Trust, security and data governance are part of the product.
This page is maintained by North Bridge Associates to answer common security and privacy questions. It describes current practices and is not an independent certification.

Where and how we deploy.
Data stays where you need it.
Residency
UK and EU residency supported. Regional deployment agreed per engagement.
Deployment
Private cloud, on-prem or client-controlled environments.
Model training
Customer data is not used to train models for other customers.
Retention
Data retention scoped and documented per engagement.
Access control
Role-based access with immutable audit logs.
Voice / call recording
Consent-driven, retention-limited, sensitive-content protections.
No evidence, no release.
Every AI-influenced decision is instrumented so it can be reviewed, released or refused with a reason attached.
Input data, model version and decision path captured.
Governance can block AI actions and record why.
Explicit oversight records on high-impact decisions.
What to expect if something goes wrong.
Security incidents are triaged against defined severity criteria. Affected customers are contacted, remediation is coordinated with customer security teams, and post-incident learning is shared through a structured review.
Safeguarding before monetisation.
ChallengeME follows a child-first data posture across the H2 launch.
Common security questions.
Talk to us about deployment, governance and evidence.
Email security@northbridgeassociates.co.uk or book a call.