← Northset

Security at Northset

Built to Be Trusted

Northset connects to your engineering systems. Here's how we protect that access.

Request Documentation

Data We Access

GitHub

OAuth read-only access to repositories, pull requests, and commit metadata. We never read file contents or write to your repos.

Jira

OAuth access to sprint data, issue metadata, and assignee information. No modification of your Jira data.

Slack

Bot-level access to designated channels. We analyze message metadata and counts — not message content — to detect sprint communication patterns.

Technical Security

OAuth 2.0 for All Integrations

GitHub, Jira, and Slack all connect via OAuth 2.0. Credentials are stored per organization and isolated from other workspaces.

No Plaintext Credentials

Integration credentials and tokens are never stored in plaintext in code, logs, or version control.

Automated Tests on Every Pull Request

Our test suite runs automatically on every pull request and must pass before code is merged.

Hosted on Render

Infrastructure runs on Render with uptime monitoring.

PostgreSQL Data Store

Customer data is stored in PostgreSQL.

Your Data, Your Control

Retention

We retain workspace data for the duration of your active subscription plus 90 days after cancellation. Full details are in our Privacy Policy.

Deletion

Account owners can request workspace deletion at any time by emailing casey@northset.xyz. Verified requests are completed within 30 days.

Subprocessor Access

Data shared with subprocessors is limited to what is necessary to deliver the service. We do not sell customer data. We do not use workspace data to train AI models.

Request Documentation

Need documentation for a security review? Email us and we'll follow up.

Send Request