Northstar's core workflow is catalog, evidence, and alert review. It does not need customer or order data to deliver value.
Security and trust
Northstar is built to be understandable before it is overbuilt
The product is currently optimized for a private pilot, with a narrow data scope, clear operator actions, and a deployment path that keeps public marketing pages separate from the merchant workspace.
The operator workspace can stay behind basic auth even while the public company site remains openly accessible.
Merchants have clear contact and support routes instead of relying on ad hoc founder messages.
Trust posture
What Northstar does today
Stores evidence and review history together
Northstar keeps document uploads, evidence states, alert review decisions, and case notes in one persistent workspace.
Supports official-source review
The signal feed is designed around official notices and source links rather than speculative social reporting.
Deployment-ready with standard tooling
Northstar can run behind Caddy or Docker on a small VM, with a persistent data volume and HTTPS at the edge.
Ready for stronger secret handling later
The current pilot supports direct configuration quickly, while the deployment docs already point toward environment or secret-manager-based handling for production.
Current trust posture
What Northstar does not need to operate
Not required for the core workflow
- Customer records
- Order history
- Payment data
- Broad write access in Shopify
Required for the core workflow
- Product and variant data
- Merchant-uploaded evidence files
- Official notice review decisions
- Internal case and action history