Compliance & Evidence

The Trust Center

Last updated 2026-07-13

When your own security team vets Northbeams as a vendor, the Trust dashboard is the answer. Open Evidence, then Trust. It gathers everything a reviewer asks for in one place, as "what auditors and procurement will see when they ask about your workspace."

The Trust dashboard under Evidence: a data-handling summary, links to every compliance framework, a retention table, and the sub-processor list.

What it holds

  • Data-handling summary. A plain-English account of what an auditor will see: what leaves the device, where data is stored, and how the signed audit log is tamper-evident.
  • Compliance frameworks. One-click into readiness and signed Evidence Packs for ISO 42001, the EU AI Act, NIST AI RMF, and SOC 2.
  • Data retention. Per-event-type retention (browser incidents, MCP and LLM events, the policy audit log), enforced by Firestore TTL, which the workspace owner can extend.
  • Sub-processors. The third parties Northbeams relies on, and what each one does.

Share the Trust dashboard when a prospect's or your own security team runs their vendor review, so the answer to "is this safe to use?" is a page, not a back-and-forth.