Privacy & data use

What we collect and how it’s used

Last updated: May 5, 2026

Scope of this tool

The NorthStar Assessment is an internal development-and-coaching tool for NorthStar Mortgage Advisors employees and invited candidates. Results are not used as the sole or primary basis for hiring, promotion, compensation, discipline, or termination decisions. They are used for self-awareness, coaching, and team development.

What we collect

  • Account information — your email address (required to sign in), your name if provided, and authentication metadata from Clerk.
  • Assessment responses — your 1–5 rating for each item you answer (up to 140 items: 96 NorthStar 4, 28 Values, and a candidate-only 16-item Mortgage Fit add-on; employees skip the Mortgage Fit block and land at 136).
  • Computed scores — derived NorthStar 4, DISC, type, and values scores.
  • AI narrative — a personalized summary generated from your scores the first time your results are viewed. Cached so it doesn’t regenerate every visit.
  • Timestamps — when you started, when you completed, when you last viewed your results.
  • State of residence (if asked) — used only to apply jurisdiction-specific notices required by AI-in-hiring laws (e.g. NYC LL 144, IL HB 3773, CO AI Act, WA MHMDA).

How we use your data

  • Serve your results to you. Signing in with your email lets you return to view or continue your assessment.
  • Generate your personalized narrative. Your scores (without your name or email) are sent once to Google Gemini to draft the summary; the output is stored and reused on subsequent views.
  • Coaching and development at NorthStar. Authorized NorthStar leadership, managers, and recruiting staff may view individual results to support coaching conversations and hiring processes. Access is limited to NorthStar employees with an operational need; it is not granted to external parties. Authorized administrators may also export a list of assessment records — including name, email, DISC style, and type code — as a CSV file for internal reporting purposes.
  • Send you email notifications. We email you a link to your results when the assessment completes, and we may send invitations or reminders when initiated by a NorthStar manager.

Third-party services

We rely on several external vendors to operate the assessment. Data shared with each is limited to what’s necessary.

  • Clerk — authentication (email address, sign-in events).
  • Supabase — database storage of all assessment data (hosted on AWS, US region).
  • Google Gemini — AI narrative generation. Prompts contain only your numeric scores and a pseudonymous subject identifier; your name and email are not sent.
  • Twilio SendGrid — transactional email delivery (invitations, results-ready notifications).
  • Vercel — application hosting and serverless execution.

Retention

We keep assessment data only as long as it serves a documented coaching or compliance purpose, then delete it.

  • Default: 24 months from the date you last took or viewed an assessment.
  • If you leave NorthStar: 30 days after your last day, unless retention is required by law (e.g. an open EEOC charge) or you ask us in writing to keep coaching records longer.
  • Candidates not hired: 12 months from the date the assessment was completed, then deleted.
  • Active legal hold: if a charge of discrimination, lawsuit, or government inquiry is pending, we retain the relevant records until disposition.

You can request earlier deletion at any time by emailing the address below. We honor deletion requests except where a legal retention obligation overrides them; in that case we’ll tell you why and when the data will be deleted.

Your rights

  • Access. Sign in to see your own assessment results at any time, or email the address below for a machine-readable export.
  • Deletion. Request removal of your account and all associated data via the email below.
  • Correction. Retake the assessment if you feel your previous answers weren’t representative.
  • Opt out of AI narrative generation. Email us and we will deliver your numeric report without the AI-generated summary.
  • Withdraw. You may stop the assessment at any point. Partial responses remain in our system unless you request deletion.

State-specific notices

Several states impose specific obligations on tools that influence employment decisions. Even though NorthStar does not use this tool to make hiring or promotion decisions, we apply the protections below to remove ambiguity.

  • New York City (LL 144): we do not use this assessment as an “automated employment decision tool” for NYC-resident candidates or NYC-located roles in any pre-hire decisional capacity. If that ever changes, an independent bias audit will be commissioned and posted before use.
  • Illinois (HB 3773, eff. 2026-01-01): NorthStar does not use AI to subject Illinois employees or applicants to discrimination, and we do not use ZIP code as a proxy for any protected class.
  • Colorado (AI Act, eff. 2026-06-30): we do not use this tool as a substantial factor in any consequential employment decision affecting Colorado residents.
  • Massachusetts (G.L. c. 149 § 19B): this assessment is not a “lie detector test” and is not used to assess your honesty, truthfulness, or integrity. We do not include any HEXACO Honesty-Humility scale in the item bank.
  • Washington (My Health, My Data Act): inferences about emotional response patterns are restricted to coaching use and are not sold or shared. WA residents are asked for explicit opt-in before any results that could constitute mental-health inferences are generated.
  • California (CCPA / CPRA): employees and applicants are full “consumers” with rights to access, delete, correct, and limit the use of sensitive personal information. Email the address below to exercise these rights.

Mortgage industry context

NorthStar Mortgage Advisors operates under mortgage industry regulations including the Gramm-Leach-Bliley Act (GLBA). This assessment tool is not used to collect or process financial information covered by GLBA — it is strictly a personality and behavioral development instrument, and runs on infrastructure logically separated from any system that handles borrower information. We apply comparable security and access-control standards to the personal data collected here.

Questions

For anything related to your data, contact privacy@northstarlending.com. For questions about the assessment itself, see the About page.