Privacy Policy
1. Introduction
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the GOPulse mobile application ("App"). GOPulse is developed and operated by NorthStack Labs Inc., based in Ontario, Canada. By creating an account or using the App, you consent to the collection and use of your information as described in this policy. If you do not agree, please do not use the App.
2. Information We Collect
We collect the following categories of information: Account Information • Email address (required for account creation). • Display name (optional, provided by you or automatically populated from your Apple or Google account during sign-in). • Authentication provider details: if you sign in with Apple or Google, we receive a unique identifier and your name/email as authorized by you during sign-in. We do not receive or store your Apple ID or Google account password. User-Generated Data • Saved journeys (departure and arrival stations, labels, default preferences). • Departure reminders (times, days, buffer settings, labels). • Notification preferences and settings. • Theme preferences (light/dark mode). Device & Technical Data • Push notification tokens used to deliver departure reminders and service alerts. • Device platform (iOS or Android). • Basic device and app information (device model, OS version, app version) for crash diagnostics. • Anonymized crash logs and error data (no personal identifiers such as email or name are included). Location Data • Approximate GPS location (only when you grant location permission) to show nearby stations and live train positions on the map. Location data is processed in real-time and is not stored on our servers. Subscription & Purchase Data • Subscription status, entitlement information, trial status, and renewal dates are managed by a third-party subscription service. We do not directly collect or store your payment card details. All payment processing is handled by Apple (App Store) or Google (Play Store).
3. How We Use Your Information
We use the information we collect for the following purposes: • To provide and operate the App's features, including train tracking, journey planning, departure reminders, and service alerts. • To authenticate your identity and maintain your account. • To send push notifications for departure reminders and transit disruptions based on your preferences. • To manage your subscription and verify premium feature access. • To identify, diagnose, and fix technical issues, crashes, and bugs. • To improve App performance and user experience. • To communicate important updates about the App or these policies. We do not sell, rent, trade, or share your personal information with third parties for advertising or marketing purposes. We do not use your data for profiling or automated decision-making. We do not track you across other apps or websites.
4. Third-Party Services & Data Sharing
The App uses third-party services to operate. Each service may process certain data according to its own privacy policy. We ensure that these third parties provide appropriate protection of your data. • Cloud infrastructure: Provides authentication, database, and real-time services. Stores your account information, saved journeys, reminders, and device tokens. • Push notification services: Platform-standard notification delivery (Apple and Google). Data shared: device token, notification payload. • Google Maps: Provides map display and location-based features. Data shared: GPS coordinates (when location permission is granted). • Subscription management: Manages subscriptions and in-app purchases. Data shared: anonymous user ID, subscription status, device platform. • Crash reporting: Monitors errors and crashes. Data shared: anonymized crash data, device model, OS version, app version. No personal identifiers are sent. • Transit data: Schedule, real-time position, and service alert data is retrieved from publicly available transit APIs. No user data is sent to these services.
5. Data Storage & Security
Your account data is stored securely on our cloud infrastructure with database-level access controls that ensure you can only access your own data. All data transmitted between the App and our servers is encrypted in transit. On your device: • Authentication tokens are stored in your device's secure keychain (Keychain on iOS, encrypted storage on Android). • Non-sensitive preferences (such as theme mode) are stored locally on your device. • Cached transit data (stations, schedules) may be stored locally for offline access. We take reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security. Breach Notification In the event of a data breach involving your personal information that creates a real risk of significant harm, we will notify affected users via email and in-app notification without unreasonable delay. We will also report the breach to the Office of the Privacy Commissioner of Canada as required under the Personal Information Protection and Electronic Documents Act (PIPEDA). Our notification will include the nature of the breach, the types of information involved, and steps you can take to protect yourself.
6. Data Retention & Deletion
We retain your account data for as long as your account is active and as needed to provide the App's services. Account deletion: You may delete your account at any time from the App's settings screen. When you delete your account, the following data is permanently and irreversibly deleted from our servers via cascading deletion: • Your profile (email, display name) • All saved journeys • All departure reminders and notification history • All registered device tokens • All notification preferences After account deletion: • Anonymous crash logs and diagnostic data may be retained by our third-party services for a limited period. • Anonymized subscription transaction records may be retained as required by Apple and Google for refund and dispute purposes. • Data cached locally on your device is cleared when you uninstall the App.
7. Your Rights
Under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy laws, you have the right to: • Access: Request a copy of the personal information we hold about you. • Correction: Request correction of inaccurate or incomplete information. • Deletion: Delete your account and all associated data directly in the App (Settings > Account), or request deletion by contacting us. • Withdraw consent: Revoke consent for data processing at any time by deleting your account. • Restrict processing: Request that we limit how we use your data. To exercise any of these rights, you may: 1. Use the in-app account deletion feature for immediate data removal. 2. Email us at gopulse@northstacklabs.ca with your request. We will respond within 30 days. You may also disable specific data collection: • Location: Revoke location permission in your device's settings. • Notifications: Disable push notifications in your device's settings or within the App. • Sign-in credentials: Revoke App access via your Apple ID or Google account settings.
8. Tracking & Advertising
GOPulse does not track you across other companies' apps or websites. We do not use advertising identifiers (IDFA or GAID). We do not display third-party advertisements. We do not use any advertising SDKs or participate in any ad networks. We do not share your data with data brokers.
9. Do Not Track & App Tracking Transparency
GOPulse does not track you across third-party apps or websites. Because we do not engage in tracking as defined by Apple, the App does not request the App Tracking Transparency (ATT) prompt on iOS. We do not use advertising identifiers, fingerprinting, or any other cross-app or cross-site tracking technology. Your experience with GOPulse is the same regardless of any Do Not Track or tracking protection settings on your device.
10. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to promptly delete that information from our servers. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at gopulse@northstacklabs.ca.
11. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include: • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you. • Right to Delete: You may request deletion of your personal information. You can do this directly by deleting your account in the App, or by contacting us. • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information as defined by the CCPA/CPRA. • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA. To exercise any of these rights, please contact us at gopulse@northstacklabs.ca. You may also designate an authorized agent to submit a request on your behalf, provided the agent has your written authorization.
12. International Data Transfers
Your data may be processed and stored on servers located outside of Canada, including the United States, depending on the infrastructure of our third-party service providers. By using the App, you consent to the transfer of your information to these locations. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable privacy laws.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where practicable, by providing notice through the App. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy. If you do not agree with the updated policy, you should stop using the App and delete your account.
14. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at gopulse@northstacklabs.ca.