Northpoint
Talk to us
Security & privacy

Private and secure,
by construction.

Every Northpoint feature has to pass one test: can it be described as "private and secure" to a compliance officer at an enterprise buyer? The product is built around that line.

Talk to securityTrust layer
Compliance by construction

The product hands an auditor a signed packet, not a screenshot.

BYO key default

Your model. Your endpoint. Your bill. We never proxy your bytes by default.

Deterministic where it matters

The audit chain records deterministic actions. LLM calls live alongside, as advisory traces.

Eight controls.

Each is non-negotiable. Each shows up in the product before it shows up in marketing.

BYO key by default

Customers route through their own Anthropic / OpenAI / Bedrock / Vertex / Azure OpenAI endpoint. Northpoint never proxies your bytes through our infrastructure unless you explicitly opt in.

PII redaction before LLM send

Schemas, distributions, and redacted samples ok; raw rows require explicit per-call consent. We index schemas — not raw cell values.

Audit every call

Prompt fingerprint (sha256), model id, token cost, response fingerprint, decision id. Logged alongside the deterministic actions they advise.

Tenant isolation, default-deny

RAG indexes are organization-scoped. Tenant scoping is the first WHERE clause. Per-tenant worker isolation available for BYO-key tenants.

On-device embedding option

High-security customers who can't send anything to a cloud model run all-MiniLM-L6-v2 in a sidecar process. The semantic index stays local.

Signed evidence packets

Every break investigation, every recon run, every agent proposal carries the lineage hash chain at the moment it was produced. Production deployments sign with the customer's ED25519 key.

Operator-guarded, always

Agents propose, humans accept. A proposal never mutates state without an explicit operator click. LLM calls are advisory traces, not actions.

Purge on request

Tenant data is purgable. Lineage rows, embeddings, audit traces — removable on a documented procedure. The deletion record itself enters the audit trail.

PII redaction flow

One LLM call,
seven verifiable steps.

Every copilot follows the same arc. Whatever leaves the box is in the audit trail, with a sha256 fingerprint of the prompt and the response.

  1. 1
    Operator action
    Operator triggers a copilot — e.g. 'explain this finding'.
  2. 2
    Context assembly
    Northpoint reads lineage, profile, similar incidents — all locally.
  3. 3
    PII redaction
    Cell values pass through the redaction filter. Schemas + distributions + redacted samples remain.
  4. 4
    BYO-key send
    Request is routed through the customer's LLM endpoint, with a per-call audit row written.
  5. 5
    Proposal
    LLM returns a structured proposal. Northpoint validates against the rule catalogue.
  6. 6
    Operator review
    Operator sees the proposal with citations; one click accepts as a deterministic action.
  7. 7
    Audit row
    The deterministic action enters the hash chain. The LLM call is logged as an advisory trace alongside.
Deployment options

Three deployment modes.

Customers pick the model that fits their compliance envelope. The product is identical across modes; only the boundaries move.

Northpoint Cloud

Hosted by us. Your data in your tenant; per-org keys; tenant-scoped RAG; audit log shipped to your S3 / GCS / Azure Blob.

Customer Cloud

Deployed into your VPC. Your network boundary; we manage upgrades over a control-plane that has zero data-plane access.

Air-gapped

On-prem deployment. On-device embedding model; no outbound LLM by default; BYO LLM endpoint inside your perimeter.

Send your security questionnaire.

We’ll respond with the answers, the artifacts, and the diagrams your compliance team needs.

Talk to security