Security Architecture: The Zero-Retention Enclave

Executive Summary

Enterprises face a paradox: the need for high-leverage automation versus the risk of data exposure. Northstar solves this with a Zero-Retention Architecture: data is processed in ephemeral memory for the duration of an execution cycle and then scrubbed.

1. Non-Persistence of PII/PHI

• Ephemeral Processing: session data is held in volatile memory for the duration of a workflow execution cycle.
• Memory Erasure: context is explicitly purged on the final state transition.
• Log Sanitization: automated scrubbers prevent PII/PHI from entering application logs.

2. Deterministic Logic vs. Probabilistic Risk

We separate probabilistic extraction from deterministic execution. AI is used for classification and structured extraction; business logic is executed via explicit state-machine transitions and guarded tool calls.

• Boundaries: the model cannot directly execute writes, transactions, or side effects.
• Execution: actions require tool schemas, validations, and (when configured) human approvals.

3. Deployment Topology

1. Shared Multi-tenant: isolated enclaves in our managed infrastructure.
2. Dedicated Enclave: private VPC instance dedicated to a single customer.
3. On-Prem / Hybrid: worker runtime executes inside your network and only calls the state machine core over encrypted tunnels.

4. Compliance Ready

Our architecture is designed to satisfy common enterprise security requirements:

• SOC 2 Type II: auditable controls, logging discipline, and vendor management.
• GDPR: data minimization and right-to-erasure by default.
• HIPAA: BAA-ready deployments available for healthcare-adjacent workflows.