Privacy Policy — DriveAds | Northstar Selected

Section 01

Who We Are

DriveAds is a self-service advertising platform operated by Northstar, based in South Africa. The platform lets businesses book, manage, and track digital advertisement placements on kiosk screens mounted inside vehicles.

This Privacy Policy explains how we collect, use, store, and share personal information when you use the DriveAds mobile application (iOS and Android) or any related services. By using DriveAds you agree to the practices described in this policy.

Website: northstars.co.za

Section 02

Information We Collect

2.1 Information you provide directly

Account information — full name, email address, profile photo, phone number, business type. Collected at registration and when you update your profile.
Ad content — images you upload for your advertisements. Collected when you create or edit a booking.
Booking details — ad area selections, start/end dates, pricing, and booking status. Collected when you create or manage a booking.
Payment information — payment reference numbers and payment status. Collected when you complete a payment.

Note: We do NOT store credit or debit card numbers. All payment card data is handled directly by Paystack, our payment processor.

2.2 Information collected automatically

Device identifiers — FCM push notification token, used to deliver push notifications to your device.
Crash and diagnostic data — stack traces, app version, device OS version. Used to detect and fix bugs via Firebase Crashlytics.
App Check tokens — device integrity attestation used to verify that requests come from the genuine DriveAds app.
Location data — approximate device location while the app is in use, used to display nearby ad areas on the in-app map. Only requested with your explicit permission.

2.3 Information from third-party sign-in providers

If you sign in using Google or Apple we receive basic profile information (name, email address, and in Google's case a profile photo) from those services. We do not receive your password.

Section 03

How We Use Your Information

We use the information we collect to:

Provide the service — create and manage your account, process ad bookings, handle payments, and display your ads on kiosk screens.
Communicate with you — send booking confirmations, status updates, approval or rejection notices, and important service announcements via push notifications and in-app messages.
Show relevant content on the map — use your location (when permitted) to display ad areas near you.
Improve reliability — use crash reports and diagnostic data to identify and fix bugs.
Prevent fraud and abuse — verify that requests to our servers come from a genuine, unmodified copy of the app (via Firebase App Check).
Comply with legal obligations — retain records as required by law.

We do not sell your personal information. We do not use your data for targeted advertising on other platforms.

Section 04

Service providers

We share data with third-party vendors who help us operate the platform (see Section 5). These vendors are contractually required to process your data only as directed by us and to maintain appropriate security measures.

Legal requirements

We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Northstar, our users, or the public.

Business transfers

If Northstar is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy.

With your consent

We may share your information for purposes not described here with your explicit consent.

Section 05

Third-Party Services

DriveAds uses the following third-party services, each of which has its own privacy policy:

Service	Provider	Privacy Policy
Firebase Authentication	Google LLC	policies.google.com/privacy
Cloud Firestore	Google LLC	policies.google.com/privacy
Firebase Storage	Google LLC	policies.google.com/privacy
Firebase Cloud Messaging	Google LLC	policies.google.com/privacy
Firebase Crashlytics	Google LLC	policies.google.com/privacy
Firebase App Check	Google LLC	policies.google.com/privacy
Google Sign-In	Google LLC	policies.google.com/privacy
Google Maps SDK	Google LLC	maps.google.com/help/terms_maps
Sign in with Apple	Apple Inc.	apple.com/legal/privacy
Paystack	Paystack Inc.	paystack.com/privacy

All Firebase services store data on Google's infrastructure. For users in South Africa, data may be stored on servers located outside South Africa. By using DriveAds you consent to this cross-border transfer under the protections provided by Google's standard contractual clauses.

Section 06

Data Retention

Data Type	Retention Period
Account and profile information	Until account deletion, plus up to 30 days for backup clearance
Booking records	5 years from booking completion
Ad images	Until booking or account is deleted
Push notification tokens	Until app is uninstalled or permission is revoked
Crash and diagnostic data	90 days (Firebase Crashlytics default)
In-app messages	Until deleted by user or account deletion

To request deletion of your account and data, contact us using the details in Section 11.

Section 07

Security

We implement the following security measures:

All data is transmitted over encrypted HTTPS/TLS connections.
Firebase Security Rules restrict every database and storage path to authorised users only — no user can access another user's data.
Sensitive operations (credit mutations, admin role assignment, booking approvals) are performed exclusively through server-side Cloud Functions — no client can manipulate these values directly.
Firebase App Check verifies that requests originate from the genuine DriveAds app.
Payment card data never touches our servers — it is handled entirely by Paystack's PCI-compliant infrastructure.

No method of transmission or storage is 100% secure. If you become aware of a security issue, please notify us immediately at privacy@northstars.co.za.

Section 08

Your Rights

Depending on your location you may have the following rights. Contact us at privacy@northstars.co.za to exercise any of them.

Access — request a copy of the personal data we hold about you.
Correction — ask us to correct inaccurate or incomplete data. You can also update most profile information directly in the app under Settings → Profile.
Deletion — request that we delete your account and personal data.
Portability — request your data in a machine-readable format.
Objection / restriction — object to or request restriction of certain processing activities.
Withdraw consent — where processing is based on consent (e.g. location access), you can withdraw at any time via your device settings. This does not affect the lawfulness of prior processing.

South African users have rights under the Protection of Personal Information Act (POPIA). If you believe we have not handled your data lawfully, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

Section 09

Children's Privacy

DriveAds is intended for business users and is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Section 10

Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes we will:

Update the "Last updated" date at the top of this document.
Notify you via an in-app notification or email where required by law.

Your continued use of DriveAds after changes take effect constitutes your acceptance of the updated policy.

Section 11

Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy, please contact us. We will respond to your request within 30 days.

DriveAds — Privacy Policy