Security at Northset
Built to Be Trusted
Northset connects to your engineering systems. Here's how we protect that access.
Data We Access
GitHub
OAuth read-only access to repositories, pull requests, and commit metadata. We never read file contents or write to your repos.
Jira
OAuth access to sprint data, issue metadata, and assignee information. No modification of your Jira data.
Slack
Bot-level access to designated channels. We analyze message metadata and counts — not message content — to detect sprint communication patterns.
Technical Security
OAuth 2.0 for All Integrations
GitHub, Jira, and Slack all connect via OAuth 2.0. Credentials are stored per organization and isolated from other workspaces.
No Plaintext Credentials
Integration credentials and tokens are never stored in plaintext in code, logs, or version control.
Automated Tests on Every Pull Request
Our test suite runs automatically on every pull request and must pass before code is merged.
Hosted on Render
Infrastructure runs on Render with uptime monitoring.
PostgreSQL Data Store
Customer data is stored in PostgreSQL.
Your Data, Your Control
Retention
We retain workspace data for the duration of your active subscription plus 90 days after cancellation. Full details are in our Privacy Policy.
Deletion
Account owners can request workspace deletion at any time by emailing casey@northset.xyz. Verified requests are completed within 30 days.
Subprocessor Access
Data shared with subprocessors is limited to what is necessary to deliver the service. We do not sell customer data. We do not use workspace data to train AI models.
Request Documentation
Need documentation for a security review? Email us and we'll follow up.
Send Request