Built for compliance. By design, not by patch.
Most AI tools ask Legal to write a memo. NorthStar puts the controls in the architecture — Trust Levels, DNA Access Control, GDPR by design, and EU AI Act alignment baked into every digital employee.
Four levels. You control them all.
Every digital employee starts at TL0 and moves up only when you decide. Each level is a contract: what the agent does, what you do, and how the EU AI Act sees it.
Reads documents, learns context. No actions executed yet. The agent is observing — not deciding.
You provide materials, validate understanding, and decide when context is sufficient to advance.
Manual promotion by the Role Owner after the agent demonstrates correct understanding on test prompts.
Limitation surfaced explicitly: "Currently in onboarding mode — outputs are advisory and may be incomplete." Meets EU AI Act Article 13 transparency obligations.
Executes tasks. Every output requires explicit human approval before it leaves the system or affects another party.
You approve every output, override anything that drifts, and provide feedback that shapes future outputs.
Promotion when the agent's accuracy meets your threshold AND your team is comfortable spot-checking instead of approving every line.
Human-in-the-loop is mandatory for high-risk use cases (CV scoring, financial scoring, high-stakes drafting). Article 14 oversight obligation met by default.
Executes tasks autonomously within the approved scope. Outputs are delivered; you review at your cadence rather than per-output.
You monitor metrics, audit a sample of outputs, and intervene when patterns drift.
Promotion when the agent has demonstrated stable accuracy and your team has confidence in the autonomous output.
High-risk decisions remain in TL1 even if the agent is in TL2 for other tasks. Trust Level is task-scoped, not agent-scoped.
Full autonomy on the approved task surface. The agent operates independently; you see strategic-level reporting, not individual outputs.
You set strategy, review trends, and adjust the operational guardrails. Emergency override remains one click away.
No further promotion. Demotion is always possible — Role Owner can revert any agent to TL1 instantly if accuracy degrades.
Even at TL3, EU AI Act high-risk classifications (Annex III: hiring, creditworthiness, etc.) keep human-in-the-loop on the decision itself. Autonomy is for the task surface, never for the protected decision.
Not every agent sees every secret.
Company DNA cascades through three levels. What an agent sees depends on the department it serves and the human it answers to — enforced in the database, not in a policy doc.
Public-facing identity: company name, industry, public financials, mission, values, brand voice. Nothing here is confidential by design.
Internal numbers, departmental KPIs, customer lists by segment, channel-specific metrics. Sales sees the pipeline; Finance sees the P&L; HR sees the org chart.
Personal notes, individual targets, confidential strategy drafts, sensitive decisions in progress. Even the Department-level peers don't see these.
The company P&L lives at Department level — Monica (Finance) reads it, Mika (Marketing) does not. The CEO's confidential M&A notes live at Role Owner — only Erika (Shadow CEO) sees them. The mission statement lives at Organization — every agent quotes it.
Agent 1 talks to the team. Agent 2 talks to the owner.
One digital employee runs as two agents under the hood. Interlocutor detection happens at the API level — before any prompt is built — so the wrong context can never reach the wrong audience.
Talks to everyone outside the Role Owner. Sees Organization + Department context only. Never Role-Owner-private data, even if asked directly.
Talks only to the human who owns this role. Has full context — Organization + Department + Role-Owner-private. The space where confidential strategy gets drafted.
Compliance is an architecture choice.
GDPR is not a feature you add later. It is the layer below the application — enforced by the database, audited by default, and visible to your DPO.
Multi-tenant isolation is enforced at the row level via PostgreSQL Row-Level Security policies — not by middleware logic that can be forgotten on a new endpoint. If a query lacks the org scope, the database returns nothing.
Operations that bypass tenant isolation (admin tools, cross-tenant analytics) require the service role key, are written into a single approved code path, and require justification in code reviews.
Every digital employee output records: who triggered it, what context the agent saw, which model produced it, when. Replayable for any DPO inquiry, any candidate review, any board audit.
When an organization or user is deleted, related data is removed via foreign-key cascades — not by a cleanup job that might miss rows. GDPR Article 17 'right to erasure' is mechanically enforced.
High-risk by classification. Mitigated by architecture.
Some of what NorthStar does — CV scoring, decision support around employment and access to services — falls under EU AI Act Annex III. We do not pretend otherwise. We build the mitigations into the system.
NorthStar systems that perform CV screening, candidate ranking, or decision support in recruitment fall under EU AI Act Annex III as high-risk AI systems. We classify them as such, declare them as such, and operate them with the obligations that apply.
CV scoring, candidate ranking, and any decision-support output ships with the disclaimer: "AI-assisted ranking — final decision must be human." Removable only with explicit override that itself gets logged.
Even at TL3 Autonomous, decisions classified as high-risk under Annex III (employment, creditworthiness, access to services) keep a human approval step. Autonomy applies to the task surface, never to the protected decision.
Agents refuse to score, filter, or rank on age, gender, ethnicity, religion, sexual orientation, disability, or other characteristics protected under EU employment law. Noa demonstrates this: ask her to filter by age, she refuses and explains why.
Content that an agent drafts for external publication carries the [AI-ASSISTED] tag in its review version. The publisher chooses the final disclosure level per channel — but the marker is never silently dropped.
Outputs produced when the company has only Mini DNA (3-minute setup) carry a visible flag: this output references partial context. The marker disappears only after Full DNA onboarding completes.
Switching providers is a business decision.
Not a rewrite. Not a migration project. A flag change. The model layer is abstracted from the agent layer — by design, because no model wins forever.
Anthropic, OpenAI, OpenRouter, custom endpoints. The agent picks the model profile that fits the task — cost-sensitive ones go to lighter models, board-prep goes to flagship.
Agent contracts are defined in the prompt template layer — not coupled to any provider's API quirks. Swap the provider, the agent behavior stays.
We send only the prompt + scoped context to the provider, per request. We do not use your data to train any model. We sign DPAs with providers that match what we promise you.
Documentation, on request.
We are preparing the public versions of the documents below. Until they are published, your Legal team can request the current drafts directly.
How we collect, store, and process personal data.
The contract between NorthStar and your organization.
Processing terms for EU data subjects, with sub-processors listed.
Standard DPA for B2B customers; custom DPA on request.
What Legal usually asks.
Direct answers to the questions your DPO, your CFO, and your Legal counsel will ask before you sign.