Security
Trust is the product.
Every answer Noah returns shows its work — the tools it used, the sources behind them, the confidence it had in the result. The security posture below is how we keep that promise.
Foundations
How the product is built.
Read-only by design
Noah only reads from your systems. There is no write path. Every connection is scoped to specific tables, schemas, or API endpoints chosen by your administrator — never blanket database access.
Encryption everywhere
All data at rest is encrypted with AES-256. All data in transit is TLS 1.3 only — plain HTTP redirects to HTTPS at the edge. Connection credentials live in a managed secrets vault, never in application code or logs.
Sources on every answer
Every answer Noah returns shows the exact tools invoked, the parameters used, the data sources behind them, and the time each source was last synced. No black box.
Tool-level access control
Permission in Noah is the tool, not the source. A Marketing analyst can be granted the campaign-ROI tool without being granted any other Finance tools that share the same database. Enforced at the invocation layer, not the UI.
Immutable audit log
Every query, every flagged answer, every admin action, every export — all logged. Logs are immutable, exportable as CSV, retained 12 months on the default plan, longer in enterprise contracts.
SOC 2 readiness from day one
Built from the ground up for SOC 2 Type I controls: access controls, change management, monitoring, incident response, vendor management. SOC 2 Type II is a year-2 goal.
Operations
How we run it.
Zero-retention LLM contracts
The model providers Noah uses are under zero-retention agreements — customer content is not retained beyond the response window and is not used to train any model.
Sensitive-data redaction
Configurable per workspace. Admins can mark fields as sensitive (PII, salary, financial PII) and Noah will redact those fields from answers and exports unless the asking user has explicit permission.
Single sign-on
Google Workspace and Microsoft Entra. Magic-link is supported but disabled by default once SSO is configured. Sessions expire after 30 days on trusted devices, 24 hours on new devices, with “sign out everywhere” available.
IP allowlisting
Restrict workspace access to specified IP ranges — corporate VPN, office networks, named CIDR blocks. Configurable per workspace.
Data residency
Default deployment is cloud-hosted. Customers with strict residency requirements (Middle East data localization, EU-only processing) can elect a VPC or self-hosted deployment as a separate contract tier.
Subprocessors
A short list of vetted subprocessors: cloud infrastructure, transactional email, model providers. Each is bound by data-protection terms equivalent to our DPA. Customers receive 30 days’ notice before any new subprocessor is added.
Reach us
Reporting a vulnerability.
If you believe you’ve found a security issue in Noah, please email hello@noah.enpointe.io with a clear description and steps to reproduce. We acknowledge within one business day and work with you on a coordinated disclosure. We do not pursue legal action against good-faith researchers operating under this policy.