Security

Security at Northbeams

Deep inspection that leaves the raw data on the device. Encryption, enterprise identity, and signed logs on top. Here is exactly how it works.

The controls

What protects your data.

On-device inspection
Classification runs on the endpoint. Only labels, counts, severity, and a hashed snippet leave the device. Raw prompts, MCP argument values, and keystrokes never do. No proxy, no MITM certificate, no network change.
Encrypted in transit and at rest
Traffic to monitor.northbeams.com runs over TLS. Customer data is encrypted at rest on Google Cloud.
SSO and SCIM
SAML single sign-on and SCIM provisioning with Okta, Microsoft Entra, Google Workspace, and WorkOS on Enterprise. Joiners and leavers follow your directory.
MDM deployment
Push the extension and the Mac and Windows apps through Microsoft Intune, Jamf, or Kandji. No user setup, no local admin, no certificate to install.
Immutable signed logs
Every AI event lands on an append-only, cryptographically signed log with per-user attribution. The audit trail cannot be edited after the fact.
SIEM streaming
Stream every event into your own SOC. Splunk HEC and Microsoft Sentinel are supported today. Datadog is available on request.
Infrastructure and assurance

Built on Google Cloud, independently penetration-tested.

The product runs on managed cloud infrastructure, and its security is verified by independent penetration testers.

INFRASTRUCTURE
Runs on Google Cloud, with customer data in Firestore and Cloud Storage. Managed backups, regional isolation, and least-privilege service accounts.
ASSURANCE
Independently penetration-tested; findings remediated. A summary is available under NDA. Drata Alliance member.
Running a vendor security review? Email [email protected] and we will put the full security package in front of your reviewer: architecture, pentest summary under NDA, DPA, and the sub-processor list.

Data minimization by design

Northbeams inspects AI activity where it happens, on the device. The browser extension and desktop apps classify prompts and MCP arguments locally. Only category labels, counts, severity, a redacted and hashed snippet, and per-user attribution leave the endpoint. Raw prompt text, MCP argument values, keystrokes, and non-AI browsing never leave it. Because there is no proxy and no man in the middle certificate, we do not decrypt your traffic in the network path, and there is no network change to make.

Encryption

Data in transit to monitor.northbeams.com is protected with TLS 1.2 or higher. Customer data at rest is encrypted with AES-256 on Google Cloud, with keys managed in Google Cloud KMS.

Identity and access

Enterprise customers use SAML single sign-on and SCIM provisioning with Okta, Microsoft Entra, Google Workspace, and WorkOS, so joiners and leavers follow your directory. Inside Northbeams, role-based access controls separate what admins, analysts, and viewers can see and do. Internally, we follow least-privilege access to production systems.

Deployment and the endpoint

Deploy the browser extension and the Mac and Windows apps through the MDM you already run: Microsoft Intune, Jamf, or Kandji. There is no proxy to stand up and no certificate to push. Enforcement actions (block, sandbox, allow, and pause a user's AI access) are reversible from the console with one click.

Logging, monitoring, and streaming

Every AI event lands on an append-only, cryptographically signed log with per-user attribution, so the audit trail cannot be quietly edited after the fact. You can stream those events into your own SOC. Splunk HEC and Microsoft Sentinel are supported today, and Datadog is available on request.

Infrastructure and hosting

The Service runs on Google Cloud, with customer data in Firestore and Cloud Storage. We use managed backups and isolated service accounts. Data is stored in the United States by default, and Enterprise customers can request EU data residency. See our Sub-processors page for the vendors involved and where they operate.

Testing and assurance

The Service has been independently penetration-tested, and the findings were remediated. A summary is available under NDA. Northbeams is a GTIA member and a Drata Alliance member. For how Northbeams helps you meet frameworks such as the EU AI Act, ISO 42001, and SOC 2 for your own audits, see Compliance. For the wider picture, visit our Trust Center.

Reporting a vulnerability

If you believe you have found a security issue, email [email protected] and we will respond. Please give us enough detail to reproduce the issue, and give us reasonable time to fix it before any public disclosure. We follow a coordinated-disclosure practice: report privately, we investigate and remediate, and we credit researchers who work with us in good faith.

See the whole trust picture.

Security, privacy, sub-processors, and compliance, in one place.

Visit the Trust Center Book a demo