Methodology · Privacy & security
What you upload is used to answer your question and nothing else. This is the account procurement, legal, and security teams ask for — written to be reviewed, not skimmed.
Content isolation
Content you upload is processed only to run your simulation. It is never added to training data for shared or cross-customer models, never pooled with other accounts, and stays isolated to your workspace. Tenant isolation is enforced at the data layer.
The calibration that powers North AI comes from our consented research cohorts — not from customer content. Your material does not make the product smarter for anyone else.
Aggregate-only
Results are aggregate by construction — distributions over audience segments, never individuals. North AI does not build or store individual-level profiles and cannot be used to identify or target a named person.
Security & compliance
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is least-privilege and logged. Our controls are designed against the SOC 2 and GDPR frameworks and continuously monitored through a compliance-automation platform; a SOC 2 Type II report is not yet available. A Data Processing Agreement and current sub-processor list are available for review under NDA.
Your data rights
We support GDPR data-subject workflows — access, portability, and erasure. You can request export or deletion of your workspace data, and we honour deletion requests for data we process on your behalf.
See also our Privacy Policy and data deletion request process.
Security & compliance posture
Controls continuously monitored against SOC 2 and GDPR frameworks.
We can walk procurement, legal, and security teams through our data provenance, controls, and documentation — and onboard a custom cohort if you need one.