications.
• Send you promotional messages and other information that may be of interest to you based on your preferences and interactions with the Site (including information about Northern Light or business partners).
• Detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
• Conduct security investigations and risk assessments.
• Verify or authenticate information provided by you.
• Conduct checks against databases and other information sources, to the extent permitted by applicable laws.
• Resolve any disputes with users or customers and enforce our agreements with third parties.
• Enforce our User Agreement and other policies.

We process this information given our legitimate interest and legal obligation to protect the Site, to measure the adequate performance of our contract with you, and to comply with applicable laws. Northern Light may process your information if it is necessary for legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Northern Light discloses information, including personal information, only as described in this section and only to the extent necessary for the purposes of providing, operating, protecting, and improving the Site and services, facilitating sales and marketing activities, complying with our legal obligations, or as otherwise permitted or required by applicable law. Northern Light limits such disclosures to information that is relevant and necessary for these purposes.

• Consent. Where you have provided consent, we process and disclose your information, including personal information, as described at the time of consent. Use of the Site is an affirmative consent on your part to collect your personal information as described above.
• Service Providers and Business Tools. We may disclose personal information to third-party service providers that support our business operations, including analytics, marketing, customer-relationship management, and other functions necessary to operate and improve the Site. These providers may process personal information on our behalf and are permitted to use it only as necessary to perform contracted services and comply with applicable laws. Such providers may help us measure marketing effectiveness, support account-based marketing activities, and better understand business interest in our products and services.
• Compliance with Law; Legal Requests; Prevention of Harm; Protection of Our Rights. Northern Light may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) to comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against Northern Light, (iii) to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms of Service or other agreements with our users and customers, or (v) to protect the rights, property or personal safety of Northern Light, its employees, its users, customers or members of the public. Where appropriate, we may notify users and customers about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon Northern Light’s property, its users and customers and the Site. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user or customer about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
• Business Transfers. If Northern Light undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information, in connection with or in contemplation of such transaction (e.g., due diligence).

In the context of an onward transfer, Northern Light has responsibility for the processing of personal information it receives under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and subsequently transfers to a third party acting as an agent on its behalf. Northern Light shall remain liable under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF if its agent processes such personal information in a manner inconsistent with the applicable DPF Principles, unless Northern Light proves that it is not responsible for the event giving rise to the damage.

If Northern Light becomes subject to U.S. Federal Trade Commission (FTC) or a court order based on non-compliance with the DPF Principles, Northern Light shall make public any relevant DPF-related sections of compliance or assessment reports submitted to the FTC, to the extent permitted by applicable confidentiality requirements. The DPF has established a dedicated point of contact for reporting issues of non-compliance. The FTC will give priority consideration to referrals of non-compliance with the DPF Principles and will exchange information regarding such referrals with any appropriate state authorities on a timely basis, subject to existing confidentiality restrictions.

If you have a privacy question, concern, or request, please contact Northern Light at privacy@northernlight.com
‍
Northern Light Privacy Department

450 Artisan Way, Suite 310A
Somerville, MA 02145

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at:
https://feedback-form.truste.com/watchdog/request.

Northern Light and our independent recourse mechanism provider, TRUSTe (a TrustArc company), will respond promptly to inquiries and requests for information relating to the DPF.

If neither Northern Light nor our dispute resolution provider resolves your complaint, you may, under certain conditions, have the possibility to invoke binding arbitration under the “Recourse, Enforcement, and Liability” Principle and Annex I of the Data Privacy Framework. For more information on this option, please see Annex I of the Data Privacy Framework Principles.

You may exercise any of the rights described in this section by sending an email to privacy@northernlight.com.
Please note that we may ask you to verify your identity before taking further action on your request.

• Managing Your Information.  If you have created an Account, you may access and update certain information through your Account settings. You are responsible for keeping your personal information up to date.
• Rectification of Inaccurate or Incomplete Information. You have the right to ask us to correct inaccurate or incomplete personal information concerning you (to the extent you cannot update it yourself via your Account).
• Data Access and Portability. Depending on your jurisdictions, you may have the right to request access to the personal information we hold about you. You may also have the right to request a copy of personal information you provided to us in a structured, commonly used, and machine-readable format, and/or request that we transmit that information to another service provider where technically feasible.
• Data Retention and Erasure.  We generally retain your personal information for as long as necessary to provide the Site, perform our services, and comply with our legal obligations. We may retain data for longer periods for legitimate business purposes such as improving the Site, maintaining security, or meeting audit and compliance requirements. If you no longer want us to use your personal information, you may request that we erase it and close your Account. 
  
  Please note that if you request erasure, the following may apply:

• We may retain certain information as necessary for our legitimate business interests, including fraud detection, prevention, and maintaining safety. For example, if we suspend an account for fraud or safety reasons, we may retain certain information from that account to prevent that user from opening a new account in the future.
• We may retain and use your personal information to the extent necessary to comply with our legal obligations, such as tax, accounting, reporting and audit requirements.
• Information you have shared with others (for example, forum or community postings) may remain publicly visible on the Site, even after your account is closed. However, attribution of such information to you will be removed. Additionally, some copies of your information (such as log records) may remain in our systems but will be disassociated from personal identifiers.
• Because we maintain redundant systems to protect against accidental or malicious loss, residual copies of your personal information may remain in our backup systems for a limited period before being deleted.

