Northbeams inspects AI activity where it happens, on the device. The browser extension and desktop apps classify prompts and MCP arguments locally. Only category labels, counts, severity, a redacted and hashed snippet, and per-user attribution leave the endpoint. Raw prompt text, MCP argument values, keystrokes, and non-AI browsing never leave it. Because there is no proxy and no man in the middle certificate, we do not decrypt your traffic in the network path, and there is no network change to make.
Data in transit to monitor.northbeams.com is protected with TLS. Customer data at rest is encrypted on Google Cloud. [TODO: confirm with Joe: TLS version floor and key management details for the security whitepaper.]
Enterprise customers use SAML single sign-on and SCIM provisioning with Okta, Microsoft Entra, Google Workspace, and WorkOS, so joiners and leavers follow your directory. Inside Northbeams, role-based access controls separate what admins, analysts, and viewers can see and do. Internally, we follow least-privilege access to production systems.
Deploy the browser extension and the Mac and Windows apps through the MDM you already run: Microsoft Intune, Jamf, or Kandji. There is no proxy to stand up and no certificate to push. Enforcement actions (block, sandbox, allow, and pause a user's AI access) are reversible from the console with one click.
Every AI event lands on an append-only, cryptographically signed log with per-user attribution, so the audit trail cannot be quietly edited after the fact. You can stream those events into your own SOC. Splunk HEC and Microsoft Sentinel are supported today, and Datadog is available on request.
The Service runs on Google Cloud, with customer data in Firestore and Cloud Storage. We use managed backups and isolated service accounts. Enterprise customers can request US or EU data residency. See our Sub-processors page for the vendors involved and where they operate.
An external penetration test has been performed against the Service, and the findings were remediated. Northbeams is in the observation window for SOC 2 Type II, run with Scytale, and is a Drata Alliance member. We are targeting ISO 27001 next (2027 to 2028). For how Northbeams helps you meet frameworks such as the EU AI Act, ISO 42001, and SOC 2 for your own audits, see Compliance. For the wider picture, visit our Trust Center. [TODO: confirm with Joe: penetration-test vendor name and date, and whether a summary letter can be shared under NDA.]
If you believe you have found a security issue, email privacy@northbeams.com and we will respond. Please give us enough detail to reproduce the issue, and give us reasonable time to fix it before any public disclosure. [TODO: confirm with Joe: a dedicated security@ alias and a written disclosure policy.]