No items found.

AI Policy

AI Policy

Version: 1.0
Effective date: March 5, 2026
Review trigger: Any material change to AI infrastructure or data processing practices

Policy Statement

This policy governs how North Cloud Holdings Inc. processes customer data across all Noros products and features (formerly North Agent) and any other context in which large language models interact with customer data. It describes the model infrastructure we use, what data is and is not included in LLM queries, how conversation history is stored and protected, and the rights customers have over that data. This policy applies to all customers using any Noros-powered feature and supplements North's general Privacy Policy.

Scope

This policy covers:

  • Data processing that occurs when a customer submits a query
  • The storage and handling of conversation history
  • The infrastructure and network controls protecting that data

This policy does not cover general platform data handling outside of the AI agent context. For that, refer to the North Privacy Policy.

AI Model & Infrastructure

North’s Noros is powered by AWS Bedrock, Amazon Web Services' managed AI service. The underlying language model is Anthropic's Claude, accessed exclusively through Bedrock's API within North's own AWS infrastructure.

What this means in practice:

  • North uses AWS Bedrock within North’s AWS environment for model inference. The architecture is designed so that LLM query processing remains within North-controlled AWS infrastructure and communicates with Bedrock through private AWS networking.
  • AWS contractually guarantees that data submitted to Bedrock is not used to train, retrain, or improve any foundation model — including Claude. This commitment is part of AWS's standard Bedrock service terms.
  • North does not currently use any external LLM providers outside of Anthropic. There is one model, one provider, and it operates entirely within our infrastructure boundary. If North materially changes the model provider or AI processing architecture described in this policy, this policy will be updated accordingly.

Data Processed During a Query

When a customer submits a query to North Agent, only the following data categories may be included in the prompt sent to the model based on the type of request made:

  • What is stored: The text of queries and responses within a session
  • Where it is stored: Encrypted data tables within North's AWS account
  • Default retention: For the duration of the active account relationship
  • Opt-out: Available on request — contact support@north.cloud
  • Deletion on request: Completed within 48 hours of verified request
  • Account deletion: All conversation data is permanently deleted as part of standard account offboarding

The following data is never included in an AI query:

  • Personally identifiable information: No names, email addresses, phone numbers, or user profile data
  • Authentication credentials: No API keys, tokens, secrets, or passwords
  • Data from other customers: North's architecture is designed to prevent cross-customer data access or inclusion in AI query context

North Agent accesses only the data that corresponds to the authenticated user's account. The agent cannot query, infer, or retrieve data belonging to any other customer.

Data Isolation & Access Control

Each customer's Noros agent operates in a dedicated, isolated execution environment. There is no shared runtime state between customers. Each customer operates in an isolated execution and data access context, with controls intended to prevent one customer’s data from appearing in another customer’s agent session

Access to North Agent is governed by OAuth 2.0 with JWT tokens signed using RS256. Every query is authenticated against the user's session credentials before any data is retrieved. The agent's IAM execution role is scoped to the minimum permissions required — it cannot access resources outside those explicitly authorised for the authenticated user.

Private Network — End to End

Every component involved in processing an AI query operates within the same AWS private network. The container executing the query, the AWS Bedrock endpoint, the  data storage and tables storing conversation history, and any cached data all reside within North's VPC within private subnets with no public IP assignment.

The data path from query to model to storage does not traverse the public internet at any point.

Encryption at Rest

All customer data is encrypted at rest. There are no exceptions.

  • Conversation history is stored with server-side encryption (AWS-managed KMS key)
  • Query results and cached data use SSE-S3 encryption (AWS-managed KMS key)
  • AI container images are encrypted with AES256

No customer data exists unencrypted on disk at any point in the AI data path.

Conversation Storage

North stores conversation history to support session continuity, service operation, troubleshooting, and product improvement. Stored conversations are never used to train or fine-tune any foundation model.

  • What is stored: The text of queries and responses within a session
  • Where it is stored: Encrypted data tables within North's AWS account
  • Default retention: For the duration of the active account relationship
  • Opt-out: Available on request — contact support@north.cloud
  • Deletion on request: Completed within 48 hours of verified reques
  • Account deletion: All conversation data is permanently deleted as part of standard account offboarding

Access to Stored Conversation Data

Access to stored conversation data is restricted to authorised North personnel with a legitimate business need, such as support, security, operations, or troubleshooting, and is governed by role-based access controls and internal access management procedures.

North does not routinely review customer conversations except as needed for support, troubleshooting, security, or service improvement.

Customer Responsibilities

Customers are responsible for the content they make available to North through connected cloud environments, including resource metadata and customer-defined tags. Customers should avoid placing unnecessary sensitive personal data, secrets, or regulated data in fields not intended for such use.

User Rights

Customers have the following rights with respect to data processed by North Agent:

  • Right to opt out of conversation storage at any time
  • Right to request deletion of stored conversation data — fulfilled within 48 hours
  • Right to enquire what conversation data is held for your account
  • Right to account deletion — all associated data, including conversation history, is permanently deleted

To exercise any of these rights, contact support@north.cloud.

Policy Review & Updates

This policy is reviewed whenever material changes are made to North Agent's AI infrastructure, data processing scope, or storage practices. Customers will be notified of material changes by email with a minimum of 30 days' notice before changes take effect.

Contact

Have any questions?

Get in touch with our team to learn about your savings potential or ask us anything you'd like!

Get started
Book a demo
Start saving

Made with care in New York. Serving clients globally.
55 Washington Street, Suite 902, Brooklyn, NY 11201

Join our team
We are hiring
AWS
GCP
FeaturesPricingDocsCompanyBlog & ResourcesNewsroomCustomer storiesVenture Partnerships
Privacy policy
Terms of Service
North.Cloud Promotions: Terms and Conditions
AI Policy
Cookie SettingsMedia Brand KitRelease NotesSecurityEventsStore
AWS partner networkGoogle Cloud Partner
AiCPA American Institute of Certified Public Accountants
© North Cloud Holdings Inc. All rights reserved.