• Withdrawing Consent and Restriction of Processing.  Where you have expressly provided your consent to our processing of your personal information, you may withdraw your consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. In certain jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing and verification is pending as to whether Northern Light’s legitimate grounds override your own.
• Objection to Processing. In some jurisdictions, applicable law may permit you to legally object to Northern Light’s processing of your personal information. In particular where such processing is based on legitimate interest. If you object, Northern Light will stop processing your personal information for these purposes unless we can demonstrate compelling legitimate grounds or the processing is required for the establishment, exercise, or defense of legal claims. You may, at any time and regardless of applicable law, object to our processing of your personal information for direct marketing purposes by emailing privacy@northernlight.com, and we will cease such processing.
• Lodging Complaints. With respect to Data Protection and Privacy Legislations, you have the right to submit complaints about the data processing activities carried out by Northern Light to the appropriate supervisory authority in your jurisdiction.  Please seek your own legal counsel or consult the appropriate government agency for instructions.  For complaints unrelated to Data Protection and Privacy Legislations, nothing in this Privacy Policy is intended to limit your right to file a complaint in the appropriate jurisdiction.

In compliance with the Data Protection and Privacy Legislations and the Data Privacy Framework Principles, Northern Light is committed to resolving complaints regarding our collection or use of your personal information.  See the “Data Privacy Compliance Inquiries and Complaints” section for more details.

To facilitate our global operations, Northern Light may transfer, store, and process your information within our organization and facilities, as well as with third-party service providers located in countries outside your country of residence. These service providers may support functions such as hosting the Site, storing data, providing analytics, or delivering operational and communication services. The laws in these countries may differ from those applicable in your jurisdiction. For example, information collected within the European Economic Area (EEA), Switzerland, or the United Kingdom may be transferred, stored, and processed outside of those regions for the purposes described in this Privacy Policy. Where we transfer, store, and process your personal information outside of the EEA, Switzerland, or the United Kingdom, we implement appropriate safeguards to ensure an adequate level of data protection, consistent with applicable data-transfer requirements.

• EU Standard Contractual Clauses.  If your information is shared with corporate affiliates or third-party companies or service providers outside the EEA, we will do so only where we have a reasonable basis for believing that the recipient ensures an adequate level of data protection. Such transfers may be based on the European Commission’s Standard Contractual Clauses or other applicable transfer mechanisms.
• U.S. State Privacy Rights (including California). Various U.S. state privacy laws grant residents certain rights regarding their personal information. Depending on your state of residence, you may request information about how we collect, use, or disclose your personal information; request access, correction, or deletion of your data; or opt out of certain processing activities. California law additionally permits California residents to request, once per year and free of charge, a list of the third parties to whom we disclosed their personal information (if any) for those parties’ direct marketing purposes in the prior calendar year, along with the categories of personal information disclosed. See the “Contact Us” section for instructions. Northern Light does not disclose personal information to third parties for their own direct marketing purposes without your prior consent, and you may prevent such disclosures by withholding consent.

We continuously implement and update administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use include firewalls, data encryption, and access controls. If you know or have reason to believe that your Account credentials have been lost, stolen, misappropriated, or otherwise compromised, or if you notice any actual or suspected unauthorized use of your Account, please contact us following the instructions in the Contact Us section below.

All users and visitors to the Site have the option to discontinue receiving communication from us and may choose to stop receiving emails or newsletters at any time. To discontinue or unsubscribe to the Site please send an email requesting to unsubscribe to unsubscribe@northernlight.com.  If you wish to unsubscribe or opt-out from communications sent by any third-party websites, you must visit the specific website to manage your preferences and unsubscribe or opt-out directly with that third party.

The Site may contain links to third-party sites or services, such as third-party integrations, co-branded services, or third-party branded services (“Third-Party Partners”).  Northern Light does not own or control these Third-Party Partners, and when you interact with them, you may be providing information directly to the Third-Party Partner, to Northern Light, or both. These Third-Party Partners may have their own rules about the collection, processing, use, and disclosure of information. We encourage you to review the privacy policies of the sites you visit.

The Site may contain links to affiliate websites and other external websites. Northern Light does not claim nor accept responsibility for any privacy policies, practices and/or procedures of any such external websites. We encourage all users and visitors to be aware when they leave the Site and to review the privacy statements of each and every website that collects personally identifiable information. This Privacy Policy applies only and solely to the information collected by the Site.

Northern Light reserves the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on the Site and update the “Last Updated” date at the top of the policy. If you disagree with the revised Privacy Policy, you may cancel your Account and stop using the Site. If you continue to use the Site after the revised Privacy Policy becomes effective, your continued access to or use of the Site will constitute acceptance of the revised Privacy Policy.

If you have any questions or concerns regarding the Privacy Policy related to the Site, please feel free to contact us using one of the methods below:

Email: privacy@northernlight.com

Mailing Address:
Northern Light Privacy Department

450 Artisan Way, Suite 310A
Somerville, MA 02145

• July 17, 2018
  
• September 20, 2019
• July 21, 2020
• April 13, 2021
• July 6, 2022
• January 1, 2023
• October 9, 2023
• December 15, 2023
• December 20, 2024
• December 3, 2025
• June 25, 2026

Policy Status: Approved

Effective Date: July 17, 2018

Last Updated Date: June 25, 2026