Northwind.AI
Pricing
Log inGet Started
Compliance

Compliance posture and readiness for serious teams.

Designed to support audits and reviews. This page describes our current readiness work; it is not legal or compliance advice, and does not assert certifications we have not earned.

Designed to support, not guarantee.
Readiness in progress

Compliance work is in progress.

We are working through the readiness items needed to support common compliance reviews. Where a control is in place, the page describes what it does. Where readiness is still being built, the page says so. Specific certifications are not claimed unless they have been issued.

How we engage with compliance

Posture you maintain, not a certificate you earn once.

Compliance is treated as a posture: the controls a team operates, the evidence behind them, and the review work that holds them up. Northwind is built to make that posture easier to maintain and easier to present.

Vendor questionnaires

We respond to common questionnaires directly.

SIG, CAIQ, and similar vendor-questionnaire templates can be returned with citations into the security model. Where a question maps to a control we have, we point at it. Where readiness is in progress, we say so plainly.
Policy evidence

Policies and procedures are versioned.

Policy documents are tracked with version history so reviewers can see what was in effect at a given point in time. The audit trail captures attestations and approvals against specific versions, not against a moving target.
Audit support

The platform helps teams gather evidence faster.

When an audit ask arrives, the workspace audit trail and access controls help teams produce the evidence reviewers expect. The work shifts from "rebuild the trail" to "select the relevant slice and hand it off."
SOC 2 readiness

SOC 2 readiness work is in progress.

We are working through the controls that map to SOC 2 Trust Services Criteria. Some are in place today (workspace isolation, audit trail, access scoping); others are part of active readiness work. We do not claim a SOC 2 report unless one has been issued.
GDPR & HIPAA

GDPR and HIPAA-adjacent workflows.

Our PII controls and audit trails are designed to support workflows that operate under GDPR or HIPAA-adjacent obligations. We do not claim certification under either framework. Use this page as a starting point for your compliance review, not as a substitute for legal or compliance advice.
Bring your compliance ask

Send us your standard questionnaire or audit window.

We will respond with where we stand, what is in place, and where active readiness work is heading. We treat compliance reviews as work to do together, not a marketing exercise.