Privacy Policy

What we collect, what we don't, and why.

Effective May 18, 2026 (v0.7.0 update) · Northbeams Inc

The short version. Northbeams runs on three surfaces: browser extension, desktop app (Mac and PC), CLI (same desktop app). The browser extension classifies prompts inside the browser; raw prompt text never leaves the device. The desktop apps watch outbound connection metadata and process names; they never see prompt content, keystrokes, or screen contents. Only category labels (e.g., "credentials"), a redacted snippet, and connection/process metadata are sent to your dashboard. We never sell data, never train models on customer data, and never use customer data to improve our classifier.

1. Who we are

Northbeams Inc ("Northbeams", "we", "our") provides Northbeams, a SaaS product that helps organizations discover and govern AI tool use by their employees. This policy explains how we handle information when you visit our website (northbeams.com), use our dashboard (monitor.northbeams.com), install our browser extension, or install our desktop apps for Mac or PC.

2. Information we collect

Marketing site (northbeams.com)

Dashboard (monitor.northbeams.com)

Browser extension

Desktop apps (Northbeams for Mac and Northbeams for PC)

3. How we use your information

4. How we do not use your information

5. Where data is stored. Sub-processors.

Customer data is stored in Google Cloud's Firestore via the Firebase platform, hosted in the United States. The dashboard and the marketing site are served by Vercel through its global edge. Northbeams does not currently offer EU-region hosting; contact us if your contract requires it.

For EU customers: transfers to the United States rely on the Standard Contractual Clauses with each sub-processor below, plus supplementary technical measures (TLS in transit, AES-256 at rest, server-side identity stamping so a client cannot forge user identity in the audit trail).

The full sub-processor list, kept current at /sub-processors, is:

We will email workspace admins at least 30 days before adding a new sub-processor that materially changes how customer data flows.

6. Data retention

The canonical retention schedule is published in docs/data-retention.md. The short version:

Workspace owners can request earlier deletion of any class of customer data by emailing privacy@northbeams.com. We act within 30 days.

7. Your rights

Depending on where you live (e.g., EU/UK GDPR, California CCPA), you may have rights to access, correct, export, or delete the personal information we hold about you. To exercise these rights, email privacy@northbeams.com. We respond within 30 days.

8. Security

Workspace keys (used by the browser extension to authenticate to our backend) are stored only in your local browser via chrome.storage.local. Desktop install tokens are short-lived, signed, and consumed once at first launch; the desktop app then holds a per-device bearer token in the OS keychain (Keychain on Mac, Credential Manager on PC). All bearer tokens live in our backend's secure Firestore collection (admin-SDK access only). All traffic uses TLS. We use Firebase Auth for sign-in and follow Google's recommended security practices.

9. Changes to this policy

We will email customers and update the "Effective" date at the top of this page if we make material changes. Continued use of Northbeams after the effective date constitutes acceptance of the updated policy.

10. Contact

Privacy questions: privacy@northbeams.com
General contact: hello@northbeams.com
Northbeams Inc, 2261 Market Street STE 76418, San Francisco, CA 94114


← Home Support Resources Contact Terms