Northwatch Software

Security

Security and vulnerability disclosure information for KB Sentinel.

Security contact

Security issues should reach the product owner directly.

Please report suspected vulnerabilities or security concerns to ahmad@getresolveloop.com with the subject line KB Sentinel security. Avoid sending sensitive secrets or exploit code to public channels.

Disclosure expectations

  • Include impact, reproduction steps, and affected tenant scope.
  • Allow reasonable time for investigation and remediation.
  • Do not access or alter customer data beyond what is necessary to validate the issue.

Current subprocessor set

  • Atlassian Forge
  • OpenAI API when customer AI drafting is enabled
Open subprocessor page

Data handling summary

  • Tenant state is persisted in Atlassian Forge-hosted storage.
  • KB Sentinel stores derived excerpts, findings, drafts, scan history, and score trends rather than full raw knowledge-base bodies.
  • OpenAI is isolated behind a provider adapter and only used for repair drafting when configured.
  • Current launch posture does not claim Runs on Atlassian because model egress can occur.

This page is a launch trust disclosure and will continue to evolve with final Marketplace security documentation.