AI Use & Security

Learn more about the security put in place around North Agent our customer's best cloud FinOps assistant.

North Agent Security & Privacy

Overview

At North.Cloud, we understand that security and data privacy are paramount when integrating AI agents into your cloud infrastructure. This document outlines our comprehensive security practices for North Agent, demonstrating our commitment to protecting your sensitive cloud data.

Core Security Principles

Your Data is Never Used for AI Training

We do not train or perform inference on any LLMs, open source or proprietary - using customer data.

  • Customer data is strictly off-limits for model training purposes

  • Your cloud infrastructure data, billing information, and usage patterns remain completely private

  • We never share, sell, or use your data to improve third-party AI models

Complete Data Isolation

Your data never leaves our secure AWS environment:

  • VPN-Protected Infrastructure: All customer data remains within our Virtual Private Cloud (VPC) inside AWS

  • Self-Hosted Models: We use foundational models hosted entirely within our own AWS account, your data never reaches external AI services

  • Zero External Transmission: Customer data is never sent to third-party APIs, external LLM providers, or cloud services outside our controlled environment

Data Separation & Access Control

Physical Data Segregation

Each North Agent deployment is physically isolated from other customers:

  • Dedicated Resources: Every customer's North Agent operates in a completely separate environment

  • No Cross-Customer Access: Technical architecture prevents any possibility of data leakage between customers

  • Isolated Storage: Customer data is stored in dedicated, encrypted databases with strict access boundaries

OAuth-Level Authentication

We implement industry-standard OAuth 2.0 authentication at the agent level:

  • Credential-Based Access: North Agent can only retrieve data that corresponds to your specific login credentials

  • Principle of Least Privilege: Each agent has access only to the resources explicitly authorized by your account

  • Session Management: Secure token-based authentication ensures that only authenticated users can interact with their North Agent

Conversation Storage & Transparency

Why We Store Conversations

To provide you with the best possible experience, we store customer conversations with North Agent. This enables:

  • Improved Response Quality: Learning from interaction patterns helps us refine agent responses

  • Enhanced Context Awareness: Maintaining conversation history allows for more intelligent, contextual assistance

  • Better LLM Effectiveness: Understanding how customers use North Agent helps us optimize prompt engineering and response relevance

Important: Stored conversations are never used to train foundational LLMs only to improve our prompting strategies and response frameworks.

Your Control Over Data Storage

We believe in giving you complete control:

  • Opt-Out Available: If you prefer not to have conversations stored, we can disable this feature for your account

  • Data Deletion: You can request deletion of stored conversation data at any time

  • Transparency: We're happy to discuss exactly what data is stored and how it's used

To disable conversation storage or request data deletion, please contact our support team at [[email protected]] or through your account .

Compliance & Standards

Industry Best Practices

North Agent is built on enterprise-grade security standards:

  • Encryption at Rest: All stored data is encrypted using AES-256 encryption

  • Encryption in Transit: TLS 1.3 for all data transmission

  • Regular Security Audits: Continuous monitoring and third-party security assessments

  • Access Logging: Comprehensive audit trails of all data access and agent activities

Frequently Asked Questions

Q: Does North Agent send my data to OpenAI, Anthropic, or other AI providers?

A: No. We use self-hosted foundational models that run entirely within our AWS infrastructure. Your data never reaches external AI service providers.

Q: Can other North.Cloud customers see my data?

A: No. Each North Agent is physically separated from other customers. Technical safeguards make cross-customer data access impossible.

Q: What happens if I delete my account?

A: All customer data, including stored conversations, is permanently deleted according to our data retention policy. You can also request immediate deletion at any time.

Q: What access does North Agent have?

A: North Agent has the same access as our traditional application.

Q: Do you comply with GDPR, CCPA, and other privacy regulations?

A: Yes. Our data practices are designed to comply with major privacy regulations including GDPR and SOC 2 requirements.

Commitment to Transparency

Security isn't just about technology—it's about trust. We're committed to:

  • Clear Communication: We'll always be transparent about how we handle your data

  • Regular Updates: This documentation is updated as our practices evolve

  • Responsive Support: Questions about security? Our team is here to help

PreviousMFANextRecommended Best Practices

Last updated

Was this helpful?