Last Updated: March 3, 2026
Northstar is intentionally designed with your privacy in mind.
We do not require user accounts.
We do not collect names or email addresses.
We do not store App Store Connect credentials.
We cannot access your App Store Connect account.
We do not proxy your App Store Connect API traffic.
We do not sell data.
We store only one-way cryptographic hashes of license identifiers to validate access.
We use privacy-focused analytics that do not track users across apps or services.
This Privacy Policy describes how Lotus Labs Inc. (“we”, “us”, or “our”) collects, uses, and safeguards information when you use Northstar (the “Application”).
Northstar is a macOS application designed for App Store Optimization. We built it with a deliberate focus on minimizing data collection and reducing centralized risk. This policy explains what information we process, why we process it, and how we protect it.
Northstar is developed and operated by Lotus Labs Inc., a company incorporated in Canada.
Lotus Labs Inc. acts as the data controller for the limited information processed in connection with the Application.
Contact: support@gonorthstar.io
Northstar’s architecture reflects intentional privacy decisions:
• App Store Connect API keys are stored locally in the macOS Keychain.
• API requests are made directly from your device to Apple.
• Our servers do not proxy, relay, or inspect your App Store Connect traffic.
• We do not store user-specific App Store Connect analytics or performance data.
Northstar does not require user accounts and does not collect names, email addresses, passwords, billing addresses, or App Store Connect credentials.
When activating Northstar, your license key and device identifier are converted into one-way cryptographic hashes. The original values cannot be recovered.
This data is used solely to validate license activation limits and prevent abuse.
We use TelemetryDeck to collect privacy-focused, anonymized usage analytics to understand how Northstar is used and to improve the Application.
TelemetryDeck does not use cross-app tracking, fingerprinting, or personal identifiers.
Collected data may include application version, feature usage events, and coarse device information.
TelemetryDeck’s Privacy Policy is available at: https://telemetrydeck.com/privacy
We store general keyword and ranking data derived from publicly available sources. This data is not user-specific and is cached for operational purposes (typically 30–90 days).
Payments and subscription management are handled by Lemon Squeezy (powered by Stripe).
We do not collect credit card information, store billing addresses, or access payment details.
All payment information is processed directly by Lemon Squeezy under their Privacy Policy.
Northstar does not require user accounts, store App Store Connect credentials, proxy API traffic, sell user data, or use user data for AI training.
We do not share your app’s private metadata with other users or competitors.
Any competitor insights or comparison data shown within the Application are derived solely from publicly available App Store information.
We use limited third-party providers including Heroku (hosting), Lemon Squeezy (licensing and payments), Stripe (payment processing), and TelemetryDeck (analytics).
Under applicable data protection laws, including the GDPR and UK GDPR, users in the EEA and UK may have certain rights regarding their personal data.
Lawful Basis: We process limited data (hashed license and device identifiers) for performance of a contract and legitimate interests (fraud prevention and license enforcement).
Your Rights: You may have the right to access, correct, delete, restrict, port, or object to processing of your personal data.
International Transfers: Where personal data is transferred outside the EEA or UK, appropriate safeguards are used consistent with applicable law.
Requests may be submitted to support@gonorthstar.io.
A Data Processing Addendum is available upon request for business customers requiring GDPR compliance documentation.
We implement reasonable technical safeguards including HTTPS encryption, local secure storage of API keys, and one-way hashing of identifiers.
Northstar is not intended for individuals under the age of 18.
We may update this Privacy Policy from time to time. Continued use constitutes acceptance of updates.